Tuesday, December 17, 2013

Another “Oops, the employee forgot to encrypt the data.” Here's another question: Does the State of Colorado have locations that can not communicate over the Internet? Why even copy the data to a portable drive?
Jeanne Price reports:
Nearly 19,000 Colorado state workers—both current and former—could have identity protection concerns after a state worker lost a USB or thumb drive containing their personal data including Social Security Numbers (SSN).
“A state employee lost the drive while transporting it between work locations. There is no indication that this information has been misused or stolen,” a press release from the Governor’s Office of Information Techology (OIT) stated.
“The electronic file contained names, Social Security numbers and some home addresses of approximately 18,800 state personnel.
Read more on idRADAR.com.
Because the state refused to provide a copy of the individual notification letter, if any of my readers is the unlucky recipient of the notification, please email me a copy of the notification letter (breaches[at]databreaches.net). Thanks!
[From the article:
Of the 18,800 individual files determined to be on the missing data device, about 8,000 belong to current employees who will be easy to notify. An additional 10,800 are former personnel whose contact info on file could be out of date.
The drive was first discovered to be missing in late November. Some individuals now getting breach notification letters reportedly thought the letter was a fraud because it contained some questionable info.

Is no one learning from the failure of others? Or from their own failures. Small breaches, but completely avoidable.
It seems that UHS-Pruitt Corporation in Georgia reported that 1,300 patients had PHI on a laptop that was stolen on September 26, 2013.
… On September 26, 2013, a computer laptop belonging to an employee of UHS-Pruitt was stolen from the employee`s locked car.
But wait (as the commercials say), there’s more….
The December 6th press release (pdf) reads, in part:
… On October 8, 2013, the employee’s laptop was stolen from her car at her home.

Unfortunately correct.
Daniel Solove writes:
Fordham School of Law’s Center on Law and Information Policy (CLIP), headed by Joel Reidenberg, has released an eye-opening and sobering study of how public schools are handling privacy issues with regard to cloud computing. The study is called Privacy and Cloud Computing in Public Schools, and it is well worth a read.
Context: Education Privacy
What’s the greatest threat to children’s privacy? Social media sites? Search engines? Children’s sites?
The answer, in my opinion, is none of the above. The greatest threat to children’s privacy is schools.
When it comes to privacy issues, schools are in the Dark Ages. I cannot think of any other industry that is so far behind.
To which I say, “hear, hear!”
Read more on Dan’t column on Safe.gov.

Wishful thinking?
Josh Gerstein reports:
A federal judge ruled Monday that the National Security Agency program which collects information on nearly all telephone calls made to, from or within the United States is likely to be unconstitutional.
U.S. District Court Judge Richard Leon found that the program appears to run afoul of the Fourth Amendment prohibition on unreasonable searches and seizures. He also said the Justice Department had failed to demonstrate that collecting the so-called metadata had helped to head off terrorist attacks.
Read more on Politico.
Related: Ruling (pdf).

No comments: