Jake Tapper reports that some organizations still haven’t patched Oracle, leaving sensitive information at risk of hacking: This month, [researchers] found that a weakness in Oracle’s software – that the company discovered in 2012 and provided a patch for – still remains a huge vulnerability to any customer that missed or ignored that news. Seely…
Category: Commentaries and Analyses
Education And Information Sharing: Underutilized Tools In FTC’s Data Security Work
Glenn G. Lammi of the Washington Legal Foundation writes: The Federal Trade Commission (FTC) has brought 52 enforcement actions involving data breaches. Fifty of those businesses, whose computer systems were illegally accessed by hackers, settled rather than fight FTC’s accusations that they acted “deceptively” or “unfairly” under § 5 of the FTC Act. And yet,…
It’s Time for a Data Breach Warning Label
Adam Levin thinks it’s time for a warning label: Data security, identity-related consumer issues and privacy are all areas screaming for big-picture solutions. This is a situation in search of a paradigm shift—one that produces tools which enable consumers to make informed choices. There is a precedent that could serve as a template. Passed in…
(Another) WINZ privacy blunder
John Cousins and Fritha Tagg report: Confidential documents detailing the mental health conditions of beneficiaries were given to a woman in a major privacy blunder. Waihi resident Tracy Hall says the documents, which contain the names, phone numbers and mental health details of dozens of Work and Income clients, were given to her in error….
The Federal Trade Commission’s Role in Online Security: Data Protector or Dictator?
Alden Abbott writes: Abstract Over the past decade, the Federal Trade Commission, the federal government’s primary consumer protection agency, has pursued over 50 enforcement actions against companies that it deemed had “inadequate” data security practices. However, data security costs due to FTC actions will be passed on at least in part to consumers and should…
INFORMATION SECURITY: Agencies Need to Improve Oversight of Contractor Controls
From a newly released GAO report: Although the six federal agencies that GAO reviewed (the Departments of Energy (DOE), Homeland Security (DHS), State, and Transportation (DOT), the Environmental Protection Agency (EPA) and the Office of Personnel Management (OPM)) generally established security and privacy requirements and planned for assessments to determine the effectiveness of contractor implementation…