> Download the Executive Summary here
> Download the cyber risk exposure infographic here
More than two months after the chief executive of Jackson Health System promised an “aggressive internal investigation” into the unauthorized release of the medical chart for New York Giants pass rusher Jason Pierre-Paul — a possible violation of federal privacy laws — hospital officials have yet to explain how the breach occurred, who was responsible for the leak or what they are doing to prevent such incidents in the future.
In a spectacular failure of a “back door” designed to give law enforcement exclusive access to private places, hackers have made the “master keys” for Transportation Security Administration-recognized luggage locks available to anyone with a 3D printer.
The TSA-recognized luggage locks were a much-vaunted solution to a post-9/11 conundrum: how to let people lock their luggage, on the one hand, but let the TSA inspect it without resorting to bolt cutters, on the other.
When the locks were first introduced in 2003, TSA official Ken Lauterstein described them as part of the agency’s efforts to develop “practical solutions that contribute toward our goal of providing world-class security and world-class customer service.”
Now that they’ve been hacked, however, TSA says it doesn’t really care one way or another.
The Japanese Diet passed amendments to the Personal Information Protection Act on September 3, 2015, which will become effective within the next two years. While further details will be revealed in upcoming implementing regulations, several major changes, which are summarized below, are clear from the text of the statute. Companies doing business in Japan should take a close look at their privacy policies and personal data procedures in preparation for these changes.
More leeway to disclose anonymous data
“Anonymized” personal data – stripped of personal identifiers such as names and dates of birth – may now be transferred to third parties, including companies who would use the data for marketing purposes, without the subject’s consent. The disclosure must still be reported to the “Personal Information Protection Committee” (discussed further below), and must also be publicly announced. This is one of the few “pro-business” changes in the amendment, and will allow companies to use and sell “big data” about their customers, which was previously a gray area in Japanese data privacy law.