Wednesday, July 07, 2010

Some insight into the minds of management?

“We know nothing about security, so we only do something if we are forced to.”

“We never do anything based on risk. Saving a few bucks now is more important than avoiding huge costs in the future.”

“Passwords are adequate security.”

“We believe you have no idea how software works, so you will buy our BS about proprietary software being the only possible way to read data.”

http://www.databreaches.net/?p=12405

Hospital Explains its Breach Decisions

July 6, 2010 by admin

Joseph Goedert reports:

Lincoln Medical and Mental Health Center in Bronx, N.Y., recently notified 130,495 patients of a breach of their protected health information after seven CDs a business associate FedEx’d were lost (see story). In a statement to Health Data Management, the hospital, part of NYC Health and Hospitals Corp., explains why the data was not encrypted and free identity and credit protection services were not offered to affected patients.

Under the HIPAA security regulations, encryption is not a legal requirement but a suggested ‘addressable’ method of safeguarding electronic protected health information. Nevertheless, the Siemens CDs had been safeguarded using password protection. Moreover, in the very unlikely event that an unauthorized user managed to crack or bypass the password, that individual would need to know how to access and utilize Siemens’ proprietary software in order to view the information.

Read the rest of their rationale on Health Data Management



A first, but the e-book is a bit hard to read online (there is a print option for you tree killers)

http://www.pogowasright.org/?p=11997

UK: New rules for privacy online

July 7, 2010 by Dissent

Organisations that flout privacy online risk a double whammy of enforcement action by the Information Commissioner’s Office and the loss of trust from customers. In a major speech on privacy protection today, Christopher Graham, the Information Commissioner, appealed to businesses, charities and public bodies to be straight with consumers so that people know why their personal information is being collected, how it will be used and who else may end up seeing it.

Launching the Personal information online code of practice– the first guidance document of its kind – Christopher Graham said: “The benefits of the internet age are clear: the chance to make more contacts, quicker transactions and greater convenience. But there are risks too. A record of our online activity can reveal our most personal interests. Get privacy right and you will retain the trust and confidence of your customers and users; mislead consumers or collect information you don’t need and you are likely to diminish customer trust and face enforcement action from the ICO.”

Organisations that adhere to the good practice tips in the Code of Practice will enable consumers to make an informed choice about whether they sign up for a particular online service. Keeping out of date records or not holding personal information securely help nobody and could result in enforcement action.

Christopher Graham added: “Organisations must be transparent so that consumers can make online privacy choices and see how their information will be used. Individuals can take control by checking their privacy settings and being careful about the amount of personal details they post to social networking sites and elsewhere online.”

A guide for consumers is published alongside the Code giving advice on avoiding online scams, the importance of being cautious about who you are disclosing information to and using privacy settings effectively.

Source: Information Commissioner’s Office

[This PDF is easier to read: http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/pio_consultation_200912.pdf



This relates to some earlier “terms of use” and “privacy policy change” issues

http://www.pogowasright.org/?p=11992

Classmates.com Asks Judge To Dismiss Privacy Lawsuit, Claiming Info Was Public Before Policy Change

July 6, 2010 by Dissent

Wendy Davis reports:

Reunion site Classmates.com is asking a federal judge to dismiss a lawsuit alleging that the site violated users’ privacy by revising its default settings to make users’ information accessible via Facebook, iPhone apps, and other third-party services.

In a motion arguing that the case should be dismissed, Classmates.com says that users’ profile information was available to other Web users before its change in terms.

Read more on MediaPost.

[From the article:

Ferguson and Fahy allege that Classmates broke its contract with users by changing its privacy policy and default settings on an opt-out basis.

But the company contends that it didn't violate its contract with users because it said in its original privacy policy that it reserved the right to change its practices at any time.

Ferguson and Fahy counter that a clause allowing Classmates to change its privacy terms at will is not valid. "If Classmates has carte blanche to decide any day that is not bound by any of the contract provisions that comprise the privacy policy, then there is no contract -- it is completely illusory," they argue.



Let's hope this is not a model for the nation-wide health care record system

http://www.phiprivacy.net/?p=3019

R.I. ACLU sues state over rules governing medical records

By Dissent, July 6, 2010 11:07 am

Felice J. Freyer reports:

A suit filed [last] Tuesday alleges that newly adopted regulations fail to adequately protect patient privacy under the state’s developing system for exchanging electronic medical records.

The suit by the Rhode Island affiliate of the American Civil Liberties Union says that regulations developed by the state Department of Health are full of gaps that leave patients vulnerable.

The regulations govern the Health Information Exchange, a system that will enable doctors, hospitals, laboratories and pharmacies to easily access and exchange patient information.

Read more in the Providence Journal.

A copy of the complaint can be found on the ACLU’s web site, as can their press release.

[From the article:

The ACLU asserts that the regulations fail to spell out: the process by which patients or providers can learn that participation is voluntary; how patient confidentiality will be addressed; what the authorization form will look like; how the recipients of confidential information will be authenticated; and how one goes about terminating participation in the exchange.



There is a erason why this is described ans the electronic equivalent of “whack-a-mole”

http://yro.slashdot.org/story/10/07/06/1659255/US-Pirate-Movie-Site-DNS-Seizure-Fail?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

US Pirate Movie Site DNS Seizure Fail

Posted by timothy on Tuesday July 06, @01:40PM

"Last week, the US government in a highly publicized copyright protection frenzy took the extraordinary step of seizing domain names from foreign movie sites like NinjaVideo.net and TVshack.net. While the seizure raises confusing Internet legal / jurisdiction questions (the US and perhaps the state of Kentucky can seize domain names for foreign companies?), this study shows the legal issues may be moot — the raids mostly failed. Within hours of domain name seizure, tvshack.cc was back up and running (but this time using a Chinese registrar and a Cocos Islands ccTLD)."



Corporate cultures impact more than employees. We've already seen this in the newspaper industry (and RIAA, MPAA, etc.)

http://developers.slashdot.org/story/10/07/06/2140253/Microsoft-Out-of-Favor-With-Young-Hip-Developers?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Microsoft Out of Favor With Young, Hip Developers

Posted by kdawson on Tuesday July 06, @06:42PM

"Microsoft's failures with the KIN phone (only two months on the market, less than 10,000 phones sold) are well-known to this community. Now the NY Times goes farther, quoting Tim O'Reilly: 'Microsoft is totally off the radar of the cool, hip, cutting-edge software developers.' Microsoft has acknowledged that they have lost young developers to the lures of free software. 'We did not get access to kids as they were going through college,' acknowledged Bob Muglia, the president of Microsoft's business software group, in an interview last year. 'And then, when people, particularly younger people, wanted to build a start-up, and they were generally under-capitalized, the idea of buying Microsoft software was a really problematic idea for them.' Microsoft's program to seed start-ups with its software for free requires the fledgling companies to meet certain guidelines and jump through hoops to receive software — while its free competitors simply allow anyone to download products off a website with the click of a button."



I must have some students who would find this interesting...

http://news.slashdot.org/story/10/07/06/1853226/Quantum-Physics-For-Everybody?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Quantum Physics For Everybody

Posted by kdawson on Tuesday July 06, @05:11PM

fiziko writes in with a self-described "blatant self-promotion" of a worthwhile service for those wishing to go beyond Khan Academy physics: namely Bureau 42's Summer School.

"As those who subscribe to the 'Sci-Fi News' slashbox may know, Bureau 42 has launched its first Summer School. This year we're doing a nine-part series (every Monday in July and August) taking readers from high school physics to graduate level physics, with no particular mathematical background required. Follow the link for part 1."



Here's a simple service that could probably be done with free software by the author, but will likely find a home because many authors are too busy to spend time getting technical. Not free

http://www.killerstartups.com/Web20/publishgreen-com-turn-a-text-or-a-pdf-into-an-ebook

PublishGreen.com - Turn A Text Or A PDF Into An eBook

http://www.publishgreen.com/

Publish Green is a company that specializes in turning PDFs into eBooks. That is, through the site anybody can upload a PDF that he has created and have it instantly turned into a great-looking eBook that can be visualized using a device like an iPad, a Kindle or a Nook.

And there is more to it, as the eBook that you create like this can actually be distributed as widely as you want. You can have your pick from three different packages: distribution through Amazon, distribution through Amazon and Apple’s iBookstore, and a global distribution package that includes over 28 different resellers such as My Book Orders, Indigo Chapters, Infibeam and Bookstrand. You can earn 90 % to 100 % net royalties of these sales, too.

There are currently three different eBook formatting packages for you to choose from: “Basic”, “Advanced” and “Premium”. It is important to note that in each and every case the eBook formatting is done by a human editor - the conversion is never automated. The main difference between these packages lies in the number of formats that are actually supported, and the number of included revision cycles.



Ah Grammar. I knew him well, Horatio.

http://www.makeuseof.com/tag/free-online-grammar-resources/

The Best Free Online Grammar Resources

No comments: