Today marks a milestone for the Federal Trade Commission – the announcement of the Commission’s 50th data security settlement. What started in 2002 with a single case applying established FTC Act precedent to the area of data security has grown into a vital enforcement program that has helped to increase protections for consumers and has encouraged companies to make…
Category: Commentaries and Analyses
Provider of Medical Transcript Services Settles FTC Charges That It Failed to Adequately Protect Consumers’ Personal Information
Press release from the FTC, followed by my comments: A company that provides medical transcription services has agreed to settle Federal Trade Commission charges that its inadequate data security measures unfairly exposed the personal information of thousands of consumers on the open Internet, in some instances including consumers’ medical histories and examination notes. In its complaint…
NYS audit of Village of Westbury reveals IT security deficiencies
The NYS Controller’s Office has released another audit that looks at information technology security – this time it’s the Village of Westbury on Long Island. The audit covered the period June 1, 2011 — November 30, 2012. Here are some snippets from their report: We examined controls over the Village’s computerized financial operations and found that Village…
Analyst sees Target data breach costs topping $1 billion
Tom Webb reports: Two months into the Target security breach, fraud is turning up on 10 percent to 15 percent of the stolen card accounts, a security specialist says. Based on that brisk level of criminal activity, one Wall Street analyst estimates that perhaps 5 million of the 40 million stolen credit and debit cards…
California Attorney General Files Lawsuit Based on Late Breach Notification
Yesterday, I noted that California’s Attorney General was suing Kaiser over a breach that was discovered in 2011 but not disclosed to those affected until months later. David Navetta of InformationLawGroup has some interesting commentary and analysis of the lawsuit, focusing on the provisions of California law that provide: The disclosure shall be made in…
Five steps to take if you’ve become a victim of ID theft
Over on CreditSesame.com, Kimberly Rotter wrote a tips article, “5 Steps to Take Immediately If You’ve Been a Victim of Identity Theft.” The article was also reproduced on Lifehacker. To briefly summarize the article, it lists some examples of identity theft and then recommends the following five actions (with additional info on each of the following):…