http://www.databreaches.net/?p=9050
Judge Gives Preliminary OK To Countrywide breach settlement
December 24, 2009 by admin Filed under Financial Sector, Insider, Of Note, U.S.
Brett Barrouquere of the Associated Press reports:
A federal judge has given preliminary approval to a settlement between Countrywide Financial Corp., and millions of customers whose detailed financial information was exposed in a security breach.
Under the terms of the settlement, Countrywide, now owned by Bank of America, would give up to 17 million people whose information was exposed during the security breach free credit monitoring. That group includes anyone who obtained a mortgage and anyone who used Countrywide to service a mortgage prior to July 1, 2008.
The settlement entitles a person up to $50,000 in reimbursements from Countrywide per instance of identity theft, provided they actually lost something of value, were not reimbursed and it is more likely than not the theft stemmed from Countrywide.
In January, BOA agreed to pay Connecticut $350,000 and reimburse customers who had to freeze their credit after a massive data breach. About 30,000 Connecticut residents were affected.
Note that this settlement is separate from another Countrywide settlement in the news this week concerning a $4.4 million settlement finalized last year with Countrywide over alleged unfair and deceptive mortgage practices.
No previous report on this breach has indicated that up to 17 million people were affected, at least not to my knowledge. Most sites were reporting 2,000,000 as the number affected. I’ll have to look into whether that puts the Countrywide incident on the Top 10 list of biggest breaches when I update that list for the year next week.
More to the point, however, I don’t see where this “settlement” really gives anything significant to those affected that they shouldn’t have been given immediately and in any event. It’s a shame that it requires litigation to get breached entities to offer credit monitoring and restoration services.
If you could write the settlement, what terms would you include?
http://www.pogowasright.org/?p=6589
CRS: Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping
December 24, 2009 by Dissent Filed under Featured Headlines, Legislation, Surveillance, U.S.
CRS report 98-326
Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping
December 03, 2009
Summary:
This report provides an overview of federal law governing wiretapping and electronic eavesdropping. It also appends citations to state law in the area and contains a bibliography of legal commentary as well as the text of the Electronic Communications Privacy Act (ECPA) and the Foreign Intelligence Surveillance Act (FISA).
Download the report from OpenCRS (pdf).
When the AG uses Occam's Razor, don't respond with “It coulda been the Tooth Fairy...”
http://www.phiprivacy.net/?p=1711
Health Net disputes CT AG’s statement
By Dissent, December 24, 2009 3:31 pm
Emily Berry reports that Health Net has responded to statements by the Attorney General of Connecticut by claiming that there is no proof that a breach earlier this year was due to theft:
Citing a report by Kroll, a security firm Health Net hired to investigate, Blumenthal said in a Dec. 7 announcement that Health Net’s story contradicted what its own consultants found.
[...]
Blumenthal noted that two laptops were stolen from the same building around the same time, supporting the possibility that the disk was stolen, not lost.
He also said that although Health Net claimed that the data on the disk could be read only with proprietary software, Kroll noted that “common, commercially available” software could decode it.
[...]
In response to Blumenthal’s comments, Health Net released its own statement: “The [Kroll] report states that there could have been numerous scenarios that explained the disappearance of the missing drive, and that there was insufficient evidence to determine which, if any, of the scenarios was the most likely.”.
Read more on American Medical News.
I've been telling you that this lady is smart! Is there anything about these requirements that makes you believe it would take nearly two years to implement the changes?
http://www.phiprivacy.net/?p=1716
Ca: Commissioner Cavoukian expects health sector to encrypt all health information on mobile devices: Nothing short of this is acceptable
By Dissent, December 24, 2009 3:35 pm
Ontario Information and Privacy Commissioner, Dr. Ann Cavoukian, today directed the province’s health sector not remove from their premises any personal health information on mobile devices – unless this very sensitive information is encrypted, as required in a health order issued in 2007.
This follows the loss last week of a USB key containing the health information of almost 84,000 patients who attended H1N1 flu vaccination clinics in the Durham Region.
This incident is “very distressing,” said the Commissioner, “especially in light of the fact that I directed all Ontario health information custodians not to transport personal health information on laptops or other mobile computing devices unless the information was encrypted.” This direction was included in a 2007 order under the Personal Health Information Protection Act (PHIPA).
In addition to immediately launching an investigation into the incident, the Commissioner contacted Ontario’s Ministry of Health and Long-Term Care as well as Ontario’s Chief Medical Officer of Health, Dr. Arlene King, and is working with them to reinforce the importance of safeguarding health information. Dr. King is issuing a message to all Medical Officers of Health today urging them to cease storing or transferring health information that is not protected with strong encryption.
“Our health orders set a minimum standard for what we expect from all health information custodians, all of whom are required to protect personal health information under PHIPA,” said the Commissioner.
“I want to make this very clear,” the Commissioner said today. “No personal health information should be transported on mobile devices, unless the information is encrypted. This requirement is perfectly clear and encryption technology is readily available.”
In order not to disrupt any immunization clinics taking place over the holiday period, Commissioner Cavoukian advised that any unencrypted personal health information that needs to be transported, must be in the physical possession of the person responsible, at all times, until it reaches its secure location. This is only an interim measure until full encryption processes can be put into place.
“The analogy I would use is that of detectives transporting sensitive information in briefcases handcuffed to their wrist. The health information of Ontario citizens is equally sensitive, and requires this same level of protection,” said Commissioner Cavoukian.
The Commissioner’s investigation report on the incident in Durham Region will be issued next month, in January 2010.
In March 2007, the Commissioner issued guidance to the Ontario health sector as part of a health order (HO-004) to Toronto’s Hospital for Sick Children after a laptop computer containing the personal health information of 2,900 patients was stolen from a parked vehicle.
For more information on how to encrypt and secure health information on mobile devices, see the IPC fact sheet Encrypting Personal Health Information on Mobile Devices at http://www.ipc.on.ca/images/Resources/up-4fact_12_e.pdf.
Source: Information and Privacy Commissioner/Ontario
An indication that a technology has “arrived” or that the County has found a way to use that Stimulus Money to pay for the DA's kids cell phones?
Texas County Will Use Twitter To Publish Drunk Drivers' Names
Posted by timothy on Friday December 25, @03:07AM from the only-animal-that-blushes dept.
alphadogg contributes this snippet from Network World:
"If you get busted for drunk driving in Montgomery County, Texas, this holiday season, your neighbors may hear about it on Twitter. That's because the local district attorney's office has decided to publish the names of those charged with driving while intoxicated between Christmas and New Year's Eve. County Vehicular Crimes Prosecutor Warren Diepraam came up with the idea as a way of discouraging residents from getting behind the wheel while drunk. 'It's not a magic bullet that's going to end DWIs, but it's something to make people think twice before they get behind the wheel of a car and drive while they're intoxicated,' he said."
Sounds like a job for everyone's favorite super-hero: Class Action Lawyer-Man! Able to terrorize corporations with a single filing! Capable of excruciating leaps of logic!
Basically Every ISP Is Trying to Scare You Into Paying for Internet You Don't Need
(Related) I still predict that every device (phone, PDA, tablet, netbook, notebook or desktop) will allow free voice communications via the Internet. Telecomms, evolve or die..
Google Voice Is Coming Back To The iPhone Via The Browser, Thanks To VoiceCentral
by Erick Schonfeld on December 24, 2009
In case you found a computer under the tree...
http://www.maximumpc.com/article/features/13_steps_any_new_computer
13 Things You Must Do First with Your New PC
Posted 12/25/09 at 12:00:00 PM by The Maximum PC Staff
No comments:
Post a Comment