Commentaries and Analyses – Page 761

Who – if anyone – is responsible for notifying victims of some breaches?

Posted on May 18, 2013 by Dissent

I’ve blogged a number of times about how although law enforcement may uncover breaches or data theft, the victims often do not get notified in a timely fashion – if at all. Here are just a few scenarios where no one may notify people whose data have been stolen: Law enforcement discovers a handwritten list…

Privacy Regulators and the Media Can Make a Bad Data Breach Worse

Posted on May 17, 2013 by Dissent

Larry Keating writes: …. the privacy commissioners hammer down hard on those high profile losses when thousands of records go missing. They want disclosure of the incident and protection for the individuals. The media piles on, always on the hunt for the details, to splay the true extent of the incident for their readers. But…

Pennsylvania on data breach – shoot first, ask questions later

Posted on May 10, 2013 by Dissent

Blaine Kimrey of Lathrop & Gage LLP has a commentary on a breach notification law that passed the PA Senate. As noted previously on this blog, the bill extends existing data breach notification responsibilities to state agencies, but also requires notification of those affected within seven days. Kimrey writes: After a series of embarrassing governmental…

Lessons from EDRM/FERC/Enron Data Privacy Breaches (updated)

Posted on May 3, 2013 by Dissent

Thanks to Joe Howie of BeyondRecognition.net for alerting me to what appears to be a very long-running, inadequately remedied breach that has exposed – and may be continuing to expose – the Social Security numbers and other personal information of thousands of people. I am posting this with some hesitation, as the data may still…

Why LivingSocial’s 50-million password breach is graver than you may think

Posted on April 29, 2013 by Dissent

Dan Goodin critiques LivingSocial’s statements about the security of their passwords, noting how using SHA1 hashed passwords is not a particularly strong method, even though salting the passwords helps. Read his coverage on Ars Technica.

When, oh when, will people stop leaving unencrypted laptops in their cars?

Posted on April 25, 2013 by Dissent

OptiNose US Inc. has been notifying some of its consultants that their names and Social Security numbers were on a laptop stolen from an employee’s car. The laptop was stolen on March 26 in a Philadelphia suburb, and OptiNose started sending out notification letters on April 16. The letter did not inform recipients that the…