Tuesday, January 22, 2008

We've been waiting for this one all week...

http://www.efluxmedia.com/news_GE_Money_Reports_650000_Customers_Data_Lost_13071.html

GE Money Reports 650,000 Customers’ Data Lost

By Dee Chisamera 16:30, January 21st 2008

GE Money representatives officially announced on Friday [No indication of unofficial announcements earlier, but their customers pointed a finger... Bob] that a backup tape containing the personal data of 650,000 customers has been reported missing since October2007 [No timeliness award for GE Bob] from an Iron Mountain storage facility. According to Iron Mountain representatives, no personal data appears to have been compromised so far, and this could just be a case of misplacement.



http://www.wjhg.com/home/headlines/13905507.html

Navy Works Identity Theft Case

Posted: 4:38 PM Jan 18, 2008 Last Updated: 4:38 PM Jan 18, 2008

The Naval Surface Warfare Center Dahlgren Division is contacting all current and former federal employees who worked at the Naval Bases in Dahlgren, Va., Silver Spring, Md., and Panama City, Fla., on or before July 7, 1994, to warn of potential identity theft and to urge them to contact their creditor bureaus in the wake of a reported attempt to illegally obtain a credit card using an employee’s personal information.

Four people have been arrested in Bensalem Township, Pa., on Jan. 5, 2008, for attempted identity fraud. They had in their possession two pages of a hard copy report dated July 7, 1994, containing personally identifiable information (PII) – names, social security numbers and dates of birth – of nearly 100 individuals with the last name beginning with “B.”

... Current employees were notified of the incident on Jan. 10 [If the first indication they had was the jan 5th arrest, this is pretty fast. Bob] through an All Hands e-mail and urged to take action to safeguard their identity. The message is currently posted to the NSWCDD internal website.



Because...

http://www.pogowasright.org/article.php?story=20080120185448306

Data “Dysprotection:” breaches reported last week

Monday, January 21 2008 @ 06:49 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



Is this the basis for a corporate model?

http://www.bespacific.com/mt/archives/017232.html

January 21, 2008

Department of Commerce Breach Notification Response Plan

Department of Commerce Breach Notification Response Plan, September 28, 2007 (21 pages, PDF)

  • This Plan identifies key Department officials who will serve on the Identity Theft Task Force (ID Theft Task Force) to develop strategies for handling data security breaches, including those incidents posing a potential risk of identity theft. In addition, the Plan specifies the responsibilities of the ID Theft Task Force, whose mission is to provide advance planning, guidance, in-depth analysis, and a recommended course of action in response to a data breach/loss. In the event of a data breach/loss declared by a Department Bureau/Office to be of moderate or high risk, the ID Theft Task Force will be convened promptly, conduct a risk analysis to validate the level of risk associated with the loss, review all relevant compensating controls in place to protect the data after the loss, determine whether the breach poses risks related to identity theft or other harms,3 and timely implement a risk-based, tailored response to
    each breach. As part of this process, the ID Theft Task Force will consider all existing compensating controls available to protect PII data after loss."



The Economics of Privacy (Can we extrapolate “damages” from this?)

http://www.pogowasright.org/article.php?story=20080121085551947

Paper: On the Value of Privacy from Telemarketing: Evidence from the 'Do Not Call' Registry

Monday, January 21 2008 @ 08:55 AM EST Contributed by: PrivacyNews News Section: Businesses & Privacy

Png, Ivan P.L., "On the Value of Privacy from Telemarketing: Evidence from the 'Do Not Call' Registry" (June 2007). Available at SSRN: http://ssrn.com/abstract=1000533

Abstract:

Despite tremendous debate and policy interest, there has been relatively little research into the issue of how much individuals value their privacy. In this paper, I estimate the demand for the value of privacy from telemarketing as provided by the federal "do not call" registry. From the demand curve, I compute two estimates of the household value of privacy: a lower bound of $3.22 per year, and a best estimate of $8.25 per year. The telemarketing industry must provide consumers with at least this much expected consumer surplus to persuade them not to conceal themselves through the "do not call" registry.

Source - SSRN (free full-text article available with free registration)

(Props, Docuticker)



The Economics of Privacy

http://it.slashdot.org/article.pl?sid=08/01/21/237248&from=rss

Why Privacy & Security Are Not a Zero-Sum Game

Posted by kdawson on Monday January 21, @08:17PM from the insert-ben-franklin-quote-here dept.

I Don't Believe in Imaginary Property writes "Ars Technica has up a nice article on why security consultant Ed Giorgio's statement that 'privacy and security are a zero-sum game' is wrong. The author reasons that, due to Metcalfe's law, the more valuable a government network is to the good guys, the more valuable it is to the bad guys. Given the trend in government to gather all of its eggs into one database, unless more attention is paid to privacy, we'll end up with neither security nor privacy. In other words, privacy and security are a positive-sum game with precarious trade-offs — you can trade a lot of privacy away for absolutely no gain in security, but you don't have to."


A bad example?

http://www.washingtonpost.com/wp-dyn/content/article/2008/01/17/AR2008011703279.html

DHS to Replace 'Duplicative' Anti-Terrorism Data Network

$90 Million System Aimed to Aid State, Local Agencies

By Spencer S. Hsu and Robert O'Harrow Jr. Washington Post Staff Writers Friday, January 18, 2008; Page A03

The Homeland Security Department spent more than $90 million to create a network for sharing sensitive anti-terrorism information with state and local governments that it has decided to replace, according to an internal department document.



Okay, when we said we wouldn't use the data you provided we really meant we wouldn't use it except for those time when we see some advantage to using it.” (Don't think of it as nagging, think of it as hundreds of helpful hints on each aisle!)

http://www.pogowasright.org/article.php?story=20080121065018500

Shoprite to link loyalty data to computerised carts

Monday, January 21 2008 @ 06:50 AM EST Contributed by: PrivacyNews News Section: Businesses & Privacy

MediaCart, Microsoft, and Wakefern have partnered to pilot MediaCart's next-generation computerised shopping carts for potential rollout to all ShopRite stores in the US. ... Microsoft's Atlas Division will provide video ad serving on the MediaCart grocery cart screen, providing advertisers with the opportunity to reach shoppers at the point of purchase, and providing ShopRite customers with a more personalised shopping experience. By using Microsoft technologies, MediaCart will enable anonymous ad targeting [They must mean the advertisers are anonymous, because I certainly won't be... Bob] through data obtained through ShopRite's customer loyalty card programme.

Source - TheWiseMarketer.com



When you care enough to steal from the very best... (Pay attention, web site students.)

http://digg.com/software/New_App_lets_you_Widgetize_Content_from_any_Website

New App lets you "Widgetize" Content from any Website

grid.orch8.net — New webapp lets you grab content from any website (even dynamic content) and turn it into a widget for your blog, embed it in your Netvibes / Pageflakes / iGoogle homepage, or create an OpenSocial app.

http://grid.orch8.net/clippings/grab

No comments: