Another “Oops, the
employee forgot to encrypt the data.” Here's another question:
Does the State of Colorado have locations that can not communicate
over the Internet? Why even copy the data to a portable drive?
Jeanne Price reports:
Nearly
19,000 Colorado state workers—both current and former—could have
identity protection concerns after a state worker lost a USB or thumb
drive containing their personal data including Social Security
Numbers (SSN).
“A
state employee lost the drive while transporting it between work
locations. There is no indication that this information has been
misused or stolen,” a press release from the Governor’s Office of
Information Techology (OIT) stated.
“The
electronic file contained names, Social Security numbers and some
home addresses of approximately 18,800 state personnel.
Read more on
idRADAR.com.
Because the state
refused to provide a copy of the individual notification letter, if
any of my readers is the unlucky recipient of the notification,
please email me a copy of the notification letter
(breaches[at]databreaches.net). Thanks!
[From
the article:
Of the 18,800
individual files determined to be on the missing data device, about
8,000 belong to current employees who will be easy to notify. An
additional 10,800 are former personnel whose contact info on file
could be out of date.
The drive was first
discovered to be missing in late November. Some
individuals now getting breach notification letters reportedly
thought the letter was a fraud because it contained some questionable
info.
Is no one learning from
the failure of others? Or from their own failures. Small breaches,
but completely avoidable.
It seems that
UHS-Pruitt
Corporation in Georgia reported that 1,300 patients had
PHI on a laptop that was stolen on September 26, 2013.
…
On September 26, 2013, a computer laptop belonging to an employee
of UHS-Pruitt was stolen from the employee`s locked car.
But wait (as the
commercials say), there’s more….
The December 6th press
release (pdf) reads, in part:
…
On October 8, 2013, the employee’s laptop was stolen from her car
at her home.
Unfortunately correct.
Daniel Solove writes:
Fordham
School of Law’s Center on Law and Information Policy (CLIP), headed
by Joel Reidenberg, has released an eye-opening and sobering study of
how public schools are handling privacy issues with regard to cloud
computing. The study is called Privacy
and Cloud Computing in Public Schools, and it is well worth a
read.
Context:
Education Privacy
What’s
the greatest threat to children’s privacy? Social media sites?
Search engines? Children’s sites?
The
answer, in my opinion, is none of the above. The greatest threat to
children’s privacy is schools.
When
it comes to privacy issues, schools are in the Dark Ages. I cannot
think of any other industry that is so far behind.
To which I say, “hear,
hear!”
Read more on Dan’t
column on Safe.gov.
Wishful thinking?
Josh Gerstein reports:
A
federal judge ruled Monday that the National Security Agency program
which collects information on nearly all telephone calls made to,
from or within the United States is likely to be unconstitutional.
U.S.
District Court Judge Richard Leon found that the program appears to
run afoul of the Fourth Amendment prohibition on unreasonable
searches and seizures. He also said the Justice Department had
failed to demonstrate that collecting the so-called metadata had
helped to head off terrorist attacks.
Read more on Politico.
Related:
Ruling
(pdf).
No comments:
Post a Comment