Wednesday, March 11, 2015
The Privacy Foundation's http://www.law.du.edu/index.php/privacy-foundation next seminar (April 3rd) will discuss “Privacy Law and Data Brokers” (details should be on the website this week) Amazing how quickly congress jumps on the topics they select.
Markey, Blumenthal, Whitehouse and Franken Introduce Legislation to Ensure Transparency and Accountability in Data Broker Industry
Senators Edward J. Markey, Richard Blumenthal (D-Conn.), Sheldon Whitehouse (D-R.I.) and Al Franken (D-Minn.) introduced legislation to require accountability and transparency for data brokers who are collecting and selling personal and sensitive information about consumers. The Data Broker Accountability and Transparency Act (S. 668) will allow consumers to access and correct their information to help ensure maximum accuracy. The bill also provides consumers with the right to stop data brokers from using, sharing, or selling their personal information for marketing purposes. The legislation also empowers the Federal Trade Commission (FTC) to enforce the law and promulgate rules within one year, including rules necessary to establish a centralized website for consumers to view a list of covered data brokers and information regarding consumer rights.
“Data brokers seem to believe that there is no such thing as privacy,” said Senator Markey, a member of the Commerce, Science and Transportation Committee.
… A copy of the legislation can be found HERE.
Small but (unfortunately) typical. Size isn't too important, the bad guys can do this hundreds of times each year. The question is, would your employees know they were being phished?
Jim Schoettler reports that employees falling for a phishing scheme nearly cost the town almost $500,000:
A cyber hack last month at Orange Park City Hall cleared nearly $500,000 from the city’s bank account, but the theft was caught in time for a wire transfer to be reversed and security measures have been installed to prevent future thefts, [Also typical. Why are these being added now rather than before the breach? Bob] City Manager Jim Hanson said Tuesday.
Read more on Jacksonville.com
An interesting breach question. If PII is disclosed, should everyone be notified? That could be difficult if the only address they have is the primary insured.
Yesterday, my husband received a notification letter from Anthem about their massive data breach. I had forgotten that at one time, we had coverage through his employer. Our children and I were covered as his dependents.
And as I read what they sent him and looked at the AllClear ID signup web page, it dawned on me that Anthem does not appear to be directly notifying individuals whose SSN and DOB were in their database as dependents. In fact, if the former member of Anthem cannot or does not notify the formerly covered dependents, they may have no idea that they are at risk of identity theft.
[Much more follows Bob]
(Related) What is required?
If you’ve been meaning to get caught up with changes in state data breach notification laws, check out this article by Cynthia J. Larose of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
The article covers developments in New Jersey, Montana, Connecticut, Washington State, and New Mexico (where they’re still trying to get their first data breach notification law).
For my Ethical Hackers.
Tool Hijacks Accounts on Sites Using Facebook Login
The tool is called Reconnect, and was developed by Egor Homakov, a researcher with security auditing firm Sakurity. Reconnect works by exploiting cross-site request forgery (CSRF) issues impacting Facebook Login, which enables users to log-in to third-party websites via their Facebook accounts.
Essentially, the attack works by creating a link that when clicked on logs the victim out of their legitimate account and into a Facebook account under the control of the attacker.
An interesting question from my Business Intelligence students: Could someone “suggest” something negative (or positive) about a company that could significantly impact the stock price? Could that someone remain anonymous? (Think social media like my students did.)
Lumber Liquidators (LL), the embattled hardwood flooring retailer, is going on the offensive, lashing out at Wall Street traders and the news show "60 Minutes" for spreading "inaccurate allegations" about the safety of the company’s products, the FOX Business Network has learned.
In recent days, the company's sales representatives have been armed with scripts to address concerns from customers about a "60 Minutes" report that said the company’s products contain cancer-causing toxins. The Toano, Va.-based company denies the charge, and its scripts, read by customer service representatives, blame "hedge-fund short-sellers” with “trying to scare [their] customers with inaccurate allegations." Lumber Liquidators in these scripts also says "60 Minutes" has aired those allegations while ignoring data that shows the company’s products to be safe.
I wish I was teaching Computer Security this quarter. This would have been an excellent case study for a paper. Should “high government officials” determine what practices should be followed? Where was the IG during all this?
I suspect the 50,000 plus pages (Hardcopy? Really?) will never be released without massive redaction. Think of the Secretary of State in talks with Country A while making repeated calls to various people in Country B, their avowed enemy.
Hillary: Just Trust Me on This One
In her first public comments on a controversy involving her emails, former Secretary of State Hillary Clinton answered questions from the press for 20 minutes, but her response amounted to this: You've just got to trust me.
Clinton revealed that she had sent and received more than 62,320 emails from her private account. Of those, 30,490 she deemed work-related and turned over to the State Department. The other 31,830 she apparently deleted. The central question of the jousting match between Clinton and reporters was how she distinguished the personal emails from those relating to her official duties. Her explanation was simple: She decided.
… She said that even if she had used two devices or only a state.gov email address, she would still have made that decision. But that legalistic defense doesn't necessarily do much to quash her political problem. The question at the heart of the scandal is what might have been hiding in the emails that were not put in the public record—dealings with corporations, with aides, and with foreign heads of state, for example—that may be relevant to her duties as secretary or her presumed presidential bid.
… "I feel that I’ve taken unprecedented steps to provide these work-related emails," she added. [Never equate “legally required” with “unprecedented” Bob]
… "Looking back, it would’ve been better if I’d simply used a second email account and carried a second phone." Yet as recently as two weeks ago, she told journalist Kara Swisher that she carried two phones during at least part of her tenure as secretary of state. [I wonder where those emails are? Bob]
… On two questions, Clinton offered surprisingly blunt and unequivocal answers: She said there were no security breaches on her email server, and she said she did not email any classified information.
But seldom were Clinton's answers so straightforward and simple. Far from putting an end to questions, the press conference seemed to raise a whole new set of concerns.
If doctor-patient relationships become public record, can lawyer-client be far behind?
Marion Renault reports:
The patient who walked into Laraine Kurisko’s office had been to psychotherapy before, but hadn’t expected it to come up at a subsequent job interview. Fearing that a potential employer had seen her mental health records electronically, she came to Kurisko, an Edina psychologist who doesn’t use electronic records for patient data.
“She was shocked,” said Kurisko. “That’s why she came to see me.”
Kurisko is one in a coalition of Minnesota psychologists and social workers who are challenging a state mandate that, as of January, requires medical professionals to adopt computerized health records that are “interoperable,” that is, tied into a wider state medical database.
Going digital, they say, could not only expose sensitive patient information to a data breach, but also erode the patient-therapist trust integral to their work.
Read more on the Star Tribune.
I love it! “I have nothing to hide but my hide.”
Via Berin Szoka:
Some dismiss #privacy saying they have nothing to hide
I don’t accept that argument from anyone wearing clothes
It's good to be the biggest. Until the cry of “monopoly”
Google could be about to do a $1 billion deal that would solidify its domination of mobile advertising for years
Many people in the West will wake up this morning and scratch their heads in bewilderment at the news that Google may be about to pay $1 billion for India's InMobi.
They have never heard of InMobi.
That's a shame, because it is probably the single biggest mobile ad network company on the planet.
If Google bought it, it would solidify the search giant's domination of mobile advertising in an almost unassailable way. It would make Google No.1 for mobile ad revenues for years to come. Google's mobile ad business is already twice as big as its nearest competitor, Facebook, for instance.
It would probably attract the attention of regulators — and the complaints of Google's competitors — because Google's massive market share for mobile ads would be so overwhelming. Google already has 90% market share for search in some areas such as Europe. It is already the biggest mobile ad company on the planet, with revenues in the billions (the company doesn't break out its mobile sales numbers).
For my students.
11 Takeaways: 2014 State of Enterprise Social Marketing Report
In 2014, Forrester Consulting conducted research with the goal of uncovering how the world’s largest companies organize, plan, and execute social marketing efforts.
For the 2014 State of Enterprise Social Marketing Report, Forrester Consulting surveyed 160 senior leaders managing or overseeing digital or social marketing – Director, Vice-President or C-Level executive – at companies with revenue of $1 billion or more.
… Seventy-eight percent of companies place the responsibility of social marketing under a CMO, C-Level executive or an Executive/Vice President, and 69 percent of organizations are prioritizing social marketing based on the way it is organized and executed within their organization.
… With that, 69 percent of large companies are increasing staffing for social marketing in 2014.
… Social tactics are also growing! Nearly all, 98 percent of companies market on at least one major social network!
… At least 58 percent have plans to use a social network that they were not utilizing previously.
(Related) Good news for about 60% of my students, who are multilingual.
In multinational companies, social media may call for a multilingual approach.
One key positive of social media and social networking is that it encourages communication — whether seeking positive interactions with current or future customers or helping employees to work collaboratively in different departments or even different business units. But particularly among international organizations, there is one key drawback: language.
MIT Sloan Management Review's 2014 social business report identified an interesting paradox: While respondents from multinational companies indicated that social media often enabled their organizations to work more effectively across global boundaries, they indicated that it also introduced new problems. As it became easier to communicate with people using social media, the obstacles imposed by differing languages became more pronounced.
For the toolkit. Free and open source.
5 Clever Things You Can Do with HandBrake
Want to turn your DVDs and Blu-rays into media files you can watch on your computer? HandBrake can do just that — plus plenty more.
Rip a DVD or Blu-ray
Convert Videos for Use with iTunes and iOS Devices
Convert a Batch of Video Files at Once
Add Subtitles to a Movie File
Denoise a Video
Talk like Captain Kirk? Might help some of my students.
How Skype’s Star Trek Translator Works
Skype has been breaking down geographical barriers since its inception, but the new Skype Translator is set to break down language barriers, and fundamentally change the way people communicate across national borders. Imagine having a real-time conversation with someone on the other side of the planet who doesn’t speak a word of your language. For the first time ever, Skype Translator makes that possible.
For all my students and everyone else. Very handy!
A Guide to Google Tools – Tips & Tricks You Can’t Live Without
… The following is a comprehensive guide of tips, tricks and hacks that’ll help you make better use of Google services you use. Whether you’re a novice or a seasoned expert, you’re likely to find something here that you can add to your own productivity toolbox.