Friday, March 09, 2007

I like this! Lose information, get a specific set of required actions from the Privacy Commissioner! Probably costs more than a fine, and helps secure the data!

http://www.newswire.ca/en/releases/archive/March2007/08/c8227.html

Stolen laptop sparks Order by Commissioner Cavoukian requiring encryption of identifiable data: Identity Must be Protected

TORONTO, March 8 /CNW/ - Ontario Information and Privacy Commissioner Ann Cavoukian is ordering Toronto's Hospital for Sick Children (SickKids) to introduce a number of specific protections following the off-site theft of a laptop computer containing the personal health information of 2,900 patients of the hospital. The most notable measure required is the need to encrypt any personal data taken out of the hospital on a laptop or other remote computing device.

... The hospital must also develop and implement a hospital-wide endpoint electronic devices policy, applicable to both desktop and portable devices (laptops, PDAs), which mandates that any personal health information not stored on secure servers must either be de-identified or encrypted.

Going further, the Commissioner is telling all health information custodians in Ontario that they should never store any personal health information on their laptops or mobile computing devices unless they have taken strong steps (such as encryption) to ensure that the information is protected against unauthorized access, if the device is lost or stolen.

The Commissioner's health order is available at: www.ipc.on.ca.

[Go direct to the PDF: http://www.ipc.on.ca/images/Findings/up-1ho_004.pdf



Unspecified “costs,” but another way to “fine” the offender.

http://www.techworld.com/security/news/index.cfm?newsID=8204&pagtype=all

Outsourcer to pay over laptop theft

IT firm to cough up for security breach

Tash Shifrin, Computerworld UK 08 March 2007

IT services firm Serco has apologised and agreed to pay costs after one of its laptops, containing sensitive data on more than 16,000 Worcestershire council staff, was stolen.

... But in a report to the council’s cabinet, financial services director Mike Weaver confirms that the sensitive data should not have been kept on the laptop, describing the security breach as “regrettable and entirely avoidable.”

... The incident had resulted in unplanned costs “which in due course will be reimbursed by Serco,” the report confirms.



I make this $574 per person just for looking at a credit report. Now if TJX compromised 40 million...

http://www.allamericanpatriots.com/m-news+article+storyid-20688.html

New York Attorney General Cuomo Obtains Compensation For New Yorkers Whose Credit Reports Were Accessed Illegally

Posted by Patriot on 2007/3/8 7:48:31 New York

New York insurance company to pay $229,600 in compensation to nearly 400 consumers

NEW YORK, NY (March 7, 2007) - New York Attorney General Andrew M. Cuomo today announced a settlement affecting nearly 400 New York consumers whose credit reports were unlawfully accessed by an insurance company. Under the settlement, Administrators for the Professions, Inc. (AFP), a New York insurance company, is paying $229,600 in compensation to those consumers.



Another reiteration of the obvious?

http://www.ftc.gov/opa/2007/03/businessguidance_pii.htm

For Release: March 8, 2007

FTC Unveils Practical Suggestions for Businesses on Safeguarding Personal Information

The Federal Trade Commission is offering a new guide for businesses with practical suggestions on safeguarding sensitive data.

Protecting Personal Information: A Guide for Business,” available at www.ftc.gov/infosecurity, is built around five simple phrases:

TAKE STOCK. Know what personal information you have in your files and on your computers.

SCALE DOWN. Keep only what you need for business.

LOCK IT. Protect the information you keep.

PITCH IT. Properly dispose of what you no longer need.

PLAN AHEAD. Create a plan to respond to security incidents.

[Go direct to the PDF: http://www.ftc.gov/bcp/edu/pubs/business/privacy/bus69.pdf



Perspective

http://www.pogowasright.org/article.php?story=20070308174313247

Featured Story: Privacy's Other Path: Recovering the Law of Confidentiality

Thursday, March 08 2007 @ 05:43 PM CST - Contributed by: PrivacyNews - Other Privacy News

Editor's Note: Great thanks to Dan Solove for letting me know that he has a new article out. The entire article can be downloaded for free and addresses a fascinating question about the divergent development of American privacy law and English privacy law.

Abstract:

The familiar legend of privacy law holds that Samuel Warren and Louis Brandeis “invented” the right to privacy in 1890, and that William Prosser aided its development by recognizing four privacy torts in 1960. In this article, Professors Richards and Solove contend that Warren, Brandeis, and Prosser did not invent privacy law, but took it down a new path. Well before 1890, a considerable body of Anglo-American law protected confidentiality, which safeguards the information people share with others. Warren, Brandeis, and later Prosser turned away from the law of confidentiality to create a new conception of privacy based on the individual’s “inviolate personality.” English law, however, rejected Warren and Brandeis’s conception of privacy and developed a conception of privacy as confidentiality from the same sources used by Warren and Brandeis. Today, in contrast to the individualistic conception of privacy in American law, the English law of confidence recognizes and enforces expectations of trust within relationships. Richards and Solove explore how and why privacy law developed so differently in America and England. Understanding the origins and developments of privacy law’s divergent paths reveals that each body of law’s conception of privacy has much to teach the other.

Source - SSRN



Interesting combination of hardware, lottery and liquor...

http://lfpress.ca/newsstand/CityandRegion/2007/03/08/3713809-sun.html

Swiping licences called no threat to buyers' privacy

By CHINTA PUXLEY, CP

HAMILTON -- A new practice in which convenience store clerks will check ID by swiping driver's licences through a lottery terminal won't violate customer privacy as suggested by government officials, Ontario's privacy commissioner said yesterday.

... Called "We Expect ID," the system would require convenience store clerks to swipe ID through lottery terminals to verify a customer's age when buying alcohol, cigarettes, adult magazines, lottery tickets or fireworks.

... "(There are) really no privacy implications because no information is being stored," [but what an attractive target! Bob] Debra Grant, a senior health privacy specialist with the privacy commissioner's office said

"It's actually more privacy protective than someone examining the driver's licence and looking at all the personal information."

... McGuinty suggested the issue might pop up again should a new high-tech driver's licence be rolled out as an alternative to passports.



Those who have not considered the “Streisand Effect” [ http://en.wikipedia.org/wiki/Streisand_effect ] are doomed to experience it first hand.”

http://techdirt.com/articles/20070307/093346.shtml

Surprise: Attempt To Suppress Security Research Blows Up In Company's Face

from the instant-karma dept

The big story out of last week's Black Hat security conference was that HID Global, a maker of RFID-based door entry cards, managed to prevent a demonstration of how their products were vulnerable to cloning. What made their threats particularly odious was their claim that the presenters were somehow engaging in patent infringement by demonstrating the attack. More broadly, however, this kind of intimidation is almost always a mistake. It only made the company look like bullies with something to hide. It seems that the company may already be paying the consequences for its heavy-handed actions, as the DHS is said to now be examining the vulnerability further. HID Global is now backtracking, saying that it never intended to prevent the presentation from happening, although they don't seem to explain how everybody got that impression. Either way, any hope that the company had in keeping this threat quiet is now totally lost.



Can your computer be secure in this environment?

http://www.heise-security.co.uk/news/86429

Report of 08.03.2007 17:34

All Microsoft updates phone home

Possibly as a reaction to heise Security's report that Windows Genuine Advantage Notification sends back data to Redmond even when users choose to terminate its installation, a Microsoft developer using the pseudonym alexkoc has now posted an entry in the WGA blog. There he reveals that every update that flows through Windows Update at the very least informs Microsoft about whether the installation was successful or not.

In the Privacy Statement of Windows Update Microsoft grants itself fairly far-reaching rights.

See also:



Fun reading?

http://www.bespacific.com/mt/archives/014182.html

March 07, 2007

FBI Releases Annual Report to the Public

Press release: "The arm of the FBI that investigates financial crimes ranging from underground pyramid schemes to institutionalized fraud in the nation’s corporate suites has issued its annual report detailing the most prevalent types of schemes investigators tackled in 2006. The Financial Crimes Report to the Public is prepared each year by the Financial Crimes Section of the FBI's Criminal Investigative Division. The report, which covers a 12-month period ending September 30, 2006, explains in detail dozens of fraud schemes, tallies FBI accomplishments combating the crimes, and offers tips the public can use to protect itself."



Problems?

http://www.securityfocus.com/infocus/1889?ref=rss

Notes On Vista Forensics, Part One

Jamie Morris 2007-03-08

... What does BitLocker mean for forensic examiners? In a recent, and highly recommended, Cyberspeak podcast [ref 5] Jesse Kornblum talks in some detail about the impact of BitLocker and the growth in importance of memory analysis for first responders. In the discussion with the show's hosts which follows, the suggestion is made that now may be the time when memory capture (and subsequent analysis) becomes the accepted norm for forensic examiners when first approaching a suspect machine, rather than the more traditional option of "pulling the plug." Undoubtedly, BitLocker presents a challenge - after all, one of Microsoft's goals with BitLocker is to protect data even when the storage device has been removed from the user's physical control, a scenario not entirely dissimilar to lawful seizure!



Could be useful...

http://googleblog.blogspot.com/2007/03/coffee-talk-in-teachers-lounge.html

Coffee Talk in the Teachers' Lounge

3/08/2007 11:45:00 AM Cristin Frodella, Manager, Google K-12 Programs

Since we launched our resource for educators in October, many of you have been in touch with us. "Hey, Google," you've said, "Thanks for the site. Now how 'bout letting us talk to you--and more importantly, to each other?"

You wanted a place where you could send feedback, lesson ideas, and classroom activities, or just meet some of your fellow teachers. Ok, ok! We're good students. We know how to learn from the experts. Thanks to your input, we've created the Google for Educators discussion group. We invite you to visit the group today, to let us know your thoughts and to reach out to other folks in the world of classrooms and libraries. Help us understand how to make Google for Educators a more valuable tool for you—and share the kind of information that can help give students the best education possible.

Oh, and, while you're at it, why not give our site another visit? We've added tools, activities, classroom posters, and a new RSS feed to the Infinite Thinking Machine, a Google-sponsored blog written for teachers by teachers. We look forward to seeing you there.

Labels: Google for Educators



This could be most interesting. Apparently still in Beta and keeping a low profile...

http://www.adamap.com/adamap/2007/03/google_keyword_.html

Google Keyword Tool Showing Number of Previous Month's Searches

Just caught this development this morning.



Surprise! You could see this one coming from a mile away!

http://www.thesmokinggun.com/archive/years/2007/0307071palfrey1.html

Feds Seek To Gag D.C. Madam

Prosecutors fear leak of sensitive client, escort information

MARCH 7--Federal prosecutors want to gag an indicted former Washington, D.C. madam who has recently threatened to go public with details about her former customers.

... In their motion, a copy of which you'll find below, government lawyers claim that some discovery documents contain "personal information" about Palfrey's former johns and prostitutes that is "sensitive." The prosecution filing does not detail the nature of this confidential information,...

No comments: