David Navetta discusses a proposed law in Colorado, HB 11-1225: Regulation is achieved via the “carrot” or the “stick” (and sometimes both). This is true in the information security context as well. For example, to incentivize encryption of personal information, breach notice laws use a stick: those that fail to encrypt may have to provide…
AL: Pair busted with bag of credit cards
David Goodwin reports on the arrest of two low-tech ID thieves in Alabama: Rogers said he worked with Montgomery police to execute a search of Cudjoe’s home, where they found a potato chip bag containing 12 credit cards, none in their name, he said. He also found lists of the names, dates of birth and…
UK: Imperial College Dept. of Computing in IT Security Breach
The Department of Computing has found itself the subject of a “security breach”, and Imperial College’s ICT department is taking “precautionary” action to prevent malicious access to user accounts. An email to all students and staff within the department informed students that there had been “a root level compromise was discovered on the main shell…
EU’s Hustinx: Data Protection Law Sanctions Should Mirror Competition Law
Jetty Tielemans writes: At a recent presentation in Frankfurt, Peter Hustinx, head of the European Data Protection Supervisor Office in Brussels, launched an intriguing idea: sanctioning violations of data protection law in the same manner as violations of competition law. The trade press regularly reports on multi-million euro fines for cartels or abuses of dominant…
MO: Real Estate Records Found In Dumpster
Betsy Bruce reports: Private real estate records turned up in a condominium dumpster in Hazelwood Thursday. Three banker boxes full of files from the Prudential Patterson Realtors firm were tossed into a trash bin. A resident who retrieved some of the files passed them along to FOX Two News. Personal addresses, phone numbers and a…
Mass. General to pay $1M to settle privacy claims
Massachusetts General Hospital and its physicians organization have agreed to pay the federal government $1,000,000 to settle claims related to a worker leaving personal health documents on the subway. The hospital also agreed to develop a comprehensive new privacy policy to prevent patient information from being compromised in the future, and to provide training to…