Commentaries and Analyses – Page 726

Just in Time Research: Data Breaches in Higher Education

Posted on June 24, 2014 by Dissent

Just in Time Research: Data Breaches in Higher Education This “Just in Time” research is in response to recent discussions on the EDUCAUSE Higher Education Information Security Council (HEISC) discussion list about data breaches in higher education. Using data from the Privacy Rights Clearinghouse, this research analyzes data breaches attributed to higher education. The results…

NYC parents of school children: wake up and speak up to protect your child’s information!

Posted on June 21, 2014 by Dissent

Several years ago, I wrote to the NYC Comptroller’s Office and asked them to re-audit the NYC Department of Education on information technology/data security. To my knowledge, they haven’t done so. If you are a parent of a student in the NYC schools, this should concern you because the previous audit and two re-audits showed…

NY: East Quogue Union Free School District – audit

Posted on June 21, 2014 by Dissent

I’ve occasionally posted audits of school districts in New York State conducted by the NYS Comptroller’s Office. Yesterday, Comptroller DiNapoli released some new audits yesterday. One of them involved an audit of information technology at the East Quogue Union Free School District in Suffolk County. The audit covered the period July 1, 2012 — August 31,…

LinkedIn vulnerability to MITM attacks puts your data at risk – Zimperium

Posted on June 19, 2014 by Dissent

Zimperium Mobile Defence says that their testing found that LinkedIn users are at risk of Man-in-the-Middle Attacks: What information is vulnerable? Using basic MITM, we found that an attacker can extract a LinkedIn user’s credentials, hijack their session to gain access to all other LinkedIn information and impersonate the user. The following information is exposed,…

Canada: Stolen Customer Data Results In Ontario’s First Certified Privacy Class Action

Posted on June 18, 2014 by Dissent

Michael J. Paris of Bennett Jones LLP writes: Businesses that collect personal information have an added incentive to monitor employees handling customer data – Ontario’s first class action arising from the new tort of “intrusion upon seclusion” was certified last week.1 In Evans v Bank of Nova Scotia, the plaintiffs sought to certify a class action…

Another post-Clapper Data Privacy Breach Case dismissed for lack of standing

Posted on June 18, 2014 by Dissent

David M. Brown of Montgomery McCracken Walker & Rhoads LLP writes: The U.S. Supreme Court’s decision in Clapper v. Amnesty International USA, 133 S. Ct. 1138 (2013), continues to be relied on by federal courts to hold that “mere loss of data” or “increased risk of identity theft” in a data breach case does not constitute…