I’ve blogged a number of times about how although law enforcement may uncover breaches or data theft, the victims often do not get notified in a timely fashion – if at all. Here are just a few scenarios where no one may notify people whose data have been stolen: Law enforcement discovers a handwritten list…
Category: Commentaries and Analyses
Privacy Regulators and the Media Can Make a Bad Data Breach Worse
Larry Keating writes: …. the privacy commissioners hammer down hard on those high profile losses when thousands of records go missing. They want disclosure of the incident and protection for the individuals. The media piles on, always on the hunt for the details, to splay the true extent of the incident for their readers. But…
Pennsylvania on data breach – shoot first, ask questions later
Blaine Kimrey of Lathrop & Gage LLP has a commentary on a breach notification law that passed the PA Senate. As noted previously on this blog, the bill extends existing data breach notification responsibilities to state agencies, but also requires notification of those affected within seven days. Kimrey writes: After a series of embarrassing governmental…
Lessons from EDRM/FERC/Enron Data Privacy Breaches (updated)
Thanks to Joe Howie of BeyondRecognition.net for alerting me to what appears to be a very long-running, inadequately remedied breach that has exposed – and may be continuing to expose – the Social Security numbers and other personal information of thousands of people. I am posting this with some hesitation, as the data may still…
Why LivingSocial’s 50-million password breach is graver than you may think
Dan Goodin critiques LivingSocial’s statements about the security of their passwords, noting how using SHA1 hashed passwords is not a particularly strong method, even though salting the passwords helps. Read his coverage on Ars Technica.
When, oh when, will people stop leaving unencrypted laptops in their cars?
OptiNose US Inc. has been notifying some of its consultants that their names and Social Security numbers were on a laptop stolen from an employee’s car. The laptop was stolen on March 26 in a Philadelphia suburb, and OptiNose started sending out notification letters on April 16. The letter did not inform recipients that the…