Apparently, this was a more significant “First” than I thought.
https://threatpost.com/en_us/blogs/hipaa-bares-its-teeth-43m-fine-privacy-violation-022311
HIPAA Bares Its Teeth: $4.3m Fine For Privacy Violation
The health care industry's toothless tiger finally bared its teeth, as the U.S. Department of Health and Human Services issued a $4.3 m fine to a Maryland health care provider for violations of the HIPAA Privacy Rule. The action is the first monetary fine issued since the Act was passed in 1996.
The U.S. Department of Health and Human Services (HHS) issued a Notice of Final Determination to Cignet Health care of Temple Hills, Maryland on February 4. The notice followed a finding by HHS's Office of Civil Rights that Cignet failed to provide 41 patients with copies of their medical records and for failing to respond to requests from HHS's Office of Civil Rights for information related to the complaints.
For my students (and everyone else)
http://www.makeuseof.com/tag/4-online-resources-prepare-death-digital-afterlife/
4 Online Resources To Prepare For Your Death & Digital Afterlife
… have you ever thought what happens to all your content when you die? Do your digital productions, no matter how large or small, represent a part of who you are? Is what you produce a part of the legacy you will leave behind after you’re gone?
To address these and other questions, writers Evan Carroll and John Romano have put together a website called The Digital Beyond, as well as another companion site for their book, Your Digital Afterlife.
Perhaps they read my Blog? Or at least listened to their users?
http://news.yahoo.com/s/zd/20110224/tc_zd/261049
Facebook Pulls Plug on 'Breakup Notifier' App
Facebook crushed the hearts of 3.6 million Facebook "stalkers" on Wednesday, when it suddenly disabled the popular tracking app, Breakup Notifier.
Three days after the launch of the app, which notifies Facebook users when a chosen friend changes his or her relationship status, the social network on Wednesday sent a vague e-mail (obtained by TechCrunch) to app creator Dan Loewenherz, a 24-year-old programmer in Beverly Hills, telling him it had disabled the app.
On Thursday, Facebook sent Loewenherz a second e-mail clarifying (sort of) why it had disabled the app the day before:
"Thanks for your inquiry. We apologize for any inconvenience or confusion - provided Breakup Notifier respects user privacy settings, the general concept of the app is fine from a policy perspective because it surfaces information that is readily available to people through their News Feed. However, your app unfortunately received very strong negative feedback from users, which is why it was detected and disabled by our automated systems. We are currently looking into your situation and will be in touch with more information when we can provide it." (emphasis added)
For my Information Assurance students – a “Full Employment Act”
http://www.databreaches.net/?p=16932
A Novel Data Security Law Proposed in Colorado
February 25, 2011 by admin
David Navetta discusses a proposed law in Colorado, HB 11-1225:
Regulation is achieved via the “carrot” or the “stick” (and sometimes both). This is true in the information security context as well. For example, to incentivize encryption of personal information, breach notice laws use a stick: those that fail to encrypt may have to provide notice to affected individuals in the event of a security breach. In the credit card breach context, a Washington state law provides banks with a stick (e.g. the right to seek fraud and reissuance expenses from breached merchants), but also provides those merchants with a shield to block that stick (e.g. validation of PCI compliance blocks a bank’s ability to recover). In HB 11-1225, Colorado state legislator, Dan Pabon, apparently wants to give the carrot a chance. In the process, I am told that part of the goal is to make Colorado the “Delaware” of data storage. Here is how it works.
Read more on InformationLawGroup.
[From the article:
Under HB 11-1225, if certain conditions are met (discussed below) a person or entity operating in Colorado that owns, licenses or maintains computerized data that includes “personal information” shall not be liable for civil damages resulting from a breach of data security due to its acts or omissions that are in good faith, and not grossly negligent or willful and wonton. So essentially, this would provide immunity from negligence claims. In order to receive this protection, two conditions must be satisfied:
(1) the breach must have been caused by an unauthorized third party, or an employee or agent acting outside the scope of his employment; and
(2) the person or entity must have been certified by a “qualified information technology auditor or assessor” as having used “best practices of data security and meeting information technology standards” established by an authorized state entity.
(Related)
Facebook Proposes 'Data Use' Policy To Replace 'Privacy Policy'
Facebook on Friday acknowledged what privacy advocates have been saying for years: Privacy policies are too difficult to understand.
"Our own privacy policy has been criticized as being '5830 words of legalese' and 'longer than the U.S. constitution -- without the amendments,' the company said in a blog post. "Okay, you're right. We agree that privacy policies can and should be more easily understood, and that inspired us to try something different."
… Toward that end, Facebook has re-imagined its privacy policy and presented the results for user comment.
… This isn't an official change however: Facebook's Privacy Policy continues to represent the company's official position.
… The company admits that is has "tried not to change the substance of the policy..."
And therein lies Facebook's problem: Neither its "Privacy Policy" nor its "Data Use Policy" includes an option for actual privacy, which is to say unidentified use.
"If you want to completely block applications from getting your information, you will need to turn off all Platform applications," the company explains. "This means that you will no longer be able to use any games, applications or Web sites." And even then, Facebook still knows who you are, unless you're violating the site's Terms of Service. Facebook requires that users submit accurate personal information.
Contrast this with a post by Alma Whitten, Google's director of privacy for products and engineering, on Friday describing how Google supports three modes of use: unidentified, pseudonymous and identified.
Facebook needs an anonymity policy.
For my Criminal Justice students. Maybe you do need to understand technology... I'm gonna write me one of those programs too! (Take “actual speed” minus “speed limit” and adjust “driving time” appropriately.)
Smart Phone Gets Driver Out of a Speeding Ticket
"Sahas Katta writes in Skattertech that a traffic cop pulled him over while driving home and gave him a speeding ticket but thanks to his Android, he ended up walking out of traffic court without having to pay a fine or adding a single point to his record. "I fortunately happened to have Google Tracks running when an officer cited me for speeding while heading back home from a friend's place," writes Katta. "The speed limit in the area was a mere 25 miles per hour and the cop's radar gun shockingly clocked me driving over 40 miles per hour." Once in court Katta asked the officer the last time he attended radar gun training, when the device was last calibrated, or the unit's model number — none of which the officer could answer. "I then presented my time stamped GPS data with details about my average moving speed and maximum speed during my short drive home. Both numbers were well within the posted speed limits," says Katta. "The judge took a moment and declared that I was not guilty, but he had an unusual statement that followed. To avoid any misinterpretations about his ruling, he chose to clarify his decision by citing the lack of evidence on the officer's part. He mentioned that he was not familiar enough with GPS technology to make a decision based on my evidence, but I can't help but imagine that it was an important factor.""
It's not a sale, it's a license. “Anything to squeeze more money out of this newfangled publishing thing...”
HarperCollins Wants Library EBooks to Self-Destruct After 26 Loans
"HarperCollins has decided to change their agreement with e-book distributor OverDrive [and other distributors, too]. They forced OverDrive, which is a main e-book distributor for libraries, to agree to terms so that HarperCollins e-books will only be licensed for checkout 26 times. Librarians have blown up over this, calling for a boycott of HarperCollins, breaking the DRM on e-books -- basically doing anything to let HarperCollins and other publishers know they consider this abuse."
Cory Doctorow, who wrote TFA, says:
"For the record, all of my HarperCollins ebooks are also available as DRM-free Creative Commons downloads. And as bad as HarperCollins' terms are, they're still better than Macmillan's, my US/Canadian publisher, who don't allow any library circulation of their ebook titles."
(Related) New tech, old argument. “Sure we have rock solid contracts with some (most?) of these services, but we need someone to blame for our incompetence.”
Music Execs Stressed Over Free Streaming
"At the Digital Music Forum East conference, held Thursday in New York, music industry watchers gathered to puzzle anew over the continuing decline in music sales. 'We have lost 20 million buyers in just five years,' said Russ Crupnick, a president at the analyst firm NPD Group who spoke at the conference. Moreover, only about 14 percent of buyers account for 56 percent of revenue for the recording industry. In years past, the blame was put on digital music piracy. At this year's conference, however, the focus was on free streaming Internet services, such as Pandora, MySpace, Spotify and even YouTube."
For the Techie Toolkit.
Eight Great Tools Windows Users Would Never Want To Miss
[One example:
Pandora Recovery allows you to find and recover recoverable deleted files from NTFS and FAT-formatted volumes. Pandora Recovery will scan your hard drive and build an index of existing and deleted files and directories (folders) on any logical drive of your computer with supported file format.