Add this analysis and commentary by Chris Hoofnagle to your must-read list. Assessing the Assessments When companies settle FTC charges, they often agree to extended periods of oversight by the Agency. The FTC requires companies to be regularly assessed by an outside firm during the oversight period. In my forthcoming book, I argue that this assessment…
The disappointing truth about data privacy and security
Ben Rossi writes: Cloud providers boast compliance to the highest security standards, including state-of-the art physical protection of hosting facilities, electronic surveillance and ISO 27001 certifications, to name a few. While such efforts may sound impressive, in reality they offer absolutely no defence to enterprises seeking a security model that cannot be owned, and provide…
Ca: Police investigate infosecurity breach of University of Calgary’s PeopleSoft system
CTV News reports: The employee records of a number of University of Calgary staff members were fraudulently accessed, and banking records altered, during an ‘isolated breach’ that is being investigated by the Calgary Police Service. In a letter to University of Calgary staff, Linda Dalgetty, vice president of finance and services, says 29 employee records…
CA: Data breach involves Big Blue Bus customers
The Santa Monica Daily Press reports: The Big Blue Bus is alerting customers of a potential data breach related to the NextBus program. Officials were notified on Sept. 25 of a data security incident at NextBus, the company that BBB works with in order to make predictive real-time bus arrival information available to customers. BBB…
Nearly 50 Pak websites hacked in reply to hacking of Kerala govt website
Jisha Surya reports: On Sunday, state woke up to the news that the official website of Kerala government – www.kerala.gov.in – was hacked allegedly by Pakistani hackers. The website had an image of burning Indian flag and messages such as Pakistan Zindabad”, “We are Team Pak Cyber Attacker” and “Security is just an illusion”. But…
DEA obtains a federal search warrant for patient data on MicroMD
Justin Shafer pointed me to a case where the government, investigating a healthcare provider, served SaaS MicroMD with a federal search warrant for some patients’ data. You can read Justin’s write-up on his blog, but the case reminds us that patient data can be disclosed to law enforcement without patients’ awareness or consent, and that unencrypted patient…