Teri Robinson reports: The Department of Education is primed for a large data breach that could eclipse the one experienced by the Office of Personnel and Management (OPM), House Oversight Committee Chairman Jason Chaffetz (R-Utah) said last week at a Brookings Institute function. With its rich set of data, including 139 million Social Security numbers and information…
Category: Commentaries and Analyses
Databases with voter information and the “database of ruin”
DataBreaches.net recently reported on two inadequately secured MongoDB databases that exposed voters’ information. The public’s reaction to these two incidents illustrated how little the majority of the public knows about what’s in a voter registration list and how such records are viewed by states. But the incidents also raise important questions as to whether existing laws provide adequate protection…
UK’s Information Commissioner repeats call for stronger sentences for data thieves
In the wake of another ridiculously light penalty for data theft, U.K.’s Information Commissioner, Christopher Graham, has repeated his call for stronger penalties. The comments come as an employee of a car rental company was sentenced for stealing customer information that accident claims companies could use to make nuisance calls. Sindy Nagra, 42, from Hayes, sold almost 28,000…
LabMD and Wyndham Decisions Curtail FTC’s Data Privacy and Security Reach
Alan L. Friel and Gerald J. Ferguson of BakerHostetler provide their interpretation of recent rulings: Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute…
As if a 20-Year Consent Order Wasn’t Enough Fun: FTC Brings First Monetary Settlement in Information Security Case
Adam H. Greene of Davis Wright Tremaine LLP discusses the consent order Henry Schein Practice Solutions signed to settle an FTC complaint, and finds it noteworthy for a number of reasons. One of the reasons, he writes, is that it is the first consent order in a data security case to involve a monetary penalty. I don’t…
ICO takes enforcement action against Alzheimer’s Society (UPDATED)
From the ICO: The ICO has found serious failings in the way volunteers at a national dementia support charity handled sensitive personal data. It has orderedThe Alzheimer’s Society to take action after discovering that volunteers were using personal email addresses to receive and share information about people who use the charity, storing unencrypted data on…