Ozzie Fonseca writes: Data breach notification letters serve multiple purposes. They ensure a breached company is compliant with data breach notification laws, they alert consumers to the breach and their involvement in it, they can warn customers of potential identity theft risks and educate them on how to cope with those risks. The one thing…
Category: Commentaries and Analyses
Canada: Employer’s Potential Liability In Class Action For Employee’s Breach of Privacy
Ryley Mennie of McCarthy Tétrault LLP writes: A recent decision of the Ontario Superior Court of Justice highlights the increasing focus on (and potential liability arising from) customers’ and clients’ privacy rights and the importance for employers to properly monitor the activities of their employees. Additionally, while the decision comes from Ontario, which, unlike British Columbia, has…
Just in Time Research: Data Breaches in Higher Education
Just in Time Research: Data Breaches in Higher Education This “Just in Time” research is in response to recent discussions on the EDUCAUSE Higher Education Information Security Council (HEISC) discussion list about data breaches in higher education. Using data from the Privacy Rights Clearinghouse, this research analyzes data breaches attributed to higher education. The results…
NYC parents of school children: wake up and speak up to protect your child’s information!
Several years ago, I wrote to the NYC Comptroller’s Office and asked them to re-audit the NYC Department of Education on information technology/data security. To my knowledge, they haven’t done so. If you are a parent of a student in the NYC schools, this should concern you because the previous audit and two re-audits showed…
NY: East Quogue Union Free School District – audit
I’ve occasionally posted audits of school districts in New York State conducted by the NYS Comptroller’s Office. Yesterday, Comptroller DiNapoli released some new audits yesterday. One of them involved an audit of information technology at the East Quogue Union Free School District in Suffolk County. The audit covered the period July 1, 2012 — August 31,…
LinkedIn vulnerability to MITM attacks puts your data at risk – Zimperium
Zimperium Mobile Defence says that their testing found that LinkedIn users are at risk of Man-in-the-Middle Attacks: What information is vulnerable? Using basic MITM, we found that an attacker can extract a LinkedIn user’s credentials, hijack their session to gain access to all other LinkedIn information and impersonate the user. The following information is exposed,…