Monday, March 28, 2011

Well here's a surprise...

http://www.databreaches.net/?p=17235

McAfee and SAIC survey: Companies pick and choose which data breaches to report

March 28, 2011 by admin

Ellen Messmer reports:

One in 7 information technology companies have not reported data breaches or losses to outside government agencies, authorities or stockholders.

In addition, only 3 out of 10 said they report all data breaches and losses suffered related to intellectual property, while 1 in 10 organizations will only report data breaches and losses that they are legally obliged to report, and no more. Six in 10 said they currently “pick and choose” the breaches and losses of sensitive data they decide to report, “depending on how they feel about them.”

Those were some of the key findings from a McAfee and Science Applications International Corp. (SAIC) survey that queried 1,000 technology managers in the U.S., United Kingdom, Japan, China, India, Brazil and the Middle East on questions about intellectual property and security.

Read more on Network World.

Figure 3 of the report is interesting, as it shows that for U.S. respondents, 60% say that they report all breaches unless they’re small or insignificant, while 40% say that they report all breaches. In a way, that’s better than what I expected to see, although there aren’t details on how many people were approached for the survey and what percent responded, etc. The contrast between the U.S. responses and the U.K. responses is readily apparent: over a third of UK respondents note that they do not report breaches unless legally obligated to do so or they feel obligated to do so. Japan reported the greatest notification/disclosure rate, exceeding the U.S. for reporting all breaches, regardless of size.

Related: McAfee and SAIC’s press release on the study.

Related: Download the study, “Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency,” at McAfee.



Why a big report on the Privacy implications of what is essentially a broadcast notification system? So they can repeatedly state that they do not request or record PII. Because apparently when they go “into the Cloud” they no longer control the information gathering.

http://www.bespacific.com/mt/archives/026847.html

March 27, 2011

Privacy Impact Assessment for the Use of Unidirectional Social Media Applications Communications and Outreach

Privacy Impact Assessment for the Use of Unidirectional Social Media Applications Communications and Outreach, March 8, 2011. Kathleen McShea Director of New Media and Web Communications, Office of Public Affairs, Department of Homeland Security

  • "Unidirectional social media applications encompass a range of applications, often referred to as applets or widgets, that allow users to view relevant, real-time content from predetermined sources. The Department of Homeland Security (DHS or Department) intends to use unidirectional social media tools including desktop widgets, mobile apps, podcasts, audio and video streams, Short Message Service (SMS) texting, and Really Simple Syndication (RSS) feeds, among others, for external relations (communications and outreach) and to disseminate timely content to the public about DHS initiatives, public safety, and other official activities and one-way notifications. These dynamic communication tools broaden the Department’s ability to disseminate content and provide the public multiple channels to receive and view content. The public will continue to have the option of obtaining comparable content and services through the Department’s official websites and other official means. This Privacy Impact Assessment (PIA) analyzes the Department’s use of unidirectional social media applications."

[From the report:

Risk: There is a risk that public users will not understand that the unidirectional social media tools may be third party owned and that the privacy policies belong to the third party.



One goal is to make the records available for research (e.g. any health impact from new drugs)

http://www.bespacific.com/mt/archives/026843.html

March 27, 2011

Federal Health Information Technology Strategic Plan 2011 – 2015

Office of the National Coordinator for Health Information Technology (ONC), Federal Health Information Technology Strategic Plan 2011 – 2015

  • "It has been a momentous time for health care. With two major pieces of legislation – first the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of the American Recovery and Reinvestment Act (ARRA), and then the Patient Protection and Affordable Care Act as amended by the Health Care and Education Reconciliation Act of 2010 (referred to collectively as the Affordable Care Act) – Congress has given the country an unprecedented opportunity to modernize the way care is delivered, [Actually, it seems to have nothing to do with “care,” just improving record keeping. Bob] and improve the health of all Americans."



An Infographic for my students.

http://mediacaffeine.com/network/television-makes-us-miss-opportunities/

Television Makes Us Miss Opportunities


No comments: