Yesterday, following the Congressional hearing where Sony and Epsilon testified, we had a bit of a lively – if truncated – debate on Twitter about breach notification. Not surprisingly, George V. Hulme raised the issue of breach notice fatigue and how notifications should be confined to situations where there is some real risk. Also not…
Category: Commentaries and Analyses
Global Financial Aid Services reports a completely avoidable security breach
For those who remember the Peter, Paul, and Mary song, feel free to sing along with me: “When will they ever learn? Oh when will they ever learn?” Global Financial Aid Services of Gulfport, Mississippi recently notified the New Hampshire Attorney General’s Office that a laptop containing unencrypted student names, addresses, and Social Security Numbers…
Comments of the World Privacy Forum regarding the proposed consent order in The Matter of Ceridian Corporation
The World Privacy Forum offers comments on the proposed consent order, In the Matter of Ceridian Corporation, FTC File No. 102 3160. The World Privacy Forum is a non-profit, nonpartisan public interest research group that focuses on consumer education as well as analysis and research of privacy issues, including issues relating to health care privacy,…
Cashing in on privacy breaches
Terry Baynes reports: The hacking of a Sony Corp customer database this spring has attracted class-action lawyers and consumers eager to cash in on the high-profile privacy breach. At least 40 lawsuits have been filed–including at least two this week–on behalf of millions of Sony PlayStation users in federal courts, according to Westlaw data. […]…
UK: Police officers disciplined over private snooping [repost]
[repost] More than 50 police officers in the West Midlands have been disciplined for using police computer systems to check up on people for personal reasons. Some officers have been sacked, fined, or handed written warnings, and others have been reduced in rank after being caught obtaining information for private use between 2005 and 2010,…
German DPAs Publish Comprehensive FAQs on Statutory Data Breach Notification Requirement [repost]
[repost] The German Data Protection Authorities of Berlin and North Rhine-Westphalia have issued a paper containing Frequently Asked Questions about the German statutory data breach notification requirement that went into effect on September 1, 2009. The paper provides detailed information on key questions concerning the procedure for notification as required by Section 42a of the…