Cost of “improper disposal” (If you don't have an “agreement” with the state, can you keep ignoring the law?)
http://www.pogowasright.org/article.php?story=20080717031613301
Attorney General Abbott Reaches Agreements That Will Help Protect Texans From Identity Theft
Thursday, July 17 2008 @ 06:00 AM EDT Contributed by: PrivacyNews
Texas Attorney General Greg Abbott reached settlement agreements with Select Medical Corp. and RadioShack that will help protect Texans from identity theft.
... The state’s agreement with Select Physical Therapy Texas L.P. requires the health care provider to amend its existing information security procedures to ensure future compliance with identity theft prevention laws. Select Medical must implement a new training program that educates their Texas employees about newly established privacy procedures and reviews state laws governing the disposal of customer records.
Under the agreement, all Select Medical Texas employees must take the training annually for the next five years. The mandatory course will explain identity theft, its costs to individual customers and the importance of complying with the company’s newly implemented document disposal protocol. To further ensure that employees comply with the new protocol, each of Select Medical’s Texas locations must post signs detailing records storage and disposal requirements. They also must maintain certification records that show each employee’s compliance with the training requirements.
Select Medical agreed to pay the state of Texas $990,000, which includes $100,000 in attorneys’ fees. Under the Identity Theft Enforcement and Protection Act, the remaining sum will be appropriated for the investigation and prosecution of future identity theft cases.
The state opened its investigation into Select Medical after the Levelland Police Department reported that more than 4,000 documents containing customers’ sensitive information were found in garbage containers behind a Select Physical Therapy Texas Limited Partnership location in that city. The records discovered by authorities contained patients’ bank account numbers, sensitive medical evaluations, drug and alcohol testing verification results, plan of care forms, insurance verification sheets, and social and vocational therapy questionnaires.
Source - Press Release from the Attorney General of Texas
Related (The frequency of this type of violation makes it like shooting fish in a barrel. Any AG who wants to make news could find plenty of opportunity.)
http://www.pogowasright.org/article.php?story=20080716184951715
Texas AG finishes probe of Radio Shack's identity protection measures
Wednesday, July 16 2008 @ 06:49 PM EDT Contributed by: PrivacyNews
Electronics retailer RadioShack Corp. has agreed to pay Texas Attorney General Greg Abbott's office $630,000 to settle an investigation into the company's identity-theft protection practices.
.... RadioShack was investigated after the attorney general learned a retail location had dumped thousands of sensitive records into a trash can. The records contained confidential client data, Social Security numbers, debit and credit information and personal contact information.
Source - Dallas Business Journal
“Sleep well, citizens. Your data is protected by the wisdom and experience of the entire government!” Apparently this was another case of poor systems design – the “file number” is appended to the URL to retrieve and display the record. Change the file number, get someone else's record.
http://www.pogowasright.org/article.php?story=20080716123321138
UK: Online passport check suffers security breach
Wednesday, July 16 2008 @ 12:33 PM EDT Contributed by: PrivacyNews
The Identity and Passport Service (IPS) has admitted a data breach in its online passport application progress checking service.
The incident was formally reported to the Information Commissioner’s Office (ICO) but has not been made public until now.
“A parent was able to discover the existence of a child’s passport application by using the online application progress checking service, possibly without entitlement,” according to an annual report from the IPS.
Source - Computing
[From the article:
The report makes clear that the service is not required to disclose security incidents if disclosure created an “unacceptable risk of harm”.
The Home Office said such exemptions would apply if there was a danger to national security, if an investigation would be compromised, or if revealing a breach would conflict with data protection legislation by also revealing personal details.
Is some data obviously more sensitive than other data?
http://www.phiprivacy.net/?p=540
Jul-17-2008
TX: Covenant says three laptops stolen since May
Kristen Hackney-redman of the Avalanche-Journal reports:
A total of three laptop computers have been reported stolen from two or more different areas of Covenant hospitals since May, said Gwen Stafford, a Covenant vice president.
At least one of the laptops contained personal information, including patient names, dates of births and reasons for being seen, but no financial information, such as bank account numbers, insurance information or Social Security numbers, Stafford said. She could not confirm the contents of the second or third laptops.
The Avalanche-Journal has learned one of the computers may have contained information collected from rape victims. Stafford said she could not confirm that due to HIPAA privacy concerns. [Is that legalese for “Yes?” Bob]
Stafford said the first laptop was stolen from the neurodiagnostic center in May and contained information on about 700 patients. That information is encrypted [Good for them! Bob] and password-protected, she said.
She could not comment on any information contained on the second laptop but said any information on that computer also was highly secure. [but not encrypted, so probably a (useless) password. Bob]
Full story - Lubbock Online
[From the article:
Lubbock police Capt. Greg Stevens said there is no indication the computers were taken for the information they contain. He said it is more likely the computers were stolen so they could be sold for parts or used personally. [This is certainly true, but what exactly would be an “indication” that the thief was after the data, a ransom note? Bob]
"There is no indication of information being compromised at all," he said. [Same comment. Bob]
“Because we can, we must!” What business purpose is served? Perhaps a scan is faster than asking an innumerate clerk to calculate age based on date of birth? Could you say, “I don't want the wine under these conditions. Please give me back my data?”
http://www.pogowasright.org/article.php?story=20080717064356777
Target Must Record My Organ Donor Status to Sell Me Wine?
Thursday, July 17 2008 @ 06:43 AM EDT Contributed by: PrivacyNews
My wife and I were in a Target store this weekend, picking up some random items on our shopping list. We saw some good wine at a good price and decided to buy that as well. When we went to the check-out lane, the cashier said, “May I see your ID?”
All that seemed perfectly normal to us. But then the craziness ensued…
Source - Thruhike98 blog
Comment: note all of the other blogs listed that have also complained about Target's practice on this. -- Dissent.
Props, The Consumerist
Sorry. I thought this was obvious.
Data can leak from partially encrypted disks
Apps like Microsoft Word and Google Desktop, which store data on unencrypted sections of the hard drive, [Those “temporary” working files where documents are stored until you actually SAVE them. Bob] can spill out information, even with encrypted files
By Robert McMillan, IDG News Service July 16, 2008
... The researchers say that people who are using full-disk encryption, where every piece of data on their hard drive is encrypted, do not have to worry.
The case that wouldn't die...
http://yro.slashdot.org/article.pl?sid=08/07/17/0238234&from=rss
SCO Owes Novell $2.5 Million
Posted by samzenpus on Thursday July 17, @07:57AM from the please-die-already dept. The Courts Novell The Almighty Buck
CrkHead writes
"Groklaw has posted Judge Kimball's ruling on SCO v Novell. For those that have been following this saga, we finally get to watch the house of cards start to fall. For those new to this story, it started with SCO suing Novell and having all its motions decided in summary judgement and went to trial only on Novell's counter claims. Cheers to PJ for keeping us informed!"
Example of a “smoking email?”
http://techdirt.com/articles/20080716/0256581699.shtml
When Colluding With A Competitor, Perhaps Don't Send A Direct Email Suggesting You Keep Prices High
from the might-come-back-to-bite-you dept
It's rather rare these days to see collusion lawsuits where there's overt evidence of collusion. Instead, it's usually implicit collusion where a case needs to be made that this is a problem. However, every once in a while you still get those good old fashioned situations where there's evidence of direct price fixing. For example, the Inquirer points us to a case involving questions of collusion in the graphics card market between ATI and NVIDIA, where it appears NVIDIA's VP of marketing sent an email to ATI's president and chief operating officer suggesting that, while the two companies were competitors, they should work more closely to make sure their stock prices each remained high. Apparently, the lawyers in the case tried to hide that document as a "trade secret." If you consider it to be a "trade secret" that the two companies may have been collaborating, then perhaps they have a point. But the judge didn't buy it: "This court is not a wholly-owned subsidiary of your companies. I am against you hiding information from the public."
Sign of a true politician: the ability to be “shocked” by the “discovery” of things you do every day...
http://www.pogowasright.org/article.php?story=20080717061332725
PA: Angry prosecutors target privacy loophole
Thursday, July 17 2008 @ 06:13 AM EDT Contributed by: PrivacyNews
Pennsylvania's prosecutors, saying the public's privacy rights are threatened, will ask state lawmakers to close a legal loophole that allows open access to cell-phone and e-mail records.
District attorneys were "shocked" to discover that state law allows lawyers to obtain cell-phone records on behalf of clients through a simple subpoena without court review, said Carbon County District Attorney Gary Dobias, president of the state District Attorneys Association.
Source - Philly.com
[From the article:
The issue became public this week when The Inquirer reported that defense attorneys, searching for the source of grand-jury leaks, legally obtained the cell-phone records of two Dauphin County prosecutors and two state police detectives. [The best defense is a good offense OR pretend to be shocked before the voters find out what you are doing... Bob]
... Scranton lawyer Sal Cognetti Jr., representing Sica, had given the company a subpoena for the records - without informing Marsico or the state police.
Prosecutors were livid, then surprised when they learned that Cognetti was under no legal obligation to tell anyone.
"It never came up before," Ferman said. "It was a loophole that no one was aware of."
The state's wiretapping and surveillance law says any communications provider may disclose records of any customers to any person except members of law enforcement, who must secure a warrant for such information. [Okay, that's strange, but how could they be unaware? Bob]
Related?
http://techdirt.com/articles/20080715/0045061680.shtml
Bronx DA Backs Down After Sending Secret Subpoena To Unearth Anonymous Bloggers & Commenters
from the the-right-to-anonymity dept
Paul Alan Levy the lawyer from Public Citizen who defended the bloggers in this case was kind enough to write in alerting us to another job well done by Public Citizen. In this case, a NYC political blog site called Room 8 had some posts by an anonymous blogger criticizing some actions in the Bronx DA's office and the Bronx Republican Party. Not long after the posts, Room 8 received a subpoena from the DA's office not just demanding the IP address of the anonymous blogger and various anonymous commenters, but also warned them that even disclosing the subpoena could get the folks behind Room 8 in serious trouble. Luckily, Room 8 chose to fight this request, signing up the help of Levy, who convinced the DA's office to drop the subpoena and after Room 8 had to threaten the DA's office with a lawsuit of its own, it dropped the demand that the supboena be kept secret. Room 8 has a full account as well. Public Citizen also has posted links to a bunch of documents from the case.
What's still not clear is what was the purpose of the original subpoena. From the facts presented, it's easier to jump to the conclusion that it was purely political. Someone in the DA's office didn't like being criticized, and used the power of the office to try to squelch that voice (and, in fact, well before this came out, the anonymous blogger in question erased all his posts and disappeared). The folks who run Room 8 tried to determine what the actual issue was, and never received any answers. The whole thing is a bit scary, as it does show how a DA could abuse power to get info on anonymous critics simply by claiming it was a criminal investigation, without disclosing any details, and without letting the bloggers subpoenaed speak about it. Hopefully if other sites are getting bullied in this manner, they'll learn to fight back as well.
The way the world is going.
http://digg.com/apple/Control_your_PC_or_Mac_Remotely_from_your_iPhone_full_demo
Control your PC or Mac Remotely from your iPhone [full demo]
ismashphone.com — A demo of Mocha VNC for the iPhone. Mocha VNC is a free application from the App Store that provides access to a VNC server. Using your iPhone, you can connect to a Windows PC or Mac OS X and see the files, programs, and resources exactly as you would if you were sitting at your desk, just on a smaller screen. [An even better hack is when I can see YOUR computer... Bob]
http://www.ismashphone.com/2008/07/vnc-mocha.html
Ditto
Gartner: Security through the cloud will triple by 2013
Security applications delivered as cloud-based services will more than triple by 2013, according to Gartner.
By Computerworld UK staff July 16, 2008
... Popular on-demand enterprise applications, such as those provided by Salesforce.com, are allowing mobile workers to bypass the corporate network to access business data. [Not likely unless corporate data is not on the corporate network – i.e. It is stored “in the cloud.”. Bob] Gartner said this will force security teams to put controls between mobile workers and cloud based services.
... "One answer will be cloud-enabled security 'proxies' whereby all access to approved cloud-based IT services will be required to flow through cloud-based security services that enforce authentication, data loss prevention, intrusion prevention, network access control, vulnerability management and so on," he said.
Ditto
http://www.technewsworld.com/rsstory/63820.html?welcome=1216301572
All Signs Point to Virtualization
By Jeffrey Hill and Tom Karol TechNewsWorld 07/17/08 5:00 AM PT
... A recently published Aberdeen benchmark, Virtual Strategies: Managing Servers, Desktops and Storage for Infrastructure Efficiency (May 2008), found that 92 percent of companies have implemented some type of server virtualization.
... Virtualization can address many ills. Optimally, successful virtualization results in a more productive and more flexible data center, which can easily scale to meet new demands. It also results in reduced costs, both in power and data center footprint and increasing data availability -- an aggressive set of goals.
Ditto?
http://www.itwire.com/content/view/19483/1168/
Windows will be killed by virtual appliances: VMware exec
by Stan Beer Wednesday, 16 July 2008
... When you go to Cisco and say you want a router and a firewall, they provide you with an appliance," says Harapin.
"Inside that appliance is probably a bootstrapped Linux operating system that they manage themselves, there's memory and all sorts of devices. If something goes wrong with that appliance, you don't open up the router and try to determine whether it's an OS problem or a memory problem, you simply call Cisco and tell them that's there's a problem with your appliance."
... "If there's a problem, there's no operating system that you need to worry about because you simply call the software (application) vendor up, tell them there's a problem with their VM, and they'll snapshot the VM, patch it and send it back to you. So it's an appliance but it just has no hardware around it."
Might be a way to register for seminars...
http://www.killerstartups.com/Blogging-Widgets/phonefromhere-com-add-live-voice-chat-to-your-site
PhoneFromHere.com - Add Live Voice Chat to Your Site
PhoneFromHere.com is a tool that allows users to create phone button widgets and add them to their own blogs, websites, social networks, and various other online pages. Once the widget is added, users use their internet connection, not a telephone line, to place calls right from the site. The PhoneFromHere crew believes that live voice chat is a feature that will increase and retain traffic to a website. Having a PhoneFromHere button enables this instantaneous form of communication and information exchange to take place. PhoneFromHere widgets are run through an opensource solution, enabling them to dodge firewalls more easily. [Not a properly configured firewall... Bob] Furthermore, users do not need to download any software to utilize this tool.
To call this a straight line is to call Mt. Everest a bump in the road. (I can't get the images out of my head!)
http://news.bbc.co.uk/2/hi/health/4646010.stm
Sex 'cuts public speaking stress'
No comments:
Post a Comment