If
the public had been made aware of this breach, would the penalty have
been greater? Have they really been negotiating for 5 years?
From
HHS, this press release today about an incident that never appeared
in their public breach tool:
Parkview Health System, Inc. has agreed to settle potential
violations of the Health Insurance Portability and Accountability Act
of 1996 (HIPAA) Privacy Rule with the U.S. Department of Health and
Human Services Office for Civil Rights (OCR). Parkview will pay
$800,000 and adopt a corrective action plan to address deficiencies
in its HIPAA compliance program. Parkview is a nonprofit health care
system that provides community-based health care services to
individuals in northeast Indiana and northwest Ohio.
… On June 4, 2009,
Parkview employees, with notice that the physician was not at home,
left 71 cardboard boxes of these medical records unattended and
accessible to unauthorized persons on the driveway of the physician’s
home, within 20 feet of the public road and a short distance away
from a heavily trafficked public shopping venue.
I
think this should have happened sooner.
Jeanne
Price reports:
One of the most memorable privacy stories of 2013 involved Aaron’s
Rent-To-Own affiliates accused of spying on consumers who’d
rented computers with secret software. While federal charges against
Aaron’s Inc. were settled last year, that didn’t satisfy a pair
of Colorado attorneys who
were themselves clients of affiliate Aspen Way Enterprises in Fort
Collins. Yesterday the duo filed a lawsuit in Georgia federal court
that revealed just how deep the computer snooping went.
The case is based on the premise that rent-to-own doesn’t mean
right-to-spy. Details provided yesterday include a
statement from Herman
Gerel LLP of Atlanta, the firm representing attorney plaintiffs
Michael Peterson and Matthew Lyons. It stated that the spyware on
Peterson’s and Lyons’ computers was responsible for “remotely
capturing 4,702 screen shots, and 2,464 key log entries with
undetectable software. [Are
they saying they can't prove this software was on their computers?
Bob] The images and logs include attorney work product
and privileged communications regarding the lawyers’ clients in
2010 and 2011.”
Read
more on idRADAR.com
“We
don't like him. Let's kill him!” This is just legal babble...
This
morning the 2nd Circuit published
a redacted version of the long-sought Department of Justice OLC
memo that authorized
[Wrong word.
Bob] the killing of U.S. citizen, Anwar
al-Awlaki. We’ve got the entire 2nd Circuit opinion (full
text) and the OLC memo itself (full
text) available here on Just Security.
Survey,
but no link yet. Perhaps they just made up this “data?”
Fortinet
Reveals “Internet of Things: Connected Home” Survey Results
…
Completed in June 2014, the survey asked 1,801 tech-savvy homeowners
questions relating to the Internet of Things as it pertains to the
connected home. These were [some
of] the top findings:
Homeowners are concerned about data breaches
Privacy and trust are concerns
Data privacy is an extremely sensitive issue
Homeowners are willing to pay for a connected home
It's
called “Traffic Analysis” and it shows much more than they
mention here. Should be a good paper to point my Cryptography
students to.
Jeremy
Kirk reports:
Analyzing encrypted Web traffic can potentially reveal highly
sensitive information such as medical conditions and sexual
orientation, according to a research paper that forecasts how privacy
on the Internet may erode.
In a paper titled “I
Know Why You Went to the Clinic,” researchers show that by
observing encrypted Web traffic and identifying patterns, it is
possible to know what pages a person has visited on a website, giving
clues to their personal life. The paper will be presented July 16 at
the Privacy-Enhancing Technology Forum in Amsterdam.
Read
more on Computerworld.
Why?
What governmental projects are aided by this? None apparently, so
why do it?
David
Heinzmann reports:
The curled metal fixtures set to go up on a handful of Michigan
Avenue light poles later this summer may look like delicate pieces of
sculpture, but researchers say they’ll provide a big step forward
in the way Chicago understands itself by observing the city’s
people and surroundings.
The smooth, perforated sheaths of metal are decorative, but their job
is to protect and conceal a system of data-collection sensors
that will measure air quality, light intensity, sound volume, heat,
precipitation and wind. The sensors will also count people by
measuring wireless signals on mobile devices.
Read
more on the Chicago
Tribune.
[From
the article:
Researchers
have dubbed their effort the "Array of Things" project.
Gathering and publishing such a broad swath of data will
give scientists the tools [It might point out what tools are needed,
but data are not tools. Bob] to make Chicago a safer,
more efficient and cleaner place to live, said Catlett, director of
the Urban Center for Computation and Data, part of a joint initiative
between the University of Chicago and Argonne National Laboratory,
near Lemont.
The
novelty of a permanent data collection infrastructure may also give
Chicago a competitive advantage in attracting technological research,
researchers contend.
…
Data-hungry researchers are unabashedly enthusiastic about the
project, but some experts said that the system's flexibility and
planned partnerships with industry beg to be closely monitored.
Questions include whether the sensors are gathering too much personal
information about people who may be passing by without giving a
second thought to the amount of data that their movements — and the
signals from their smartphones — may be giving off.
…
City officials don't have
firm expectations about what the data may yield [I thought not...
Bob] but share researchers' desire to push "Chicago
as a test bed of urban analytical research," said Brenna Berman,
the city's commissioner of information and technology.
Interesting.
A change to the training we need to give our Criminal Justice
students. However, searching for social media should be simple.
Social
media 'at least half' of calls passed to front-line police
Chief
Constable Alex Marshall, head of the College of Policing, said the
number of crimes arising from social media represented "a real
problem".
He
said it was a particular problem for officers who deal with low-level
crimes.
About
6,000 officers were being trained to deal with online offences, he
said.
He
said the police and public were still trying to understand when
online insults became a crime.
Mr
Marshall told BBC Radio 4's Law in Action: "As people have moved
their shopping online and their communications online, they've also
moved their insults, their abuse and their threats online, so I see
that it won't be long before pretty much every investigation that the
police conduct will have an online element to it.
…
Currently, online crimes
are recorded under traditional headings such as harassment or threats
to kill and not as a cybercrime, so each record is
required to be read individually to ascertain if the crime originated
on social media.
Mr
Marshall said because of that, the force was missing out on
information.
The
College of Policing was currently carrying out research to quantify
how many crimes actually originate on social media, he said, and was
expecting the results in the next couple of months.
(Related)
Can they do this? How will they enforce this ban? Can police in
San Francisco detect “bad App-ers” in real time and ticket their
cars?
San
Francisco bans parking space app
Parking
is a huge problem in the city and Rome-based start-up MonkeyParking
thought it had come up with a solution.
The
app lets users auction off public parking spaces that they are using
and wait for the buyer to arrive before pulling out.
But
the city says it is illegal to auction off public land and has
threatened to fine anyone doing so.
San
Francisco lawyer Dennis Herrera sent a cease-and-desist order to
MonkeyParking and has also asked Apple to remove it from the app
store for violating local law.
…
He said that the company would be subject to fines of up to $2,500
(£1,470) per violation and it has been given until 11 July to stop
operating in the city. Users of the app would also be subject to a
$300 fine.
How
do I explain this to my Computer Forensics students? There are
limits to a “temporary overseize.”
Orin
Kerr writes:
I blogged
last week about the Second Circuit’s important decision in
United
States v. Ganias, on the ‘right to delete’ seized
computer files. A prosecutor I know sent me a thoughtful e-mail
responding to the decision. I asked the prosecutor if I could post
the e-mail (as it was intended just for me), and I received that
permission.
Read
the email and Orin’s comments on it on WaPo
The Volokh Conspiracy.
...for
some values of “work.”
Daniel
Barth-Jones writes:
In a FierceBigData article
which ran last Wednesday, Pam Baker posed some compelling questions
regarding a recent
“Big Data and Innovation, Setting the Record
Straight:De-identification Does Work” whitepaper (.pdf)
released by Ann Cavoukian, the Ontario information and privacy
commissioner, and Daniel Castro, Information Technology and
Innovation Foundation Senior Analyst. Of these, the most salient
question was also the simplest: “Does de-identification work or
not?”
How we answer this question really boils down to whether we will
define de-identification as “working” only if it provides
absolute privacy guarantees. Or whether, as we do with many other
areas of life (like door locks, seatbelts and other protections), we
accept a dramatic reduction from the original risks (without the
protection in place) as being worthwhile.
Read
more on FierceBigData.
I
love the little insights in these articles.
Make
Customers Want to Buy Offline
Showrooming,
once a worry primarily for consumer electronics retailers, is
expanding into markets we might have thought exempt. Today we can
investigate everything from cars to books to groceries in person and
then
proceed to order them online, often with greater ease and
significant savings.
Chalk
this up to the efficiency of digital retailers, who’ve
systematically dismantled every obstacle to online shopping.
Shipping is fast and cheap, returns are a snap, and customer service
is often better than what you find in a store. Price
competition these days is a guaranteed losing strategy, especially
with Amazon, whose long cash floats and high inventory turnover allow
them to stay profitable even
with no margin. [Obvious,
in retrospect. Bob] Stores like Best Buy and Walmart
once seemed unstoppable as they displaced independent retailers; now
the Goliath has become David.
…
Not every retail environment can be a community center, of course,
but the demand for such spaces is huge and unmet, and there are
endless ways to build community — even in surprising environments,
like financial institutions. Since its “Slow Banking” redesign
in 2003, Oregon-based Umpqua
Bank has provided ample seating, free coffee, and wifi to its
customers, and offered up its branches for meetings, workshops, and
concerts. In that time, it’s grown from less than 70 branches to
nearly 400, becoming the largest regional bank in the Western US.
Getting
the pro-noun-say-shun just perfect.
'Why-Fi'
or 'Wiffy'? How Americans Pronounce Common Tech Terms
Okay,
once and for all: Is it "gif" or "jif"?
EBay
Deals, which runs a blog, decided to find out. Its team surveyed
1,100 people—U.S. residents, ranging in age from 18 to 45—asking
them about the terms they use to describe some of the most common
objects and actions of digital life.
No comments:
Post a Comment