Dean Beeby reports: Canada Revenue Agency workers continue to poke into the confidential tax files of friends and foes, despite assurances to Canada’s privacy commissioner that the chronic problem of unauthorized access is being fixed. The 34 significant privacy breaches reported by the CRA to the commissioner in 2014 show all but two were deliberately…
Category: Commentaries and Analyses
AU: Leaked documents: 31 ‘identified’ privacy breaches not too bad, says Department of Veterans Affairs
Ian McPhedran reports: The Department of Veterans Affairs (DVA) has played down the extent of privacy breaches under departmental document leaks. However the scandal has deepened with more than a dozen veterans and advocates coming forward with examples of serious breaches since News Corp Australia last week revealed that personal documents including medical reports and compensation…
Senator Sheldon Whitehouse Wants to Make the Computer Fraud and Abuse Act Even Easier to Abuse
If you’re a security researcher, you’ll definitely want to read this. Nadia Kayyali writes: This summer, Senator Sheldon Whitehouse introduced an amendment to the flawed Cyber Information Sharing Act (CISA) that would make it even worse, by expanding the broken Computer Fraud and Abuse Act (CFAA). EFF has proposed common sense changes to this federal anti-hacking law, many of which were included in “Aaron’s…
Does the FTC really assess compliance with consent orders? If so, how well?
Add this analysis and commentary by Chris Hoofnagle to your must-read list. Assessing the Assessments When companies settle FTC charges, they often agree to extended periods of oversight by the Agency. The FTC requires companies to be regularly assessed by an outside firm during the oversight period. In my forthcoming book, I argue that this assessment…
The disappointing truth about data privacy and security
Ben Rossi writes: Cloud providers boast compliance to the highest security standards, including state-of-the art physical protection of hosting facilities, electronic surveillance and ISO 27001 certifications, to name a few. While such efforts may sound impressive, in reality they offer absolutely no defence to enterprises seeking a security model that cannot be owned, and provide…
DEA obtains a federal search warrant for patient data on MicroMD
Justin Shafer pointed me to a case where the government, investigating a healthcare provider, served SaaS MicroMD with a federal search warrant for some patients’ data. You can read Justin’s write-up on his blog, but the case reminds us that patient data can be disclosed to law enforcement without patients’ awareness or consent, and that unencrypted patient…