Laura Hautala reports: The US doesn’t have a single data privacy law that applies to all fifty states. On Wednesday, a group of 15 US senators indicated it wanted to change the status quo, introducing the Data Care Act. The bill (PDF) would require companies that collect personal data from users to take reasonable steps to safeguard the information….
Taxpayer ID Numbers for 120 Million Brazilians Exposed Online
Lawrence Abrams reports: A misconfigured server exposed the taxpayer identification numbers, or Cadastro de Pessoas Físicas (CPFs), for 120 million Brazilian nationals for an unknown period of time. Before a Brazilian national can perform many tasks such as opening a bank account, creating a business, paying taxes, or getting a loan, they must first apply for a Cadastro de Pessoas…
ME: School department officials notify current and former staff of hack
WABI reports on a hack impacting employee, but not student, data: Last week, former and current employees of AOS 77 in Washington County were made aware of a data breach in the school department’s central office. The superintendent tells us he sent a letter to about 2,000 people making them aware some of their personal…
Ships infected with ransomware, USB malware, worms
Catalin Cimpanu reports: Ships suffer from the same types of cyber-security issues as other IT systems, a recent document released by the international shipping industry reveals. The document is the third edition of the “Guidelines on Cyber Security onboard Ships,” an industry-approved guide put together by a conglomerate of 21 international shipping associations and industry…
No Data Breach, No Case
Michael Mayer of Faruki writes: An Ohio federal district court recently handed down a ruling that will make companies storing client data breathe a sigh of relief. In Williams-Diggins v. Mercy Health, Case No. 3:16-cv-1938 (N.D. Ohio), a patient sued a health system because of deficient patient information software. (The defendant-health system certified that it subsequently…
‘It cannot expect a private business to continue to clean up its errors’: Privacy czar blasts health authority for faxing patient records to computer store — again
Ragas Clan reports: Darryl Arnold would have unplugged his fax machine months ago if he didn’t need it for work. That’s because the Saskatchewan Health Authority keeps faxing him confidential patient information, most recently a five-page catheterization report that included a patient’s personal information, medical history and treatment recommendations. According to the provincial privacy czar,…