George Hulme recently wrote about an anticipated WikiLeaks exposure of Bank of America files and used Bank of America’s attempts to prepare for the disclosures as an opportunity to discuss how to respond to a breach. George writes, in part: The idea isn’t to bury the news, or prepare executives how to lie, but to…
UK: Councils fined for unencrypted laptop theft
The Information Commissioner’s Office (ICO) today served Ealing Council and Hounslow Council with monetary penalties for serious breaches of the Data Protection Act after the loss of two unencrypted laptops containing sensitive personal information. Ealing Council provides an out of hours service on behalf of both councils, which is operated by nine staff who work…
Marriott Vacation Club Intl reports data loss involving paper records
On December 27, Marriott Ownership Resorts (d/b/a Marriott Vacation Club International) learned that _____ timeshare maintenance fee payment slips that had been processed by _____________ Bank were in a box that had been damaged in transit to Marriott’s corporate offices by major overnight shipping service, ________ and that some of the payment slips had been…
States Jump Into the Security Breach Breach
Wayne Josel and Cindy Lo write: As discussed in our recent webinar “Whose Data Is It Anyway: Privacy in the De-Centralized Digital World”, currently there is no comprehensive federal statutory scheme to govern the protection of privacy. While lawmakers and agencies at the federal level continue to grapple with developing useful legislation to address privacy…
Proposed Virginia law would expand breach notification to breaches involving medical information
Seen in an article on recently introduced state bills: Lawmakers in Virginia introduced legislation in January of this year to expand notification requirements following a breach of security with respect to medical information. While under current Virginia law, the requirement to provide notice only applies to organizations, corporations or agencies “supported wholly or principally by public…
Union: Iowa hospital worker denies records breach
The Associated Press reports: One of three University of Iowa Hospitals and Clinics workers being fired for allegedly breaching the medical records of injured football players is a 26-year employee who says she did nothing wrong, a union president said Monday. The woman has a spotless disciplinary record during her employment at UIHC and has…