So
would this automatically suggest negligence?
"Five years after the
disclosure of a serious vulnerability in the Domain Name System
dubbed the Kaminsky bug, only
a handful of U.S. ISPs, financial institutions or e-commerce
companies have deployed DNS Security Extensions (DNSSEC) to
alleviate this threat. In 2008, security researcher Dan Kaminsky
described a
major DNS flaw that made it possible for hackers to launch cache
poisoning attacks, where traffic is redirected from a legitimate
website to a fake one without the website operator or end user
knowing. While DNS software patches are available to help plug the
Kaminsky hole, experts agree that the best long-term fix is DNSSEC,
which uses digital signatures and public-key encryption to allow
websites to verify their domain names and corresponding IP addresses
and prevent man-in-the-middle attacks. Despite the promise of
DNSSEC, the number of U.S. corporations that
have deployed this added layer of security to their DNS server is
minuscule."
The
models for 'Best practices' or simply the 'Least Bad?' Most likely,
neither...
From their Executive Summary:
Ponemon
Institute’s Most Trusted Companies for Privacy Study is
an objective study that asks consumers to name and rate organizations
they believe are most committed to protecting the privacy of their
personal information. This annual study tracks consumers’ rankings
of organizations that collect and manage their personal information.
More than 100,000
adult-aged consumers were asked to name up to five companies they
believe to be the most trusted for protecting the privacy of their
personal information. Consumer responses were gathered over a
15-week period concluding in December 2012 and resulted in a final
sample of 6,704 respondents who, on average, provided 5.4 discernible
company ratings that represent 25 different industries.
Following are our
most salient findings:
- American Express (AMEX) continues to reign as the most trusted company for privacy among 217 organizations rated in our most trusted companies list.
- New entrants to this year’s top 20 most trusted list includes: Microsoft (ranked 17), United Healthcare (ranked 18) and Mozilla (ranked 20).
- Healthcare, consumer products, and banking are the industry segments considered by consumers to be the most trusted for privacy (among 25 industry categories). In contrast, Internet and social media, non-profits (charities) and toys are viewed as the least trusted for privacy.
- Seventy-eight percent of respondents continue to perceive privacy and the protection of their personal information as very important or important to the overall trust equation. Further, the importance of privacy has steadily trended upward over seven years.
- While most individuals say protecting the privacy of their personal information is very important, 63 percent of respondents admit to sharing their sensitive personal information with an organization they did not know or trust. Of those who admit to sharing, 60 percent say they did this solely for convenience such as when making a purchase.
- Fifty-nine percent of respondents believe their privacy rights are diminished or undermined by disruptive technologies such as social media, smart mobile devices and geo-tracking tools. Fifty-five percent say their privacy has been diminished by virtue of perceived government intrusions.
- Only 35 percent of respondents believe they have control over their personal information and this result has steadily trended downward over seven years.
- Less than one-third (32 percent) of respondents admit they do not rely on privacy policies or trust seal programs when judging the privacy practices of organizations they deal with. When asked why, 60 percent believe these policies are too long or contain too much legalese.
- Forty-nine percent of respondents recall receiving one or more data breach notifications in the past 24 months. Seventy percent of these individuals said this notification caused a loss of trust in the privacy practices of the organization reporting the incident.
- Seventy-three percent of respondents believe the substantial security protections over their personal information is the most important privacy feature to advancing a trusted relationship with business or government organizations. Other important privacy features include: no data sharing without consent (59 percent), the ability to be forgotten (56 percent) and the option to revoke consent (55 percent).
- The number one privacy-related concern expressed by 61 percent of respondents is identity, closely followed by an increase in government surveillance (56 percent).
Read the full report here.
So
all the contract language needs to change?
Helpful write-up by Dena Feldman on the
final HITECH rule as it applies to business associates and
subcontractors includes:
Direct
Liability under the Security Rule.
The final rule alters the regulations to expressly subject business
associates to the administrative, physical, and technical safeguard
requirements of the Security Rule. HHS commented that, because
business associates previously had to agree in their business
associate agreements with covered entities to appropriately protect
and safeguard PHI, business associates and subcontractors “should
already have in place” security practices that are compliant with
the rule or
need only “modest improvements.” HHS recognized, however, that
many business associates will not have engaged in the “formal
administrative safeguards” required by the rule.
Direct
Liability under the Privacy Rule. The final regulations modify
the Privacy Rule to extend direct liability for disclosures of PHI by
business associates. However, the rule does not subject business
associates to liability for all aspects of the Privacy Rule.
Business associates are liable for:
- uses or disclosures of PHI in a manner not in accord with the business associate agreement or the Privacy Rule;
- failure to disclose PHI when required by HHS for an investigation and/or determination of the business associate’s compliance with HIPAA;
- failure to disclose PHI to the covered entity, an individual (to whom the information pertains), or the individual’s designee with respect to an individual’s request for an electronic copy of the information;
- failure to make reasonable efforts to limit PHI uses, disclosures, and requests to the minimum necessary amount; and
- failure to enter into a business associate agreement with a subcontractor that creates or receives PHI on their behalf.
Read more on InsidePrivacy.
I have visions of teachers discovering
communications with lawyers about abuse by school officials. Things
could go south really quickly.
The Fourth
Amendment question here is not about the seizure, but the search that
came afterward.
A Berne parent
grew outraged after a school principal confiscated his son’s phone
earlier this week after being caught texting in class. It’s not
the confiscation of the 14-year-old’s iPhone 5 that caused the ire,
but rather the searching of it, which revealed inappropriate photos
of his 14-year-old ex-girlfriend. The principal, Brian Corey,
contacted the Albany County Sheriff’s Department.
Law
enforcement and legal experts agree schools have a greater right to
search students and their property than do police among
the general public, where the Fourth Amendment protects against
unreasonable searches and seizures. The question is the line where
it becomes too invasive given the circumstances.
Read more on the Albany
Times-Union.
Does your teen understand that their
school administrator might not only confiscate, but scroll through
their images and emails? I’m not saying administrators should –
indeed, I think they generally shouldn’t unless there’s
an imminent threat of danger to the student or others — but it
could happen. And as in this case, inappropriate images could result
in the police being called for child pornography.
Are you ready for that? Is your child?
Talk with your kids. Again and again
and again.
But also ensure you understand your
school district’s policies on this. If you’re not sure, ask
under what conditions they might not only confiscate, but search
your child’s mobile devices.
And then talk with your child again.
[From the article:
Technically, since the ex-girlfriend
sent the images, both youths could face child pornography charges for
the photos. The sheriff's department is in the process of obtaining
a search warrant for the phone, but at this point it doesn't appear
any charges, which would go to Family Court, will be filed.
"We've spoken to the district
attorney's office," Sheriff Craig
Apple said. "Right now, they don't want to go forward with
the information they have.
… Apple … said, he believes
students can't have an expectation of privacy on
school grounds.
(Related) Another area where the
constitution does not apply?
Brothel
Patrons Have No Legal Expectation of Privacy, Judge Rules
Brothel patrons have no expectation of
privacy, a Maine judge has ruled while dismissing 49 criminal counts
against a man accused of secretly filming illicit sexual encounters
at his Zumba studio that authorities claim was a bordello.
A local judge dropped the counts
against Mark Strong, Sr., who was accused of breaching the privacy of
those who paid to have sex with his female business partner at a
Kennebunk, Maine dance studio he managed.
The 57-year-old defendant’s attorney,
Dan Lilley, successfully argued that the state law protecting the
privacy of people in dressing rooms, locker rooms and restrooms did
not apply to those having illegal sex with a prostitute.
That law, Lilley argued, “does not
apply to bordellos, whorehouses and the like.” He said “those
places are to commit crime. There is no expectation to privacy.”
Dude,
don't mess with the Mouse! It's clear from this letter that they
carefully introduced the program – nothing happens
haphazardly in the Magic Kingdom.
Dominic Patten reports:
Bob Iger today
told a Massachusetts congressman that his privacy issue concerns
about new technology being introduced at Disney theme parks are bunk.
“We are offended by the ludicrous and utterly ill-informed
assertion in your letter dated January 24, 2013, that we would in any
way haphazardly or recklessly introduce a program
that manipulates children, or wantonly puts their safety at risk,”
the Disney chairman and CEO wrote in a letter (read it in full below)
Monday to Ed Markey.
Read more on Deadline.com
New features equals new concerns for
management.
"Microsoft's
release of Office 2013 represents the latest in a series of makeover
moves, this time aimed at shifting
use of its bedrock productivity suite to the cloud. Early
hands-on testing suggests Office 2013 is the 'best
Office yet,' bringing excellent
cloud features and pay-as-you-go pricing to Office. But
Microsoft's new vision for remaining nimble in the cloud era comes
with some questions, such as what
happens when your subscription expires, not to mention some gray
areas around inevitable employee use of Office 2013 Home Premium
in business settings."
Zordak points to coverage
of the new Office model at CNN Money, and says "More
interesting than the article itself is the comments. The article
closes by asking 'Will you [pay up]?' The consensus in the comments
is a resounding 'NO,' with frequent mentions of the suitability of
OpenOffice for home productivity." Also
at SlashCloud.
For
my literate friends who will no doubt say, “Bob you idiot, you
forgot...”
Worth reading. Here are some bits...
Eight
Brilliant Minds on the Future of Online Education
Why this disruption is
happening:
Peter Thiel, partner, Founders Fund
"In the United States, students
don't get their money's worth. There's a bubble in education as out
of control as the housing bubble and the tech bubble in the 1990s.
Bill Gates, chairman of Microsoft
Our whole notion of 'credential', which
means you went somewhere for a number of hours, needs to move to
where you can prove you have the knowledge and the quality of these
online courses need to improve.
Rafael Reif
"Can you hire MIT professors who
know that they need to teach 150,000 people and not 150?
No comments:
Post a Comment