“When,” not “if” -- plan appropriately!

http://www.pogowasright.org/article.php?story=20080624114400847

CA: Security breach compromises 5,000 social security numbers at Consumer Affairs

Tuesday, June 24 2008 @ 11:44 AM EDT Contributed by: PrivacyNews

The state Department of Consumer Affairs (DCA) has sent letters to 5,000 employees, contractors and board members warning them of a security breach that has compromised their names and social security numbers.

The breach occurred on June 5 or 6 when a Microsoft Word document was improperly transmitted electronically outside of the department, said DCA spokesman Russ Heimerich. The document also contained the salaries and titles of everyone on the list, but Heimerich noted that this was public information.

Source - Capitol Weekly

[From the article:

The DCA is the main state agency charged with protecting consumers in California.

... Heimerich said the incident is still being investigated, and that he could not disclose who had received the document. He said that so far there is no evidence that any information has been used. It was not even clear the recipient had opened the document.

"We know that it left the building and that it wound up somewhere it shouldn't have wound up," Heimerich. "We're looking into how that happened."

Third party again. Apparently, no one is thinking about how they should be controlled.

http://www.pogowasright.org/article.php?story=20080625080313870

Protected health information at risk; Ebara Technologies notifies participants of computer theft

Wednesday, June 25 2008 @ 08:03 AM EDT Contributed by: PrivacyNews

Ebara Technologies, Inc. Employee Medical Benefit Plan has recently notified the New Hampshire Attorney General’s Office that a break-in at one of their vendors resulted in the theft of computers that may have contained protected health information of former and current plan participants.

From the description of the incident, it appears that the unnamed vendor was Colt Express Outsourcing Services, Inc., who made notification to CNet.

Source - PHIprivacy.net

[From the PHI post:

Somewhat puzzling, the notification letter says:

At this time, we do not know whether the protected health information of any Plan participants or dependents was actually taken.

Which raises the question, why don’t they know whether the data were on the stolen computers or not? And if the data were on the stolen computers, were they encrypted at the time of theft or not? And were they supposed to be encrypted at rest?

Is Ebara saying that they have not been told by Colt whether their files were on the stolen hardware? Given the details in Colt’s notification to CNet, this is somewhat surprising and bears further scrutiny.

Another resource? Doesn't look like “sucha mucha” to me, but I'll keep an eye on it for a time.

http://www.pogowasright.org/article.php?story=20080624113008817

ANNOUNCE: Resource on breaches

Tuesday, June 24 2008 @ 11:30 AM EDT Contributed by: PrivacyNews

If you haven't yet discovered his blog, Evan Francen's The Breach Blog provides detailed commentary on breaches.

As a convenience to PogoWasRight.org's readers, we've now added a feed from Evan's blog to our Breaches news section so that you can just click on links to his blog to read his commentary on particular breaches of interest to you. I f you get PogoWasRight.org news by our feed, then you just may want to add Evan's feed to your newsreader.

“We can, therefore we must!” As the article suggests, this is probably done because they can not rely on their employees to properly assess the ID offered. There should be a fancy term for this, perhaps “Invading your privacy for our convenience?” Or maybe just “Overkill”

http://www.pogowasright.org/article.php?story=20080625064541458

Target’s (The Retailer) Swipe At Privacy

Wednesday, June 25 2008 @ 06:45 AM EDT Contributed by: PrivacyNews

George Hulme describes an experience he had at Target's when a cashier asked to see his driver's license and then swiped it through the machine. Target's explanation did not reassure him, as you'll read.

Source - InformationWeek

Denver is using the same technology... The interesting thing is, we (the US) have no Privacy Commissioner to mis-represent.

http://www.pogowasright.org/article.php?story=20080625062806797

Ca: Privacy watchdog didn't endorse 'virtual strip search'

Wednesday, June 25 2008 @ 06:28 AM EDT Contributed by: PrivacyNews

Canada's privacy watchdog says it did not approve or endorse a controversial test project underway this week in a B.C. airport - despite a government news release that states the pilot project "meets all the conditions" of the Privacy Commissioner's Office.

Source - dose.ca

Be careful fellow bloggers, let's not get cocky...

http://news.slashdot.org/article.pl?sid=08/06/24/1232258&from=rss

Lawyer Who Subpoenaed Blogger Seidel Sanctioned

Posted by timothy on Tuesday June 24, @09:20AM from the nyuck-nyuck-nyuck-schmuck dept. The Courts

Zathras26 writes

"Slashdot has previously reported on a lawyer subpoenaing Kathleen Seidel for blogging about him in an unflattering light. Seidel successfully moved to quash the subpoena. In granting the motion to quash, the judge ordered the lawyer, Clifford Shoemaker, to show cause as to why he should not be sanctioned for his behavior. Whatever his response was, if any, it apparently wasn't good enough, because Shoemaker has been formally sanctioned for his actions."

How To: You don't need to spend billions... Lots of follow-on links...

http://tech.slashdot.org/article.pl?sid=08/06/24/1552225&from=rss

Huge Traffic On Wikipedia's Non-Profit Budget

Posted by timothy on Tuesday June 24, @01:11PM from the optimizing-smartitude dept. Networking Data Storage The Internet IT

miller60 writes

"'As a non-profit running one of the world's busiest web destinations, Wikipedia provides an unusual case study of a high-performance site. In an era when Google and Microsoft can spend $500 million on one of their global data center projects, Wikipedia's infrastructure runs on fewer than 300 servers housed in a single data center in Tampa, Fla.' Domas Mituzas of MySQL/Sun gave a presentation Monday at the Velocity conference that provided an inside look at the technology behind Wikipedia, which he calls an 'operations underdog.'"

Not everyone benefits. (Would CSI notice that floral arrangement with the RFID tag intact at your rich uncle's bedside?)

http://science.slashdot.org/article.pl?sid=08/06/24/2152212&from=rss

RFID Tags Can Interfere With Medical Devices

Posted by kdawson on Tuesday June 24, @06:17PM from the mind-how-you-radiate dept. Medicine Technology

An anonymous reader writes

"A new study suggests RFID systems can cause 'potentially hazardous incidents in medical devices.' (Here is the JAMA study's abstract.) Among other things, electrical interference changed breathing machines' ventilation rates and caused syringe pumps to stop. Some hospitals have already begun using RFID tags to track a wide variety of medical devices, but the new finding suggests the systems may have unintended consequences." [or intended consequences. Bob]

Interesting resource for the “pace and tone” not available on the printed page. (Allows you to hear how carefully the phrase “half-vast” is enunciated.)

http://www.bespacific.com/mt/archives/018652.html

June 24, 2008

US Courts: Digital Audio Recordings Online - Update

The Third Branch: "In a pilot project that began last August, five federal courts are docketing some digital audio recordings to Case Management/Electronic Case Files (CM/ECF) systems to make the audio files available in the same way written files have long been available on the Internet. The three other courts are the Eastern District of Pennsylvania, the U.S. Bankruptcy Court in Maine, and the U.S. Bankruptcy Court for the Northern District of Alabama.

In each court, the extent of accessibility is determined by individual judges, and not every judge in the five pilot courts is participating. “This is a judge-driven experiment,” said Mary Stickney of the Administrative Office’s Electronic Public Access Program Office. “Because providing digital audio recordings online is done as a convenience for lawyers and the public, each judge has total discretion to decide which proceedings get posted.”

The audio files are accessible through the Public Access to Court Electronic Records (PACER) system. Some 840,000 subscribers use PACER to access docket and case information from federal appellate, district, and bankruptcy courts."

Interesting, but not likely in the near future...

http://news.cnet.com/8301-10784_3-9976510-7.html?part=rss&subj=news&tag=2547-1_3-0-5

June 24, 2008 3:18 PM PDT

Could iPhone smoke the Kindle?

Posted by Greg Sandoval 38 comments

I wanted a Kindle. I was ready to buy a Kindle. The iPhone spoiled everything.

Interesting business model

http://news.cnet.com/8301-11128_3-9975926-54.html

June 24, 2008 7:14 AM PDT

Solar financier SunRun pulls in money

Posted by Martin LaMonica 4 comments

SunRun, a company that offers solar-electricity financing, announced Tuesday that it has raised $12 million from Foundation Capital.

... Rather than buy the panels, SunRun customers buy the electricity the panels generate. This model, called a power purchase agreement (PPA), is commonly used in large corporate renewable energy installations.

Interesting business service. Might translate to other services as well.

http://www.eweek.com/c/a/Retail/Simple-Shipping-for-Small-Retailers/

Simple Shipping for Small Retailers

By Dan Berthiaume 2008-06-24

On-demand shipping technology provider RedRoller is rolling out its One-Stop Shipping tool, a SAAS (software-as-a-service) solution designed to ease the shipping process for small businesses.

... “You can compare services and rates for various carriers on one screen,” he said. “It’s not an auction integrator or accounting system. It’s designed to make the process of shipping easy.

... “We deliver services to a small business via Web interface, which cuts down on update headaches,” Ordway said. “You can print labels, view order history, and perform other activities via browser. It’s like what Quickbooks does online. As an on-demand application, you don’t have to download any software and it won’t affect your operating system or application software. You can also be a mobile business.”