The
Privacy Foundation's
http://www.law.du.edu/index.php/privacy-foundation
next seminar (April 3rd) will discuss “Privacy Law and
Data Brokers” (details should be on the website this week) Amazing
how quickly congress jumps on the topics they select.
Senators
Edward J. Markey, Richard Blumenthal (D-Conn.), Sheldon Whitehouse
(D-R.I.) and Al Franken (D-Minn.) introduced legislation to require
accountability and transparency for data brokers who are collecting
and selling personal and sensitive information about consumers. The
Data Broker Accountability and Transparency Act (S. 668)
will allow consumers to access and correct their information to help
ensure maximum accuracy. The bill also provides consumers with the
right to stop data brokers from using, sharing, or selling their
personal information for marketing purposes. The legislation also
empowers the Federal Trade Commission (FTC) to enforce the law and
promulgate rules within one year, including rules necessary to
establish a centralized website for consumers to view a list of
covered data brokers and information regarding consumer rights.
“Data
brokers seem to believe that there is no such thing as privacy,”
said Senator Markey, a member of the Commerce, Science and
Transportation Committee.
…
A copy of the legislation can be found HERE.
Small
but (unfortunately) typical. Size isn't too important, the bad guys
can do this hundreds of times each year. The question is, would your
employees know they were being phished?
Jim
Schoettler reports that employees falling for a phishing scheme
nearly cost the town almost $500,000:
A cyber hack last month at Orange
Park City Hall cleared nearly $500,000 from the city’s
bank account, but the theft was caught in time for a wire transfer to
be reversed and security
measures have been installed to prevent future thefts, [Also
typical. Why are these being added now rather than before the
breach? Bob] City Manager Jim Hanson said Tuesday.
Read
more on Jacksonville.com
An
interesting breach question. If PII is disclosed, should everyone be
notified? That could be difficult if the only address they have is
the primary insured.
Yesterday,
my husband received a notification letter from Anthem about their
massive data breach. I had forgotten that at one time, we had
coverage through his employer. Our children and I were covered as
his dependents.
And
as I read what they sent him and looked at the AllClear ID signup web
page, it dawned on me that Anthem does not appear to be directly
notifying individuals whose SSN and DOB were in their database as
dependents. In fact, if the former member of Anthem cannot or does
not notify the formerly covered dependents, they may have no idea
that they are at risk of identity theft.
[Much
more follows Bob]
(Related)
What is required?
If
you’ve been meaning to get caught up with changes in state data
breach notification laws, check out this
article by Cynthia J. Larose of Mintz, Levin, Cohn, Ferris,
Glovsky and Popeo, P.C.
The
article covers developments in New Jersey, Montana, Connecticut,
Washington State, and New Mexico (where they’re still trying to get
their first data breach notification law).
For
my Ethical Hackers.
Tool
Hijacks Accounts on Sites Using Facebook Login
The
tool is called Reconnect, and was developed by Egor Homakov, a
researcher with security auditing firm Sakurity. Reconnect works by
exploiting cross-site request forgery (CSRF) issues impacting
Facebook Login, which enables users to log-in to third-party websites
via their Facebook accounts.
Essentially,
the
attack works by creating a link that when clicked on logs the
victim out of their legitimate account and into a Facebook account
under the control of the attacker.
An
interesting question from my Business Intelligence students: Could
someone “suggest” something negative (or positive) about a
company that could significantly impact the stock price? Could that
someone remain anonymous? (Think social media like my students did.)
Lumber
Liquidators (LL),
the embattled hardwood flooring retailer, is going on the offensive,
lashing out at Wall Street traders and the news show "60
Minutes" for spreading "inaccurate allegations"
about the safety of the company’s products, the FOX Business
Network has learned.
In
recent days, the company's sales representatives have been armed with
scripts to address concerns from customers about a "60 Minutes"
report that said the company’s products contain cancer-causing
toxins. The Toano, Va.-based company denies the charge, and its
scripts, read by customer service representatives, blame "hedge-fund
short-sellers” with “trying to scare [their] customers with
inaccurate allegations." Lumber Liquidators in these scripts
also says "60 Minutes" has aired those allegations while
ignoring data that shows the company’s products to be safe.
I
wish I was teaching Computer Security this quarter. This would have
been an excellent case study for a paper. Should “high government
officials” determine what practices should be followed? Where was
the IG during all this?
I
suspect the 50,000 plus pages (Hardcopy? Really?) will never be
released without massive redaction. Think of the Secretary of State
in talks with Country A while making repeated calls to various people
in Country B, their avowed enemy.
Hillary:
Just Trust Me on This One
In
her first public comments on a controversy involving her emails,
former Secretary of State Hillary Clinton answered questions from the
press for 20 minutes, but her response amounted to this: You've just
got to trust me.
Clinton
revealed that she had sent and received more than 62,320 emails from
her private account. Of those, 30,490 she deemed work-related and
turned over to the State Department. The
other 31,830 she apparently deleted. The central question
of the jousting match between Clinton and reporters was how she
distinguished the personal emails from those relating to her official
duties. Her explanation was simple: She decided.
…
She said that even if she had used two devices or only a state.gov
email address, she would still have made that decision. But that
legalistic defense doesn't necessarily do much to quash her political
problem. The question at the heart of the scandal is what might have
been hiding in the emails that were not put in the public
record—dealings with corporations, with aides, and with foreign
heads of state, for example—that may be relevant to her duties as
secretary or her presumed presidential bid.
…
"I feel that I’ve taken unprecedented steps to provide these
work-related emails," she added. [Never
equate “legally required” with “unprecedented” Bob]
…
"Looking back, it would’ve been better if I’d simply used a
second email account and carried a second phone." Yet as
recently as two weeks ago, she
told journalist Kara Swisher that she carried two phones during
at least part of her tenure as secretary of state. [I
wonder where those emails are? Bob]
…
On two questions, Clinton offered surprisingly blunt and unequivocal
answers: She said there were no security breaches on her email
server, and she said she did not email any classified information.
But
seldom were Clinton's answers so straightforward and simple. Far
from putting an end to questions, the press conference seemed to
raise a whole new set of concerns.
If
doctor-patient relationships become public record, can lawyer-client
be far behind?
Marion
Renault reports:
The patient who walked into Laraine Kurisko’s office had been to
psychotherapy before, but hadn’t expected it to come up at a
subsequent job interview. Fearing that a potential employer had seen
her mental health records electronically, she came to Kurisko, an
Edina psychologist who doesn’t use electronic records for patient
data.
“She was shocked,” said Kurisko. “That’s why she came to see
me.”
Kurisko is one in a coalition of Minnesota psychologists and social
workers who are challenging a state mandate that, as of January,
requires medical professionals to adopt computerized health records
that are “interoperable,” that is, tied into a wider state
medical database.
Going digital, they say, could not only expose sensitive patient
information to a data breach, but also erode the patient-therapist
trust integral to their work.
Read
more on the Star
Tribune.
I
love it! “I have nothing to hide but my hide.”
Via
Berin
Szoka:
Some dismiss #privacy
saying they have nothing to hide
I don’t accept that argument from anyone wearing clothes
It's
good to be the biggest. Until the cry of “monopoly”
Google
could be about to do a $1 billion deal that would solidify its
domination of mobile advertising for years
Many
people in the West will wake up this morning and scratch their heads
in bewilderment at the news that Google
may be about to pay $1 billion for India's InMobi.
They
have never heard of InMobi.
That's
a shame, because it is probably the single biggest mobile ad network
company on the planet.
If
Google bought it, it would solidify the search giant's domination of
mobile advertising in an almost unassailable way. It would make
Google No.1 for mobile ad revenues for years to come. Google's
mobile ad business is already twice as big as its nearest competitor,
Facebook, for instance.
It
would probably attract the attention of regulators — and the
complaints of Google's competitors — because Google's massive
market share for mobile ads would be so overwhelming. Google already
has 90% market share for search in some areas such as Europe. It is
already the biggest mobile ad company on the planet, with revenues in
the billions (the company doesn't break out its mobile sales
numbers).
For
my students.
11
Takeaways: 2014 State of Enterprise Social Marketing Report
In
2014, Forrester Consulting conducted research with the goal of
uncovering how the world’s largest companies organize, plan, and
execute social marketing efforts.
For
the 2014
State of Enterprise Social Marketing Report, Forrester
Consulting surveyed 160 senior leaders managing or overseeing digital
or social marketing – Director, Vice-President or C-Level executive
– at companies with revenue of $1 billion or more.
…
Seventy-eight percent of companies place the responsibility of
social marketing under a CMO, C-Level executive or an Executive/Vice
President, and 69 percent of organizations are prioritizing social
marketing based on the way it is organized and executed within their
organization.
…
With that, 69 percent of large companies are increasing staffing for
social marketing in 2014.
…
Social tactics are also growing! Nearly all, 98 percent of
companies market on at least one major social network!
…
At least 58 percent have plans to use a social network that they
were not utilizing previously.
(Related)
Good news for about 60% of my students, who are multilingual.
In
multinational companies, social media may call for a multilingual
approach.
One
key positive of social media and social networking is that it
encourages communication — whether seeking positive
interactions with current or future customers or helping
employees to work collaboratively in different departments or
even different business units. But particularly among international
organizations, there is one key drawback: language.
MIT
Sloan Management Review's 2014
social business report identified an interesting paradox: While
respondents from multinational companies indicated that social media
often enabled their organizations to work more effectively across
global boundaries, they indicated that it also introduced new
problems. As it became easier to communicate with people using
social media, the obstacles imposed by differing languages became
more pronounced.
For
the toolkit. Free and open source.
5
Clever Things You Can Do with HandBrake
Want
to turn
your DVDs and Blu-rays into media files you can watch on your
computer? HandBrake can do just that — plus plenty more.
Rip a DVD or Blu-ray
Convert Videos for Use with iTunes and iOS Devices
Convert a Batch of Video Files at Once
Add Subtitles to a Movie File
Denoise a Video
Talk
like Captain Kirk? Might help some of my students.
How
Skype’s Star Trek Translator Works
Skype
has been breaking down geographical barriers since its inception, but
the new Skype
Translator is set to break down language barriers, and
fundamentally change the way people communicate across national
borders. Imagine having a real-time conversation with someone on the
other side of the planet who doesn’t speak a word of your language.
For the first time ever, Skype Translator makes that possible.
For
all my students and everyone else. Very handy!
A
Guide to Google Tools – Tips & Tricks You Can’t Live Without
…
The following is a comprehensive guide of tips, tricks and hacks
that’ll help you make better use of Google services you use.
Whether you’re a novice or a seasoned expert, you’re likely to
find something here that you can add to your own productivity
toolbox.
No comments:
Post a Comment