Monday, June 23, 2008

...because...

http://www.pogowasright.org/article.php?story=20080623070247587

Data “Dysprotection:” breaches reported last week

Monday, June 23 2008 @ 07:02 AM EDT Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



“Yeah, it's a problem, we just have no idea what to do about it.”

http://www.phiprivacy.net/?p=489

Jun-22-2008

Agency Sees Theft Risk for ID Card in Medicare

Robert Pear of the NY Times reports:

Social Security officials, concerned about the risk of identity theft, are calling for immediate action to remove Social Security numbers from the Medicare cards used by millions of Americans.

But Medicare officials have resisted the proposal, saying it would be costly and impractical.

[...]

Read the full story in NY Times



Not exactly e-discovery, but useful background information?

http://www.pogowasright.org/article.php?story=20080622141447914

Judges angry at Ottawa for mining personal tax information in labour dispute

Sunday, June 22 2008 @ 02:13 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

The Conservative government is facing criticism for using the personal income-tax information of more than 500 sitting federal judges during salary negotiations.

The lawyer who acted as counsel for the judges says the tactic may have violated their privacy and threatens the independence of the judiciary.

Source - Canadian Press



Tools & Techniques Give someone a tool and they'll find a way to mis-use it.

http://www.pogowasright.org/article.php?story=20080623070808509

UK: Councils Told: Stop Spying On The Public

Monday, June 23 2008 @ 07:08 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Bosses have been warned by the head of the Local Government Association (LGA) that they risk alienating the public for so-called snooping.

They may also be stripped of the right to use spying methods.

Source - Sky News



For your CPO So who is right?

http://www.pogowasright.org/article.php?story=2008062306464189

What Privacy Policy?

Monday, June 23 2008 @ 06:46 AM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Want to know how well a company protects its customers' data? Don't talk to its security and compliance officers. Instead, try its marketing department.

A study released Monday by the privacy-focused Ponemon Institute and funded by e-mail marketing firm Strongmail reveals a disturbing disconnect in companies between the executives tasked with protecting customer data and marketing departments, which use the data for advertising purposes or share it with third parties.

Source - Forbes

From StrongMail's press release, key findings:

  • 75% of privacy professionals believe their organization limits the customer information that is shared with third parties vs. 40% of marketers

  • 59% of marketers reported that a data breach resulted in the loss of potential customers, and 56% reported a corresponding loss in existing customers

  • 72% of marketers who outsource email marketing reported a data breach vs. 56% of marketers from the general survey population

  • Only 44% of marketers believe that they are compliant with CAN-SPAM vs. 83% of privacy professionals

Paper available for download at StrongMail



For your security manager

http://www.pogowasright.org/article.php?story=20080623071325665

An Analysis of PRC's “Chronology of Data Breaches” and Implications for Information Security Professionals

Monday, June 23 2008 @ 07:13 AM EDT Contributed by: PrivacyNews News Section: Breaches

... The first part of this article will present an analysis of information derived from the [Privacy Rights] Clearinghouse database; a second article, to be published in a few weeks, will attempt to extract conclusions from this analysis.

Source - BlogInfoSec.com

Related - The Identity Theft Resource Center provides breach reports for each year plus statistical analyses.

Related - The Attrition.org: DLDOS database of breaches can be statistically analyzed via Etiolated.org

Related analyses of 2007 and 2006 data from Chronicles of Dissent:

Looking at 2007’s data breaches in perspective
Second look: What kind of year was 2007 in terms of data breaches?
2007 vs. 2006 breaches: thefts, loss, and hacks


Ditto

http://www.pogowasright.org/article.php?story=20080623074319642

New Javelin Research Pinpoints How Institutions Should Respond to Data Breaches

Monday, June 23 2008 @ 07:43 AM EDT Contributed by: PrivacyNews News Section: Breaches

Javelin Strategy & Research announced today results from a new study covering data breach victims, which highlights the acute awareness among consumers about data security and the significant implications security breaches represent to businesses once consumer trust is compromised.

Source - Forbes

From Javelin's press release, key findings:from their survey of breach victims:

  • 55% of consumers experiencing a security breach expressed diminished confidence in the breached organization's ability to protect and mange their personal data.

  • Data breach victims (56%) favor a solution that prevents fraud and although there are several solutions available, Javelin identifies the benefits of contacting the consumer, creating an audit trail that law enforcement can utilize, preserving the consumer's privacy and proving it works.

  • Providing a fraud protection solution makes a tremendous difference in customer approval of the breached organization's management and handling of the incident. Javelin data shows that 55% of breach victims that were offered a fraud protection solution were more satisfied with the institution's handling of the incident, compared to those consumers who were not offered anything.

A free copy of the research is available at www.debix.com/javelin

Related - On July 15th at 10:00am PDT, Javelin plans to present its findings during an educational webinar that will be open to the public, titled: When a Data Breach Occurs, What Do Consumers Expect? Sponsor and co-presenter, Debix, will present its Identity Protection Network, which focuses on building solutions that prevent identity theft and publishing metrics to prove their solution works. Registration for the webinar can be found at: https://www1.gotomeeting.com/register/254276431


Ditto

http://www.infoworld.com/article/08/06/23/Liberty_releases_guidelines_for_data_management_handling-IDGNS_1.html?source=rss&url=http://www.infoworld.com/article/08/06/23/Liberty_releases_guidelines_for_data_management_handling-IDGNS_1.html

Liberty releases guidelines for data management, handling

Pair of frameworks help businesses safeguard sensitive data

By Jeremy Kirk, IDG News Service June 23, 2008

... The Identity Governance Framework (IGF) is an XML (Extensible Markup Language) schema that lets organizations set rules for specific types of data, Sullivan said. For example, the schema can be modified to tell a particular application to erase a certain type of personal data after 24 hours if it is no longer needed.

The schema can also define the rules under which one application is allowed to access information in another, or under what circumstances the information can be shared, Sullivan said. If data is lost, the schema can be set so the application displays a warning message of what to do and who to call.

Liberty also released the Identity Assurance Framework (IAF), a program by which businesses can get certified that they are qualified to handle data at varying levels of sensitivity.

The framework has four "assurance" levels, Sullivan said. The idea is that an external consultant can certify a business as complying with the framework at a certain level. The certification will act as a confidence-builder for another business that wants to enter into an arrangement where the two exchange data.

... The IAF is available for download here and the IGF is here.



You gotta admit these folks are creative.

http://torrentfreak.com/mpaa-says-it-doesnt-need-evidence-to-convict-pirates-080621/

MPAA Says It Doesn’t Need Evidence to Convict Pirates

Written by Ernesto on June 21, 2008

Only a few weeks ago, a University of Washington study showed showed how inaccurate the MPAA and RIAA’s evidence gathering techniques are. Now, instead of improving their pirate chasing tactics, the MPAA simply claims they don’t need any evidence to bankrupt “alleged” copyright infringers.

Threat Level reports that the MPAA now argues that it has the right to demand up to $150,000 in damages per illegally downloaded file, without having to proof that someone actually downloaded that file.

... In a brief submitted this Friday, as part of the ongoing “making available” debate in the Jammie Thomas case, Van Uitert writes:

“It is often very difficult, and in some cases, impossible, to provide such direct proof when confronting modern forms of copyright infringement, whether over P2P networks or otherwise; understandably, copyright infringers typically do not keep records of infringement.”



Just in case you think you can walk around anonymously..

http://www.nytimes.com/2008/06/22/technology/22proto.html?ex=1371787200&en=493d699accb3d69a&ei=5124&partner=digg&exprod=digg

Predicting Where You’ll Go and What You’ll Like

By MICHAEL FITZGERALD Published: June 22, 2008

... Sense’s models were developed initially from sources like taxicab companies that let it look at location data over such a period. Sense also uses publicly available data, like weather information, and other nonpublic sources that it would not disclose. “We had three-quarters of a billion data points from just one city,” Mr. Skibiski says.

... The Macrosense tool lets companies engage in “reality mining,” a phrase coined by Sandy Pentland, an M.I.T. researcher who was also a co-founder of Sense and now advises it on privacy issues.

... His original idea in 2002 was to pay people for their data, but a formula for doing so proved too complicated.

Instead, Sense decided to trade services for data. On the same day it released Macrosense, it announced a new software package called Citysense, which uses location data to show where people are going, say, for nightlife, and maps their activity. Consumers who have iPhones or BlackBerrys can sign up for the service, which does not ask for personal information. Over time, the software will learn their patterns [So it must be able to uniquely identify the “customer” Bob] and recommend places they might like to go, or show them where other people with similar patterns are going. If they want to purge their data, [another clear indication that the data can be identified as theirs... Bob] they can do so at any time.



For all those managers who think encryption is too costly or too complex...

http://yro.slashdot.org/article.pl?sid=08/06/22/1438234&from=rss

SSL Encryption Coming To The Pirate Bay

Posted by Soulskill on Sunday June 22, @11:20AM from the privacy-arms-race dept. Privacy Encryption The Internet

An anonymous reader writes

"The Pirate Bay, in response to Sweden's new wiretapping law, will start offering SSL encryption to its user base this week. Although copyright issues really have little to do with national security, The Pirate Bay knows its population is uneasy with the recent legal change. The encryption will mostly benefit Swedish users living under the current law. Since The Pirate Bay and its servers are not hosted in Sweden, the additional security offered to outside users could be comparatively minimal."



I wonder which party has the most geeks?

http://news.slashdot.org/article.pl?sid=08/06/22/1534234&from=rss

Blogger Launches 'Google Bomb' At McCain

Posted by Soulskill on Sunday June 22, @12:22PM from the everyone-needs-a-hobby dept. Google Republicans The Media Politics

hhavensteincw writes

"A liberal blogger has launched a 'Google bomb' project aimed at boosting Google search results for nine news articles showing Sen. John McCain in a negative light. The Computerworld article notes: 'Chris Bowers, managing editor of the progressive blog OpenLeft, is launching the Google bombs by encouraging bloggers to embed Web links to the nine news stories about McCain in their blogs, which helps raise their ranking in Google search results. Bowers is reprising a similar Google bombing effort he undertook in 2006 against 52 different congressional candidates. "Obviously, it is manipulating, but search engines are not public forums and unless you act to use them for your own benefit, your opponent's information is going to get out there," Bowers said.'"



No doubt we'll see this on CSI

http://science.slashdot.org/article.pl?sid=08/06/22/1245243&from=rss

Fingerprints Recoverable From Cleaned Metal

Posted by Soulskill on Sunday June 22, @09:19AM from the leaving-a-mark dept.

dstates points out a recent article from guardian.co.uk which discusses a new method by which to recover fingerprints from metal. The method relies on corrosion caused by sweat and other biological residues on the metal's surface. Quoting:

"The patterns of corrosion remain even after the surface has been cleaned, heated to 600C or even painted over. This means that traces of fingerprints stay on the metal long after the residue from a person's finger has gone. The chemical basis of the change is not yet clear, but [Dr. John Bond] believes it is corrosion by chloride ions from the salt in sweat. These produce lines of corrosion along the ridges of the fingerprint residue. When the metal is heated, for example in a bomb blast or when a gun is fired, the chemical reaction actually speeds up and makes the corrosion more pronounced."



For my web site class. Now you can convert those boring PowerPoints into boring Flash

http://www.killerstartups.com/Web-App-Tools/ispringsolutions-com-converting-powerpoint-to-flash/

iSpringSolutions.com - Converting PowerPoint To Flash

If you want to make your PowerPoint cards and projects even more dynamic you can convert them to flash. iSpring allows users to convert their PowerPoint projects into Flash in just one click. iSpring lets users convert their PowerPoint projects into Flash movies while containing the animation effects of the PowerPoint project: such as, diagrams, charts, graphs, slide masters, mouse driven animations, flash files, all slide transition effects and more.

http://www.ispringsolutions.com/

No comments: