Yesterday I updated a breach report on phiprivacy.net where a hospital employee had taken records home… and taken records home… and taken records home. According to hospital investigators, there was no indication that she used them criminally or intended to use them criminally, but the incident points out how many paper records may just “wander”…
Category: Commentaries and Analyses
Pointer/reference: Chronology of recent Sony incidents
Great thanks to attrition.org for compiling a detailed chronology of recent Sony security incidents together to help us all.
Editorial: Let me make my own decisions, thankyouverymuch
The recent spate of hacks against Sony networks as well as a Congressional hearing where representatives of Sony and Epsilon testified about their recent breaches have stimulated another round of discussions about whether we need a federal breach disclosure law that preempts state laws, and if so, what the threshold or trigger should be for…
How the Epsilon Breach Hurts Consumers
Yesterday, following the Congressional hearing where Sony and Epsilon testified, we had a bit of a lively – if truncated – debate on Twitter about breach notification. Not surprisingly, George V. Hulme raised the issue of breach notice fatigue and how notifications should be confined to situations where there is some real risk. Also not…
Global Financial Aid Services reports a completely avoidable security breach
For those who remember the Peter, Paul, and Mary song, feel free to sing along with me: “When will they ever learn? Oh when will they ever learn?” Global Financial Aid Services of Gulfport, Mississippi recently notified the New Hampshire Attorney General’s Office that a laptop containing unencrypted student names, addresses, and Social Security Numbers…
Comments of the World Privacy Forum regarding the proposed consent order in The Matter of Ceridian Corporation
The World Privacy Forum offers comments on the proposed consent order, In the Matter of Ceridian Corporation, FTC File No. 102 3160. The World Privacy Forum is a non-profit, nonpartisan public interest research group that focuses on consumer education as well as analysis and research of privacy issues, including issues relating to health care privacy,…