From the Office of the Privacy Commissioner of New Zealand: We think it is time to ‘name names’ where it is warranted. Our view is that in certain circumstances, the Privacy Act is better served by revealing the organisations that have breached the law. Up to now, we’ve rarely publicly named organisations. It was done…
Month: August 2014
UK: Repeated security failings lead to £180,000 fine for Ministry of Justice
Long-time readers of DataBreaches.net will recall that I’ve posted breaches involving the UK Ministry of Justice before (cf this post or this post about a monetary penalty involving an email breach at HMP Cardiff). Now there’s another monetary penalty, it seems: The Information Commissioner’s Office (ICO) has served a £180,000 penalty on the Ministry of Justice over…
UK: Local authorities audit report: “areas of good practice, but clear room for improvement by all”
A report published by the Information Commissioner’s Office (ICO) today has highlighted ‘clear room for improvement’ in how local authorities comply with the Data Protection Act. The ICO audited 16 local authorities last year. The audits include an overall ‘assurance rating’, but none received high assurance that they were complying with data protection law. Six…
BioReference Laboratories notified over 3,000 patients after misconfigured server allowed their info to be indexed by search engines
Recently added to HHS’s public breach tool was a misconfigured server incident that affected 3,334 patients. The entity’s statement was posted on their web site: We at BioReference Laboratories, Inc., and our subsidiary CareEvolve, Inc., take very seriously our responsibility to protect the privacy and security of our patients’ personal information, as required by the…
Data breach response bill headed to California governor’s desk
AP reports that the California state assembly has passed AB1710, and it now goes to the governor’s desk. But will he sign it? AB1710 requires businesses to provide free credit monitoring services for one year after Social Security and drivers’ license numbers are exposed. It also prohibits the sale of Social Security numbers except when…
Oops. Data leak not fixed as Topeka school leaders thought
Last week, I posted a privacy breach involving student data in Topeka Unified School District 501 over on PogoWasRight. It seems I missed an update, but happily, @VERISDB caught it and tweeted a link. Celia Llopis-Jepsen reports: Confidential student data continued to be available this week to unauthorized people at Topeka Unified School District 501,…