- did not implement or maintain a comprehensive data security program to protect this information;
- did not use readily available measures to identify commonly known or reasonably foreseeable security risks and vulnerabilities to this information;
- did not use adequate measures to prevent employees from accessing personal information not needed to perform their jobs;
- did not adequately train employees on basic security practices; and
- did not use readily available measures to prevent and detect unauthorized access to personal information.
Friday, August 30, 2013
For my students learning to manage IT: Why would any organization have 82,000 names on a laptop?
Well, now maybe the media will pay more attention to the Republic Services breach I reported the other day. The laptop stolen from the employee’s home held the unencrypted names and Social Security numbers of 82,160 current and former employees.
This could be amusing. What caused the FTC to select LabMD out of the hundreds (thousands) who also had security breaches? Perhaps when they release redacted documents we may find out. Will we learn anything new from this? Unlikely, but still worth watching.
The Federal Trade Commission filed a complaint against medical testing laboratory LabMD, Inc. alleging that the company failed to reasonably protect the security of consumers’ personal data, including medical information. The complaint alleges that in two separate incidents, LabMD collectively exposed the personal information of approximately 10,000 consumers.
… The Commission’s complaint alleges that LabMD failed to take reasonable and appropriate measures to prevent unauthorized disclosure of sensitive consumer data – including health information – it held. Among other things, the complaint alleges that the company:
… Because LabMD has, in the course of the Commission’s investigation, broadly asserted that documents provided to the Commission contain confidential business information, the Commission is not publicly releasing its complaint until the process for resolving any claims of confidentiality is completed and items in the complaint deemed confidential, if any, are redacted.
The following statement attributed to LabMD was sent to PHIprivacy.net:
LabMD Responds to Federal Trade Commission’s Witch Hunt
FTC action a clear example of federal government overreach
WASHINGTON – Today, the Federal Trade Commission (FTC) filed a complaint against LabMD claiming a violation of the Federal Trade Commission Act.
“The Federal Trade Commission’s enforcement action against LabMD based, in part, on the alleged actions of Internet trolls, is yet another example of the FTC’s pattern of abusing its authority to engage in an ongoing witch hunt against private businesses. The allegations in the FTC’s complaint are just that: allegations. LabMD looks forward to vigorously fighting against the FTC’s overreach by seeking recourse through the available legal processes.”
The FTC has repeatedly overstepped its statutory authority under Section 5 of the Federal Trade Commission Act and the FTC does not have the authority to bring this enforcement action.
LabMD is a cancer detection facility that specializes in analysis and diagnosis of blood, urine, and tissue specimens for cancers, micro-organisms and tumor markers.
Facebook: Actually, here's how we're using your data for ads
Facebook is making changes to the two key documents that govern its service in part to settle a two-year legal battle around its practice of using member data in advertisements.
The social network is proposing updates, some of which have been court-ordered, to its Statement of Rights and Responsibilities and Data Use Policy legal documents to better inform members on how their data is used for advertising purposes, and provide additional clarity on its data collection practices.
Facebook is putting the changes up for review -- but not a vote -- and will collect feedback over the next seven days.
… In 2011, Facebook was accused of violating users' right to privacy by publicizing their "likes" in advertisements without asking them or compensating them. The case was finally settled on Monday.
For my paranoid students...
– With issues cropping up regarding NSA surveillance in major search engines, some people are turning to alternative sources to protect their search activity. One of these is Zeekly, a new search engine that claims to be completely private (i.e. they don’t store data on their users). It pulls queries from different search engines anonymously and offers strong SSL encryption (2048 bit).
I don't see this as really new, even though this may be a “first.”
Text a driver in New Jersey, and you could see your day in court
… Now a New Jersey state appeals court has an addendum: Don't knowingly text a driver -- or you could be held liable if he causes a crash.
… A court summary of the times of texts and calls to and from Best's cell phone reflect what happened next:
The teens were having a text chat, volleying each other messages every few moments.
Seventeen seconds after Best sent a text, he was calling a 911 operator.
His truck had drifted across the double center line and hit the Kuberts head-on.
… The plaintiffs' attorney, Stephen Weinstein, argued that the text sender was electronically in the car with the driver receiving the text and should be treated like someone sitting next to him willfully causing a distraction, legal analyst Marc Saperstein told CNN affiliate WPIX-TV.
The argument seemed to work.
On Tuesday, three appeals court judges agreed with it -- in principle.
They ruled that if the sender of text messages knows that the recipient is driving and texting at the same time, a court may hold the sender responsible for distraction and hold him or her liable for the accident.
For my Computer Science (and Math) students
… Teaching Tree is a platform for collecting and contributing educational video content on computer science, math, and Ruby programming among others. There are more than 1200 “concepts” on the site so far. It is an open platform, so anyone can use it to assimilate knowledge on the subjects it promotes.
The future. We can ride into it, or be ground to dust under it.
The Current MOOC Trends Worth Knowing About
… Currently, there’s somewhat less buzz happening about MOOCs. But they’re still out there, happening and evolving while we’re busy doing other things. I do find it useful to regularly be able to take the temperature, so to speak, of what people are thinking and what’s actually happening with MOOC trends, which the handy infographic below does wonderfully.
For all my students
– Are you planning to purchase a tablet and want to see how the different devices compare to each other? Check out TabletRocket.com. It’s a new review website that compares all of the tablets on the market based on different attributes. It will show you head-to-head comparisons and summarize the pros and cons of each device, so that you can find the device you need.
For those of us who believe one size does not fit all...
9 Word Cloud Generators That Aren’t Wordle
… Wordle is quite easily the most popular word cloud generator out there. It’s free and easy to use.