In one of two highly watched cases involving the FTC and data security, the Commission has denied LabMD’s motion to dismiss the FTC’s complaint. In their order denying LabMD’s motion, the Commission writes: Respondent LabMD, Inc. (“LabMD”) has moved to dismiss the Complaint in this adjudicatory proceeding, arguing that the Commission has no authority to address…
OR: DHS sends private info to wrong person
Chris Holmstrom reports: In December, a woman received a Cover Oregon application meant for another person. It contained personal information and medical history. But this week that same woman received highly confidential information meant for someone else from the Department of Human Services. Both packages were addressed to her PO Box in Dallas. “This woman’s…
Starbucks sat on its clear-text password problem for months
Evan Schuman reports: When Starbucks published the new version of its iOS mobile app yesterday to fix its passwords-in-clear-text problem, it demonstrated a seemingly awesome ability to correct a serious security issue in a single day. But was it truly awesome? Not if it knew about the security hole for months. Not if it knew about it before it published the prior iOS app…
UK: Will the ICO hold anyone responsible?
Jon Baines raises some interesting points in his discussion of a UK case where charges against police officers for violating the Data Protection Act were dropped in light of questions about whether they had ever been adequately trained to understand their responsibilities. Jon asks whether that situation should trigger an investigation by the Information Commissioner’s…
New Mexico man settles claims against city and county over invasive body cavity searches for drugs
There’s been a development in a lawsuit filed by David Eckert, the New Mexico man who was subjected to invasive and humiliating medical procedures based on a warrant in another county. I had discussed the case in a previous post that focused on the issue for health care professionals asked to comply with police requests that…
KC engineer ‘exposed unencrypted spreadsheet with phone numbers, user IDs, PASSWORDS’
Kelly Fiveash reports: Hull’s dominant telco, KC, is investigating revelations of what appears to be poor handling of the company’s customer data. This comes after a recent sign-up claimed one of its engineers had unwittingly exposed a customer spreadsheet containing the telephone numbers, user IDs and unencrypted passwords of all its subscribers. Read more on…