http://www.databreaches.net/?p=8168
CT AG “appalled” at delay in Anthem data theft
November 9, 2009 by admin Filed under Healthcare Sector, Of Note, Theft, U.S.
The state attorney general is demanding Anthem Blue Cross Blue Shield of Connecticut provide more answers and identity-theft protection for nearly 19,000 health professionals whose confidential data was on a stolen laptop computer.
Attorney General Richard Blumenthal, at a press conference today, said Anthem and one of its Blue Cross Blue Shield affiliates may have broken the law after they failed to immediately notify the affected doctors, therapists and other professionals whose information was in the laptop when it disappeared last August outside Chicago.
Anthem waited until late October to notify the victims, the attorney general said.
He said Anthem may have violated Connecticut laws requiring that companies fully secure sensitive data and that, once lost or stolen, they immediately notify owners of the data about the breach.
Read more in the Hartford Business Journal.
How times have changed! Now notifying within two months or so of discovery may be too long? And if Connecticut does fine Anthem for the data being unencrypted, perhaps more companies will get serious in a hurry to ensure that data are encrypted. [Hope springs eternal... Bob]
Update: The AG’s press release:
Attorney General Richard Blumenthal is investigating Blue Cross Blue Shield’s loss of confidential information, including tax identification and some Social Security numbers, for all 18,817 of its individual Connecticut health care providers, as well as seeking additional identity theft protection for affected doctors, therapists and other professionals.
Blumenthal said that the company and its affiliates may have violated state law by losing the information and failing to notify providers in a timely manner. The companies are offering professionals one year of identity theft protection, but Blumenthal called these measures “inadequate and unacceptable, and said, “I will fight for at least two years.”
Blumenthal said the information was lost when a laptop was stolen on August 25. The laptop held information on the companies’ providers nationwide, [It was much bigger than “just” the the 18,000+ in Connecticut, the total is over 800,000. Bob] including names, addresses, tax identification and provider numbers and some Social Security numbers.
Although the computer was stolen in late August, Blue Cross Blue Shield and its related companies Anthem and Empire failed to inform health care providers until late last month.
“As appalling as the data loss, equally alarming and potentially illegal is the delay in disclosing it,” Blumenthal said. “We are vigorously investigating this appalling data loss, needlessly exposing more than 18,000 Connecticut doctors and professionals to devastating identity theft.
“Failing to promptly notify providers of the breach is inexcusable — and a possible violation of state law. Waiting two months left providers severely at risk — needlessly and irresponsibly exposing them to financial mayhem.
“My office demands a full accounting from Blue Cross Blue Shield — healthcare providers affected, details of the loss, protections for professionals, policies and procedures for data loss and other information. State laws mandate that companies fully secure sensitive personal information and quickly disclose breaches — laws the companies may have broken.
“Anthem’s one year of identity theft protection is inadequate and unacceptable. Connecticut doctors and health care professionals expect and deserve a stronger shield against identity loss. I will fight for greater safeguards, including longer identity theft protection, as I have done in other data breaches.
“For identity thieves, private personal data is as good as gold — and should be secured with equal vigor and vigilance. Companies must closely protect Social Security numbers and other sensitive data.
[From the article:
… we believe we acted with all due diligence in order to minimize unnecessary delay of our notice to providers," the company said. "Letters were mailed only after we determined who may have been impacted... [In other words, they didn't know how much information the employee loaded on his laptop. Poor security. Bob]
(Related)
http://www.databreaches.net/?p=8166
A note on the Anthem Blue Cross breach
November 9, 2009 by admin Filed under Healthcare Sector, Theft, U.S.
Last week, several news sources such as WMUR reported that Anthem Blue Cross was notifying 10,000 healthcare professionals in New Hampshire that their personal information was on a stolen laptop. That news story was correct, but some sites seem to have picked up the story as if it was a new incident or breach.
New Hampshire Anthem Blue Cross spokesperson Chris Dugan confirmed to me that the 10,000 was part of the larger national Blue Cross Blue Shield breach that occurred in August and was first reported in September. It is not a separate or new incident.
Correction: Looks like no one bothered to tell 60 minutes that initial reports were wrong.
http://www.wired.com/threatlevel/2009/11/brazil_blackout/
Brazilian Blackout Traced to Sooty Insulators, Not Hackers
By Marcelo Soares November 9, 2009 6:15 pm
SAO PAULO, Brazil — A massive 2007 electrical blackout in Brazil has been newly blamed on computer hackers, but was actually the result of a utility company’s negligent maintenance of high voltage insulators on two transmission lines. That’s according to reports from government regulators and others who investigated the incident for more than a year.
This is dangerous and according to my (admittedly old) MBA textbooks, stupid. Why would any company do this? Poor management.
http://yro.slashdot.org/story/09/11/09/2319233/Microsoft-Tries-To-Censor-Bing-Vulnerability?from=rss
Microsoft Tries To Censor Bing Vulnerability
Posted by kdawson on Tuesday November 10, @02:30AM from the don't-shout-and-wave-it-about dept.
An anonymous reader writes
"Microsoft's Bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers. In traditional Microsoft fashion, the company has responded to the author of the breaking Bing cash-back exploit with a cease & desist letter, rather than by fixing the underlying security problem. It is possible for a malicious user to create fake Bing cash-back requests, resulting in not only fake cash-back costs for the merchant, but also blocking legitimate customers from receiving their cash-back from Bing. The original post is currently available in Bing's cache, although perhaps not for long. But no worries, the author makes it clear that the exploit should be painfully obvious to anyone who reads the Bing cash-back SDK."
So, maybe it's not like fingerprints?
http://www.pogowasright.org/?p=5206
Court: Compulsory taking of DNA from pretrial detainee violates Fourth Amendment
November 10, 2009 by Dissent Filed under Court, Surveillance, U.S.
FourthAmendment.com brings us a court opinion out of Pennsylvania that is quoteworthy:
A DNA profile generates investigatory evidence that is primarily used by law enforcement officials for general law enforcement purposes. To allow such suspicionless searches, which are conducted in almost all instances with law enforcement involvement, to occur absent traditional warrant and probable cause requirements will intolerably diminish our protection from unreasonable intrusion afforded by the Search and Seizure Clause of the Fourth Amendment.
The case is United States v. Mitchell, 2009 U.S. Dist. LEXIS 103575 (W.D. Pa. November 6, 2009).
Isn't the only difference between “now” and “wait 'till it's over,” time? Is slow news better news?
http://news.cnet.com/8301-1023_3-10393739-93.html?part=rss&subj=news&tag=2547-1_3-0-20
Judge bans Twitter from court
by Declan McCullagh November 9, 2009 3:06 PM PST
Twittering from court is prohibited, according to a federal judge in Georgia who banned spectators from sending live updates from a criminal trial.
U.S. District Judge Clay Land in Georgia wrote that Rule 53 of the Federal Rules of Criminal Procedure should be interpreted to ban Twitter.
Rule 53 says: "Except as otherwise provided by a statute or these rules, the court must not permit the taking of photographs in the courtroom during judicial proceedings or the broadcasting of judicial proceedings from the courtroom."
A reporter for the Columbus Ledger-Enquirer had asked permission to Twitter updates from the corruption trial of local attorney Mark Shelnutt, which was scheduled to start on Monday.
Read more of "Judge Bans Twitter From Court" at CBSNews.com.
This is “different” It looks like the Privacy Commissioner is recommending this paper. (and her picture appears on every page of their website) Is it just good research?
http://www.pogowasright.org/?p=5198
Nymity recognized as Privacy by Design Ambassador
November 10, 2009 by Dissent Filed under Businesses
From the press release:
The Office of the Information and Privacy Commissioner of Ontario (IPC) has officially recognized privacy and data protection research firm Nymity as a Privacy by Design Ambassador for its role in advancing the concept of privacy in business practices.
Privacy by Design is a concept that was developed by Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, back in the ’90s. It asserts that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, organizations should strive to make privacy their default mode of operation. Initially conceived to address the ever-growing and systemic effects of Information Technologies (IT), Privacy by Design now extends to a “trilogy” of arenas: 1) IT systems; 2) physical design and infrastructure; and 3) accountable business practices.
Recognizing that traditional approaches to implementing privacy often place constraints on an organization’s business practices, Nymity initiated a research project with the objective of creating an approach to privacy compliance that enables businesses to prosper while, at the same time, advancing the protection of personal information.
“Nymity’s Legal Research Team developed a pragmatic process that allows organizations to bake privacy into their business activities, to ensure compliance without restricting business – a win/win scenario,” says Terry McQuay, Nymity President.
A new paper developed with the IPC: “A Pragmatic Approach to Privacy Risk Optimization: Privacy by Design for Business Practices,” introduces Nymity’s Privacy Risk Optimization Process (PROP) – a process that enables default privacy within operational policies and procedures, resulting in Privacy by Design for business practices. The paper was released at the recent pre-conference event co-hosted in Madrid by Commissioner Cavoukian and Yoram Hacohen, Head of the Israeli Law, Information and Technology Authority (ILITA): Privacy by Design: The Definitive Workshop.
For a copy of the new paper on business practices, or to learn more about Privacy by Design, please visit www.privacybydesign.ca
Source: Information and Privacy Commissioner of Ontario
[After much web browsing:
Download Risk Optimization Paper (registration required)
...and Dr. Cavoukian's book: Privacy by Design … Take the Challenge is available at
http://www.privacybydesign.ca/publications.htm
Not sure who started or finished this, but another indication that AG's are capable of jumping on bandwagons (and that this sort of “bad marketing” is being recognized as a problem.
http://www.pogowasright.org/?p=5183
Tagged.com tagged for $250k by Texas
November 9, 2009 by Dissent Filed under Breaches, Businesses, Featured Headlines
Tagged.com also settled with the Texas Attorney General’s Office today:
Texas Attorney General Greg Abbott today resolved an enforcement action against Tagged, Inc., a social networking site operator that has an estimated two million Texas users.
(Related)
http://www.pogowasright.org/?p=5179
NY Attorney General settles with Tagged.com
November 9, 2009 by Dissent Filed under Businesses, Featured Headlines
Attorney General Andrew M. Cuomo today announced that his office has stopped the social networking site Tagged.com from misappropriating the contacts lists and identities of its members and from sending out millions of deceptive and unsolicited promotional emails.
Through an agreement with Cuomo’s office, the company must pay $500,000 in penalties and costs to the state and adopt industry-leading measures regarding the access and use of its members’ personal information.
Another fishing expedition. Since so few of these go to trial – being designed to intimidate the blogger to stop – could the courts (special master?) hold the name pending further action? i.e. If you weren't serious about filing a case, you don't get the name.
http://www.pogowasright.org/?p=5196
Buffalo Grove trustee to get name of anonymous poster
November 10, 2009 by Dissent
Georgia Garvey reports:
Buffalo Grove Village Trustee Lisa Stone should be told the name of the man she accuses of making defamatory online comments about her 15-year-old son, a judge ruled Monday in a case being watched for its Internet privacy implications.
See, there's only one (and we thought there were thousands of these...)
http://www.pogowasright.org/?p=5193
From EFF’s Secret Files: Anatomy of a Bogus Subpoena
November 10, 2009 by Dissent Filed under Featured Headlines, Internet, Surveillance, U.S.
From the Electronic Frontier Foundation (EFF):
Can the U.S. government secretly subpoena the IP address of every visitor to a political website? No, but that didn’t stop it from trying.
In a report released today, EFF Senior Staff Attorney Kevin Bankston tells the story of a bogus federal subpoena issued to independent news site Indymedia.us, and how the site fought back with EFF’s help. Declan McCullagh at CBSNews.com also has the story.
The report describes how, earlier this year, U.S. attorneys issued a federal grand jury subpoena to Indymedia.us administrator Kristina Clair demanding “all IP traffic to and from www.indymedia.us” for a particular date, potentially identifying every person who visited any news story on the Indymedia site. As the report explains, this overbroad demand for internet records not only violated federal privacy law but also violated Clair’s First Amendment rights, by ordering her not to disclose the existence of the subpoena without a U.S. attorney’s permission.
Read more on EFF.
[From the report:
A PDF of the entire subpoena is available here.
Very significant new rules. Probably will be rolled back?
http://www.pogowasright.org/?p=5176
Consent will be required for cookies in Europe
November 9, 2009 by Dissent Filed under Featured Headlines, Internet, Legislation, Non-U.S.
An editorial at Out-Law.com written by Struan Robertson, editor:
The fate of Europe’s cookie law became improbably entwined with a debate over file-sharing. To cut a long story short, it broke free. On 26th October, it was voted through by the Council of the EU. It cannot be stopped and awaits only the rubber-stamp formalities of signature and publication.
The vote’s result was announced by way of a whisper. It featured at the tail end of an 18-page Council press release (PDF) that first had to address fishing quotas, train driving licences and a maritime treaty with China. I’m afraid we missed it.
There was no attempt to bury this news – but the hushed tones of its reporting were consistent with the media attention it has received to date. There has been almost no fuss about this little law, despite the harm it could do to advertising, the lifeblood of online publishing. It also threatens to irritate all web users by appearing at every new destination like an over-zealous security guard. [This alone might prompt a rollback. Bob]
Read more on Out-Law.com
(Related)
http://www.pogowasright.org/?p=5169
The EU has its finger on the Internet privacy button, which threatens to turn out the lights on European web publishers
November 9, 2009 by Dissent Filed under Internet, Non-U.S.
Jarvis Coffin, CEO & President of Burst Media writes:
In case it has escaped anyone’s attention, the European Union is dangling the online advertising industry outside a window and threatening to drop it on its head over the issue of privacy (ClickZ, 11-06-09; Ad Age, 11-05-09.)
Incited by bad behavior at Phorm and BT, which evidently collaborated on unannounced ad targeting tests relying on the more detailed user data available through BT’s ISP business (not very helpful), the EU is taking legal action against the UK in order to compel it to impose tougher privacy standards.
Read more on Huffington Post.
I've been telling you that large volumes of data are creating problems. This is just another example.
http://developers.slashdot.org/story/09/11/09/2335214/The-NoSQL-Ecosystem?from=rss
The NoSQL Ecosystem
Posted by kdawson on Tuesday November 10, @12:12AM from the no-relation dept.
abartels writes
'Unprecedented data volumes are driving businesses to look at alternatives to the traditional relational database technology that has served us well for over thirty years. Collectively, these alternatives have become known as NoSQL databases. The fundamental problem is that relational databases cannot handle many modern workloads. There are three specific problem areas: scaling out to data sets like Digg's (3 TB for green badges) or Facebook's (50 TB for inbox search) or eBay's (2 PB overall); per-server performance; and rigid schema design.'
Douglas Adams already gave us the answer to Life, the Universe and Everything. (42) However, this one could make us rich!
What Computer Science Can Teach Economics
Posted by ScuttleMonkey on Monday November 09, @05:12PM from the just-build-better-computers dept.
eldavojohn writes
"A new award-winning thesis from an MIT computer science assistant professor showed that the Nash equilibrium of complex games (like the economy or poker) belong to problems with non-deterministic polynomial (NP) complexity (more specifically PPAD complexity, a subset of TFNP problems which is a subset of FNP problems which is a subset of NP problems). More importantly there should be a single solution for one problem that can be adapted to fit all the other problems. Meaning if you can generalize the solution to poker, you have the ability to discover the Nash equilibrium of the economy. Some computer scientists are calling this the biggest development in game theory in a decade."
An articulate student! Will wonders never cease...
Attack of the PowerPoint-Wielding Professors
Posted by kdawson on Tuesday November 10, @08:54AM from the all-power-corrupts-and-powerpoint-corrupts-absolutely dept.
theodp writes
"A CS student blogger named Carolyn offers an interesting take on why learning from PowerPoint lectures is frustrating. Unlike an old-school chalk talk, professors who use PowerPoint tend to present topics very quickly, leaving little time to digest the visuals or to take learning-reinforcing notes. Also, profs who use the ready-made PowerPoint lectures that ship with many textbooks tend to come across as, shall we say, less than connected with their material. Then there are professors who just don't know how to use PowerPoint, a problem that is by no means limited to college classes."
No comments:
Post a Comment