The 2013 breach at Maricopa County Community College District (MCCCD) in Arizona affected approximately 2.5 million faculty, staff, vendors, and students, making it the largest breach involving student information ever reported by a U.S. institution of higher education. A complaint by this privacy advocate alleges violations of the Safeguards Rule. Having researched and reported on breaches for about…
Category: Commentaries and Analyses
AU: Review blames Immigration for data breach exposing 10,000 detainees
Paul Farrell and Oliver Laughland report: A major data breach that exposed the personal details of almost 10,000 people in detention was caused by Immigration Department failures to check and approve documents for web publication, an independent review has found. The report by management consultants KPMG, which was published on Thursday, reveals that the document containing…
How the FTC Can Readily Halt Identity Theft
Dan Solove argues that if the FTC would just conclude that the use of Social Security numbers as a password or authenticator is unreasonable data security, a lot of identity theft could be prevented. I think he’s right, but there has always been and would be tremendous pushback against the proposal. I’m not confident that Congress would…
So how’s 2014 going, you ask? Not well, not well…..
Risk Based Security and Open Security Foundation have released a report for Q1 of 2014. The first bullet gives a good indication of what kind of year 2014 is turning out to be: There were 669 incidents reported during the first three months of 2014 exposing 176 million records. Of especial interest to me were…
File Sharing by Lawyers Largely Insecure, Survey Suggests
Robert Ambrogi writes: If I were to leave a document on a table entitled, “My Deepest, Darkest Secrets,” under which I wrote, “Please do not read this unless you are someone I intended to read this,” how securely would you think I’d protected myself? That, effectively, is all the majority of lawyers do to protect…
INFORMATION SECURITY: Agencies Need to Improve Cyber Incident Response Practices – GAO
From the highlights of a newly released GAO report: Twenty-four major federal agencies did not consistently demonstrate that they are effectively responding to cyber incidents (a security breach of a computerized system and information). Based on a statistical sample of cyber incidents reported in fiscal year 2012, GAO projects that these agencies did not completely…