Even though they acknowledge that the law allows 60 days to notify residents of a breach, the Las Cruces Sun-News took New Mexico State University to task for not notifying students sooner of a breach involving their personal information. Read their editorial here.
Category: Commentaries and Analyses
70% of finance apps vulnerable to input validation attacks
Help Net Security reports: A growing number of data breaches and security incidents can be directly linked to poor code quality, according to CAST. The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input…
MD: Ride On officials investigate potential passenger privacy breach
Kevin Wilson reports on some great advocacy efforts by a parent: Is Montgomery County safely storing your child’s confidential information? A local mother says, “No.” Bethesda resident Kathy Gambrell became troubled while signing up her 12-year-old son, Dakota, for a discounted bus card. The pass, called the Youth Cruiser SmarTripcard, provides unlimited Ride On bus service to…
AU data breach notification guide: A guide to handling personal information security breaches
The Office of the Australian Information Commissioner has released Data breach notification guide: A guide to handling personal information security breaches. Some excerpts: Preventing data breaches — obligations under the Privacy Act Security is a basic element of information privacy.4 In Australia, this principle is reflected in the Privacy Act in the APPs Agencies and…
NZ: Have your say on their new ‘Naming Policy’
From the Office of the Privacy Commissioner of New Zealand: We think it is time to ‘name names’ where it is warranted. Our view is that in certain circumstances, the Privacy Act is better served by revealing the organisations that have breached the law. Up to now, we’ve rarely publicly named organisations. It was done…
UK: Repeated security failings lead to £180,000 fine for Ministry of Justice
Long-time readers of DataBreaches.net will recall that I’ve posted breaches involving the UK Ministry of Justice before (cf this post or this post about a monetary penalty involving an email breach at HMP Cardiff). Now there’s another monetary penalty, it seems: The Information Commissioner’s Office (ICO) has served a £180,000 penalty on the Ministry of Justice over…