The 2011 Identity Survey Report, released today by Javelin Strategy & Research (www.javelinstrategy.com), reports that in 2010 the number of identity fraud victims decreased by 28 percent to 8.1 million adults in the United States, three million fewer victims than the prior year. Total annual fraud decreased from $56 billion to $37 billion, the smallest amount…
How to Respond to a Data Breach – and Then Some
George Hulme recently wrote about an anticipated WikiLeaks exposure of Bank of America files and used Bank of America’s attempts to prepare for the disclosures as an opportunity to discuss how to respond to a breach. George writes, in part: The idea isn’t to bury the news, or prepare executives how to lie, but to…
UK: Councils fined for unencrypted laptop theft
The Information Commissioner’s Office (ICO) today served Ealing Council and Hounslow Council with monetary penalties for serious breaches of the Data Protection Act after the loss of two unencrypted laptops containing sensitive personal information. Ealing Council provides an out of hours service on behalf of both councils, which is operated by nine staff who work…
Marriott Vacation Club Intl reports data loss involving paper records
On December 27, Marriott Ownership Resorts (d/b/a Marriott Vacation Club International) learned that _____ timeshare maintenance fee payment slips that had been processed by _____________ Bank were in a box that had been damaged in transit to Marriott’s corporate offices by major overnight shipping service, ________ and that some of the payment slips had been…
States Jump Into the Security Breach Breach
Wayne Josel and Cindy Lo write: As discussed in our recent webinar “Whose Data Is It Anyway: Privacy in the De-Centralized Digital World”, currently there is no comprehensive federal statutory scheme to govern the protection of privacy. While lawmakers and agencies at the federal level continue to grapple with developing useful legislation to address privacy…
Proposed Virginia law would expand breach notification to breaches involving medical information
Seen in an article on recently introduced state bills: Lawmakers in Virginia introduced legislation in January of this year to expand notification requirements following a breach of security with respect to medical information. While under current Virginia law, the requirement to provide notice only applies to organizations, corporations or agencies “supported wholly or principally by public…