A most interesting trend.
Ryan M. Martin of Winston & Strawn LLP writes:
The U.S. District Court for the Southern District of Illinois recently denied the retail grocery chain Schnuck Markets’ motion to dismiss various claims arising from a December 2012 data breach in which hackers gained access to Schnucks’ credit/debit card processing systems. By mid-March 2013, both customers’ banks and Schnucks’ own payment processor had notified Schnucks that the breach had resulted in fraudulent charges to customer cards.
Read more on Lexology.
So… Neiman Marcus. Flowers Hospital. Schnuck.
Do my eyes deceive me, or are we seeing a possible trend with data
breach lawsuits surviving motions to dismiss for lack of standing?
Of course, that doesn’t mean the plaintiffs will be able to prove
they suffered harm, but are courts becoming a tad more
plaintiff-friendly? We’ll have to watch and wait….
What has happened to “management?” One would
think senior management, the legal department and probably several
other business departments would be very interested in accurate
information. Why did they fail to deliver?
Fiat
Chrysler is in trouble again with the NHTSA
Fiat Chrysler Inc. is in hot water again with
regulators after under-reporting a “significant” amount of
deaths, injuries and legal claims, according to The
Financial Times.
The FT cited the National Highway Traffic Safety
Administration as saying Fiat
Chrysler had discovered “deficiencies” in the way it reports
faults.
(Related) “We don't need no stinking
laws/regulations/policies/procedures/management!”
Benjamin Krause writes:
VA OIG just reported that Palo Alto VA Health Care System unlawfully gave patient data to a private IT company despite employees not having cleared background checks.
The watchdog investigated allegations that the Palo Alto VA informatics chief entered into an illegal agreement with a health care company called Kyron.
VA OIG confirmed allegations that the patient data was given to Kyron prior to its employees getting background checks. It also confirmed that patient data was loaded into the Kyron’s extraction software prior to receiving approval from VA information security officers.
Read more on DisabledVeterans.org.
Another privacy trend. How useful/accurate are
they?
Apple debuted a new website on Tuesday aimed at
informing customers on how the company uses their data.
The company has been positioning itself as a
bastion of digital privacy as user data in the industry is
increasingly being shared with advertisers and, sometimes, law
enforcement.
“When you pay for groceries, message a friend,
track a workout, or share a photo, you shouldn’t have to worry
about your information falling into the wrong hands,” the company
says on the
website. “The personal data on your devices should be
protected and never shared without your permission.”
The website explains, at a level more granular
than many of its competitors, the privacy protections that Apple says
are built into its applications.
… Google has its
own website explaining how it uses user data.
For my Ethical Hacking students. You can't build
a full dossier without complete medical information.
Re-identification is just too damned easy
sometimes – and if your state is selling your “de-identified”
health information, don’t be reassured – be worried.
Here’s the abstract of a study by Latanya
Sweeney:
Alice goes to the hospital in the United States. Her doctor and health insurance company know the details ― and often, so does her state government. Thirty-three of the states that know those details do not keep the information to themselves or limit their sharing to researchers [1]. Instead, they give away or sell a version of this information, and often they’re legally required to do so. The states turn to you as a computer scientist, IT specialist, policy expert, consultant, or privacy officer and ask, are the data anonymous? Can anyone be identified? Chances are you have no idea whether real-world risks exist. Here is how I matched patient names to publicly available health data sold by Washington State, and how the state responded. Doing this kind of experiment helps improve data-sharing practices, reduce privacy risks, and encourage the development of better technological solutions.
Results summary: The State of Washington sells a patient-level health dataset for $50. This publicly available dataset contained virtually all hospitalizations occurring in the state in a given year, including patient demographics, diagnoses, procedures, attending physician, hospital, a summary of charges, and how the bill was paid. It did not contain patient names or addresses (only five-digit ZIPs, which are U.S. postal codes). Newspaper stories printed in the state for the same year that contain the word “hospitalized” often included a patient’s name and residential information and explained why the person was hospitalized, such as a vehicle accident or assault. A close analysis of four archival news sources focused on Washington State activities from a single searchable news repository studied uniquely and exactly matched medical records in the state database for 35 of the 81 news stories found in 2011 (or 43 percent), thereby putting names to patient records. An independent third party verified that all of the matches were correct. In response to the re-identification of patients in its data, Washington State changed its way of sharing these data to create three levels of access. Anyone can download tabular summaries. Anyone can pay $50 and complete a data-use agreement to receive a redacted version of the data. However, access to all the fields provided prior to this experiment are now limited to applicants who qualify through a review process.
Reference:
Sweeney L. Only You, Your Doctor, and Many Others
May Know. Technology Science. 2015092903. September 29,
2015. http://techscience.org/a/2015092903
The full paper is available for free download at
that url.
(Related)
Erika Morphy reports:
With little fanfare or formality, Adam Smith, associate professor of computer science and engineering in Penn State’s School of Electrical Engineering and Computer Science, and Vitaly Shmatikov, a professor at Cornell University, are going to try to tackle a looming issue that will, if it is not addressed, have consequences for just about anyone who has every used the Internet, sent an email, received medical attention or otherwise made his or her presence known on the Grid that is our online society.
Read more on Computerworld.
Perspective. “There's gold in them thar ads!”
Google’s
most expensive search keywords are for ambulance-chasing lawyers
Chances are, if you’ve watched television in the
US, you’ve seen myriad advertisements for local lawyers that want
to save you money after an injury—no win, no fee. Perhaps you’ve
even memorized their bizarre
jingles, or seen a program based
on their exploits. And it seems that the internet is no
different than television: Accident lawyers dominate the most
expensive keyword search terms on Google AdWords—the adverts that
pop up next to search results on Google.
… The report, which was released
last month, was created by WebpageFX, a digital marketing
company, and SEMrush, a digital marketing analytics firm. They found
that the vast majority of the most expensive keyword search terms
were for legal issues, most of which were localized to certain US
cities or states. The single most expensive paid search term so far
in 2015 is: “San Antonio car wreck attorney,” which costs
advertisers $670.44 every time a person searching on Google clicks on
that term.
Yes, but... Kind of a big but!
Andrew Crocker writes:
When it comes to the highest court in Massachusetts, it sometimes seems like entire battles are won and lost in the footnotes. In a seemingly straightforward new case, the Supreme Judicial Court has managed to add a wrinkle on top of the already complicated patchwork of law surrounding cell phone location tracking. The court’s opinion today in Commonwealth v. Estabrook sets out what it calls a “bright-line rule” and reaffirms that, in general, the Massachusetts constitution requires a warrant for tracking a person’s location using cell site location information (CSLI). That’s worth celebrating, but cynical readers who are already wondering about the “in general” in the previous sentence should take a look at footnote twelve in the opinion. Meanwhile, all readers should probably buckle in for a somewhat detailed tale of judicial incrementalism.
Read more on EFF.
[Footnote
12:
This exception to the warrant requirement for CSLI applies only to "telephone call" CSLI, which is at issue in this case, and not to "registration" CSLI. "Telephone call" CSLI indicates the "approximate physical location . . . of a cellular telephone only when a telephone call is made or received by that telephone. "Augustine, 467 Mass. at 258-259 (Gants, J., dissenting). By contrast, "registration" CSLI "provides the approximate physical location of a cellular telephone every seven seconds unless the telephone is 'powered off,' regardless of whether any telephone call is made to or from the telephone." Id . at 259 (Gants, J., dissenting).
Perspective. No answers here, only questions. I
still want to teach a drone piloting class.
1 Million
Drones Will Be Sold This Christmas, and the FAA Is Terrified
Any ideas what you'll be getting for the holidays?
According to the FAA, about 1 million of you will be getting drones,
whether that's a high-end quadcopter or low-end $20 knockoffs from
Walmart. Regardless, the FAA is very, very worried about what
happens when 1 million new aircraft enter the airspace.
Perspective. How the Internet of Things is
growing.
GE Predicts
Predix Platform Will Generate $6B In Revenue This Year
Like many big companies, GE
has been in the process of trying to reinvent itself, and Predix,
its Industrial Internet of Things platform has been a big part of
that.
Today, at its annual Minds
+ Machine conference in San Francisco, GE announced that the
Predix platform had grown into a big business with $5 billion in
revenues and $6 billion in orders expected this year.
The future of part-time work?
Amazon’s
new ‘Flex’ delivery scheme is like Uber for packages
Amazon has just launched an Uber-like delivery
system offering regular folks the chance to deliver packages using
their own cars for
$18 to $25 an hour.
… On Tuesday, the company unveiled the new
scheme, called Amazon Flex.
Flex works with Amazon’s super-speedy Prime Now
offering where customers can get one- and two-hour delivery on tens
of thousands of items, with drivers able to choose between two-,
four-, and eight-hour shifts. Besides a car, workers must also have
an Android phone for managing deliveries via the Flex app (no iOS
version yet), and pass a background check.
Something for everyone?
14
Effective Home & Self Defense Gadgets For Women Living Alone
This is useful! (Tweets for Twits!) Also
something for business (marketing) students.
Twitter Has
A 136-Page Handbook For Politicians' 140-Character Tweets
Twitter seems simple — just type in 140
characters and hit enter, right? But Twitter can be tough. Building
an audience. Keeping that audience. Finding a voice. Cutting
through all the chatter. It's a lot, especially if you're a busy
elected official.
Well, elected officials, fear not! Twitter itself
is here to help. NPR recently discovered that the social media giant
has a very special handbook just for people running for elected to
office. And it's 136 pages long.
The manual has been "wildly popular,"
said Bridget Coin, a manager on Twitter's Government and Elections
Partnership Team who helped put the manual together (see below for
more of our interview with her). "We don't want to make
assumptions. We want to make sure that people feel empowered with
the full story of what Twitter is."
No comments:
Post a Comment