Header image

How the FTC Can Readily Halt Identity Theft

Posted on by Dissent

Dan Solove argues that if the FTC would just conclude that the use of Social Security numbers as a password or authenticator is unreasonable data security, a lot of identity theft could be prevented. I think he’s right,  but there has always been and would be tremendous pushback against the proposal.  I’m not confident that Congress would…

Read more

bcc failure: St. Francis notifies patients whose e-mail addresses were exposed in an e-mail

Posted on by Dissent

WTOC reports that St. Francis Hospital sent out the following news release on Monday, June 9: Protecting the personal information of our patients is one of our most important responsibilities. Regrettably, this notice is regarding an unintentional incident involving a limited number of patient email addresses. On Friday, May 30, 2014, St. Francis became aware that an…

Read more

UK: Worcestershire Health and Care NHS Trust signs undertaking

Posted on by Dissent

From the Information Commissioner’s Office: An undertaking to comply with the seventh data protection principle has been signed by Worcestershire Health and Care NHS Trust. This follows an investigation whereby the local press were handed a patient handover sheet containing details of 18 patients. The sensitive personal data was found on a table in a…

Read more

So how’s 2014 going, you ask? Not well, not well…..

Posted on by Dissent

Risk Based Security and Open Security Foundation have released a report for Q1 of 2014. The first bullet gives a good indication of what kind of year 2014 is turning out to be: There were 669 incidents reported during the first three months of 2014 exposing 176 million records. Of especial interest to me were…

Read more