Monday, December 30, 2013
Typical or government inefficiency?
Nic Rigby of the BBC reports on the cost to the U.S. of investigations involving U.K. hackers:
Lauri Love, 28, of Stradishall, Suffolk, was arrested in October over charges which include allegations he hacked the US Department of Energy (DoE) computers. A report says personal information on 104,000 people could have been taken. It says dealing with the fall out of this cost $3.7m.
And the Gary McKinnon incident cost the U.S. another $2.1m to pay for staffing “to help correct the problems and deal with the aftermath.”
Read more on BBC.
What's a good set of Policies and Procedures worth?
I've drafted dozens of them, including the form set currently available from the Texas Medical Association. On average, I've probably charged around $5,000 to $10,000 for a worked-over set of policies (including adaption to the client's specific needs, assisting with risk analysis, adding in forms for BAAs and NoPPs, etc.). That's a lot of money for some clients, and many balk at a price tag that high.
But what is the set worth? If you're Adult & Pediatric Dermatology in Massachusetts, the number is $150,000. APDerm lost a flash drive with PHI on it: as far as anyone knows, nothing happened to the PHI. But, the loss triggered an OCR investigation, which uncovered that APDerm hadn't adopted policies and procedures. That failure triggered a $150,000 fine.
This statement in an OpEd in the Des Moines Register by Anthony Gaughan, associate professor of law at Drake University, gave me pause:
The greatest threat to your privacy is not posed by the NSA. It’s posed by hackers, thieves and corporations.
So what do you think is the single greatest threat to privacy?
“Da world, she change!” Keeping up is hard.
Orin Kerr points us to this interesting post by law professor Miriam Baer:
As I ready myself for teaching a new semester of Criminal Procedure I (often known as the “investigation” course, as opposed to the Crim Pro II “adjudication” course, which ostensibly covers everything from “bail to jail”), I cannot help but think how much the course — and my syllabus – has changed in the last year or so, and how much it is likely to change over the next 24 months.
Just two years ago, the discussion of whether police action constituted a “search” would have been answered primarily by asking whether the action intruded upon an individual’s “reasonable expectation of privacy.” Today, however, it would be unthinkable not to also ask whether the action interefered with the individual’s property rights.
A few years ago, if one taught the “third party doctrine,” one likely referred to it as an established yet disfavored doctrine that drew the ire of civil libertarians and privacy scholars, but whose implementation continued largely without challenge.
Read more on Prawfsblawg.
Do these actually work? Where can I find studies?
Sancheska Brown reports:
Immigration Minister Fred Mitchell said yesterday the Government is considering introducing a National Identification Card as well as charging persons who knowingly hire illegal immigrants in an effort to deal with the country’s long standing illegal migration problem.
Read more on Tribune242.
You don't need to know these facts, but infographics are relatively painless and addictive.
10 Amazing Facts About Google You Probably Didn’t Know