Adam Levin thinks it’s time for a warning label: Data security, identity-related consumer issues and privacy are all areas screaming for big-picture solutions. This is a situation in search of a paradigm shift—one that produces tools which enable consumers to make informed choices. There is a precedent that could serve as a template. Passed in…
Category: Commentaries and Analyses
(Another) WINZ privacy blunder
John Cousins and Fritha Tagg report: Confidential documents detailing the mental health conditions of beneficiaries were given to a woman in a major privacy blunder. Waihi resident Tracy Hall says the documents, which contain the names, phone numbers and mental health details of dozens of Work and Income clients, were given to her in error….
The Federal Trade Commission’s Role in Online Security: Data Protector or Dictator?
Alden Abbott writes: Abstract Over the past decade, the Federal Trade Commission, the federal government’s primary consumer protection agency, has pursued over 50 enforcement actions against companies that it deemed had “inadequate” data security practices. However, data security costs due to FTC actions will be passed on at least in part to consumers and should…
INFORMATION SECURITY: Agencies Need to Improve Oversight of Contractor Controls
From a newly released GAO report: Although the six federal agencies that GAO reviewed (the Departments of Energy (DOE), Homeland Security (DHS), State, and Transportation (DOT), the Environmental Protection Agency (EPA) and the Office of Personnel Management (OPM)) generally established security and privacy requirements and planned for assessments to determine the effectiveness of contractor implementation…
PERSONNEL SECURITY CLEARANCES: Additional Guidance and Oversight Needed at DHS and DOD to Ensure Consistent Application of Revocation Process
From a newly released GAO report: The Department of Homeland Security (DHS) and the Department of Defense (DOD) both have systems that track varying levels of detail related to revocations of employees’ security clearances. DHS’s and DOD’s data systems could provide data on the number of and reasons for revocations, but they could not provide…
Earthquake data privacy breach ‘avoidable’
Charles Anderson reports: A review of the Earthquake Commission’s handling of the privacy breach that revealed the details of all Canterbury claimants found the error could have been avoided. The breach might not have happened if EQC had learned lessons from a similar breach at another government agency, the review said. In early 2013, 83,000…