“We
don't need no stinking badges!”
“We
don't need no unpredictable elections!”
Privacy
commissioner ‘deeply disturbed’ by Election Ontario’s handling
of voter data
July 31, 2012 by admin
Caroline Alphonso reports:
Elections Ontario
ignored security measures and went right back to using memory sticks
without enabling the encryption software just days after personal
information of as many as 2.4 million voters – contained on two USB
keys without the necessary safeguards – vanished from one of its
warehouses, the province’s privacy commissioner charged.
Read more on The
Globe and Mail.
The Commissioner’s formal statement
on the investigation can be found here.
(Related) We may need to follow “Best
Practices” just like we require second class citizens to do.
TSP
head expresses regret over cyberattack
July 31, 2012 by admin
Kellie Lunney reports that the recent
TSP breach has inspired at least one Senator to try
to require all federal agencies to have a breach notification policy
in place. You’d have thought they would have one
already, wouldn’t you, but apparently not….
The head of the
Thrift Savings Plan expressed regret on Tuesday over
not having a policy in place earlier to notify participants of
security breaches to their retirement accounts.
The Federal
Retirement Thrift Investment Board implemented a breach
notification plan in June, Gregory Long, the board’s executive
director, said during a hearing on Capitol Hill. That was about two
months after the board learned of a 2011 cyberattack that led to the
unauthorized access to the accounts of as many as 123,000 plan
participants and other recipients of TSP plan payments.
Long
blamed “a lack of resources” for the board’s inability to
develop a plan to inform TSP participants of security breaches when
they occur. [“We had enough budget to do part of our job, just not
the important stuff.” Bob]
[...]
Sen. Daniel Akaka,
D-Hawaii, said he was concerned the board did not have a breach
notification policy when the agency learned about the cyberattack in
April. Akaka, who chairs the Senate Homeland Security and
Governmental Affairs federal workforce subcommittee has asked the
Government Accountability Office to determine how many other agencies
have failed to incorporate OMB’s guidance and whether sufficient
oversight of compliance exists. Akaka was one of 43 members of
Congress who was affected by the security breach. He has offered an
amendment to the 2012 Cybersecurity Act, which the Senate is
considering Tuesday evening, that would make it mandatory for every
federal agency to have a breach notification policy in place.
Read more on GovExec
(Related) “Apparently we need more
security than we thought.”
Dropbox
Reports User Accounts Were Hijacked, Adds New Security Features
July 31, 2012 by admin
Rip Empson reports:
Several weeks ago,
reports started to trickle out that a number of Dropbox users were
under attack from spam. Since then, Dropbox has been investigating
those attacks (with some help from a third-party) and today gave the
first update on the progress, saying that some accounts were indeed
accessed by hackers, but that it is now adding two-factor
authentication and other security features to prevent further
problems.
Read more on TechCrunch.
(Related) Will this too be ignored?
GAO:
Federal Law Should Be Updated to Address Changing Technology
Landscape
July 31, 2012 by Dissent
GAO-12-961T, Jul 31, 2012
What GAO Found
Technological
developments since the Privacy Act became law in 1974 have changed
the way information is organized and shared among organizations and
individuals. Such advances have rendered some of the provisions of
the Privacy Act and the E-Government Act of 2002 inadequate to fully
protect all personally identifiable information collected, used, and
maintained by the federal government. For example, GAO has reported
on challenges in protecting the privacy of personal information
relative to agencies’ use of Web 2.0 and data- mining technologies.
While laws and
guidance set minimum requirements for agencies, they may not protect
personal information in all circumstances in which it is collected
and used throughout the government and may not fully
adhere to key privacy principles. GAO has identified
issues in three major areas:
• Applying
privacy protections consistently to all federal collection and use of
personal information. The Privacy Act’s protections only
apply to personal information when it is considered part of a “system
of records” as defined by the act. However, agencies routinely
access such information in ways that may not fall under this
definition.
• Ensuring
that use of personally identifiable information is limited to a
stated purpose. Current law and guidance impose only modest
requirements for describing the purposes for collecting personal
information and how it will be used. This could allow for
unnecessarily broad ranges of uses of the information.
• Establishing
effective mechanisms for informing the public about privacy
protections. Agencies are required to provide notices in the
Federal Register of information collected, categories of
individuals about whom information is collected, and the intended use
of the information, among other things. However, concerns have been
raised whether this is an effective mechanism for informing the
public.
The potential for
data breaches at federal agencies also pose a serious risk to the
privacy of individuals’ personal information. OMB has specified
actions agencies should take to prevent and respond to such breaches.
In addition, GAO has previously reported that agencies can take
steps that include
• assessing the
privacy implications of a planned information system or data
collection prior to implementation;
• ensuring the
implementation of a robust information security program; and •
limiting the collection of personal information, the time it is
retained, and who has access to it, as well as implementing
encryption.
Read the full GAO
testimony.
As
the private sector gets better (still not good) at security, the
remaining “low hanging fruit” may just be those huge government
databases.
Data
breaches up 19 percent, GAO reports
July 31, 2012 by admin
Federal data
breaches jumped 19 percent last year, the Government Accountability
Office said Tuesday.
There were roughly
13,000 incidents reported by agencies in 2010 involving unauthorized
disclosures of personally identifiable information — last year,
that figure shot up to 15,500, Greg Wilshusen, GAO’s director of
information security issues, told the Senate subcommittee on
government management oversight Tuesday at a hearing.
Read more on Federal
Times. The GAO testimony being cited can be found here.
Interesting
question.
On
email privacy, Twitter’s ToS and owning your own platform
July 31, 2012 by Dissent
Alex Howard discusses the recent uproar
on Twitter after journalist Guy Adams’ account was suspended for
tweeting the email of an NBC executive to whom viewers could complain
about NBC’s Olympic coverage. The account has been reinstated, and
Twitter broke its usual silence on individual cases to discuss what
had happened and why. But that’s not the end of the conversation.
Alex writes:
I see at least
three different important issues here related to electronic privacy,
Twitter’s terms of service, censorship and how many people think
about social media and the Web.
Is a corporate
email address private?
Washington Post
media critic Erik
Wemple is at a loss to explain how tweeting this corporate email
address qualifies public (sic) rises to the level of disclosing
private information.
Can a corporate
email address based upon a known nomenclature used by tens of
thousands of people “private?”
Read Alex’s thoughtful discussion on
O’Reilly
Radar.
More on Privacy
By Dissent,
August 1, 2012
The Health Privacy Summit has made
materials and videos available online for its recent conference, “Is
There an American Health Privacy Crisis?” Check them out at
http://www.healthprivacysummit.org/d/3cq92g/6X
Video Highlights:
- Patient Story about Privacy Loss: “Julie” bravely tells how she was harmed when her sensitive mental health information was used by staff members of a Boston health care system without her consent.
- Louis D. Brandeis Privacy Awards: You can watch as we honor Ross Anderson, Congressmen Joe Barton and Ed Markey and Professor Alan Westin with the first-ever Louis D. Brandeis Privacy Awards.
- Best Privacy Technologies of 2012: You can also watch us present IDExperts, Jericho Systems, and TrendMicro with awards for the Best Privacy Technologies of 2012.
- theDataMap™: Seeing Latanya Sweeney present theDataMap™ is a real eye-opener as she explains this critical project to map the hidden flows of health data.
- All Keynotes and Panels: The keynotes and panels include national and international academics, advocates, government officials, health care providers, industry executives, technology experts, and more, discussing the major technical, legal, and cultural threats and solutions to privacy and patient control over personal health information in electronic health systems and data exchanges.
You can also visit the
agenda and click on any session to see more about the panel and
the live video.
“Is There An American Health Privacy
Crisis”, was jointly hosted by The O’Neill Institute for National
and Global Health Law and the Patient Privacy Rights Foundation.
Perspective
Aug.
1, 1949: FCC Gets in on Cable TV
Perspective The Digital Universe?
For
my Math students
For
all my techies...
Do
you have a Word document that you quickly and painlessly need
converted into an Excel document? Well then, you should consider
taking a look at Convert Word To Excel.
Before
you can begin using it, you need Microsoft Silverlight installed and
enabled. Then just click on “File” and then “Open”
No comments:
Post a Comment