Regular
reports of “who can access” and “who did access” should go to
every manager of people or data. And they should look at them!
Brian
Higgins reports:
P.E.I.’s privacy watchdog wants Health PEI to keep closer tabs on one of its employee’s use of patient health records, following a privacy breach last year at Queen Elizabeth Hospital.
That’s according to a new report by Information and Privacy Commissioner Karen Rose, posted May 30.
According to the report, in March 2018, a patient received a copy of their electronic patient chart from Health PEI. That chart included a log showing who had accessed the patient’s health information, and when.
[From
the article:
The
commissioner recommended Health PEI introduce
regular auditing of the employee's access to patient
records, with particular attention to the personal health information
of the patient whose privacy was breached.
If
you offer a tool to anyone potentially threatening the state, the
state will react. (Best description of DDoS I have ever seen!)
Telegram
Hit by Cyber-attack, CEO Points to HK Protests, China
Encrypted
messaging service Telegram suffered a major cyber-attack that
appeared to originate from China, the company's CEO said Thursday,
linking it to the ongoing political unrest in Hong Kong.
Many
protesters in the city have used Telegram to evade electronic
surveillance and coordinate their demonstrations against a
controversial Beijing-backed plan that would allow extraditions from
the semi-autonomous territory to the mainland.
… "Historically,
all state actor-sized DDoS (200-400 Gb/s of junk) we experienced
coincided in time with protests in Hong Kong (coordinated on
@telegram)," he tweeted.
"This
case was not an exception."
… "Imagine
that an army of lemmings just jumped the queue at McDonald's in front
of you -– and each is ordering a whopper," it said, referring
to the flagship product of Burger King.
"The
server is busy telling the whopper lemmings they came to the wrong
place -– but there are so many of them that the server can't even
see you to try and take your order."
It’s
a mess.
Senators
Question FBI on Russian Hack of Voting Firm
In
a letter sent to FBI Director Christopher Wray, Democratic Sens. Ron
Wyden of Oregon and Amy Klobuchar of Minnesota, who is the ranking
member of the committee with jurisdiction over federal elections,
asked for answers by July 12 regarding steps the agency has taken in
response to the breach of VR Systems’ computer servers.
Robert
Mueller’s report on Russia’s interference in the 2016 election
describes how Kremlin-backed spies installed malware on the network
of an unnamed company that “developed software used by numerous
U.S. counties to manage voter rolls.”
VR
Systems has said it believes it is the company referred to in the
report. The Tallahassee, Florida-based company has maintained,
however, that its system was never penetrated. It told Wyden in a
letter last month that the cybersecurity firm Fire Eye conducted a
security audit and found no evidence of a breach.
… The
Department of Homeland Security said last week that its computer
experts will examine North Carolina polling equipment supplied by VR
Systems , at the state’s request. The forensic analysis will look
at laptops and replicas of computer hard drives that were used in
heavily Democratic Durham County to determine whether hacking was
responsible for malfunctions on election day in 2016.
State
and local officials said previously they found no indication that the
software system, used for voter registration and check-in, had been
targeted by hackers, but
they never did a forensic examination. VR Systems has blamed the
trouble on poorly trained poll workers and inadequate computer
maintenance. A report by a security consultant hired by Durham
County’s elections board supported that claim.
(Related)
...and it’s going to get worse.
Mitch
McConnell is Making the 2020 Election Open Season for Hackers
… Senator
Ron Wyden, the Oregon Democrat who sits on the Intelligence
Committee, predicts that the
2020 election will make what happened in 2016 “look like small
potatoes.”
“It’s not just the Russians,” he told me. “There are
hostile foreign actors who are messing with two hundred years’
worth of really precious history.” Wyden recently reintroduced
the
pave
Act,
a wish list of election-security provisions that failed to get
through the Senate last year. The measure includes the use of
hand-marked paper ballots and a prohibition on wireless modems and
other kinds of Internet connectivity, all of which have been
advocated by computer scientists and other election experts for
years.
But
with the Senate Majority Leader, Mitch
McConnell,
making it clear that he will not
advance any election-security legislation
Interesting
discussion.
Profiling
and the GDPR: An interview with Mark Singer and Raf Sanchez
“Let
the lawsuits begin!”
This
is huge. Warwick Ashford reports:
The Austrian Supreme Court has rejected all attempts by Facebook to block a lawsuit in Vienna on fundamental privacy issues.
Facebook had attempted to block the case by Austrian lawyer and privacy activist Max Schrems by questioning whether it is possible to bring a case about rights under the EU’s General Data Protection Regulation (GDPR) before the courts.
Facebook argued that only the Irish data protection commissioner has jurisdiction in this case, while the Vienna Regional Court declared that it did not have jurisdiction.
However, the Appellate Court and the Austrian Supreme Court have now made it clear that everyone has a right to file a lawsuit based on the GDPR.
Read
more on ComputerWeekly.
Allow
me to clearly state my obfuscation with the simplest of bemused
befuddlement. (Amusing graphic)
We
Read 150 Privacy Policies. They Were an Incomprehensible Disaster.
… Only
Immanuel Kant’s famously difficult “Critique of Pure Reason”
registers a more challenging readability score than Facebook’s
privacy policy.
… Google’s
privacy policy evolved over two decades — along with its
increasingly complicated data collection practices — from a
two-minute read in 1999 to a peak of 30 minutes by 2018.
The
policy became more readable at the expense of brevity after the
introduction of the General Data Protection Regulation, the European
Union data privacy protection framework that went into effect a year
ago. The regulation includes a clause requiring privacy policies to
be delivered in a “concise, transparent and intelligible form,
using clear and plain language.”
… And
if states continue to draft their own data protection laws, as
California is doing with its Consumer Privacy Act, privacy policies
could balloon with location-specific addendums.
For
my summer Security Compliance class.
Regulating
Big Tech: Legal Implications
CRS
Legal Sidebar via LC – Regulating
Big Tech: Legal Implications. June 11, 2019.
“Amidst growing debate over the legal framework governing social
media sites and other technology companies, several Members of
Congress have expressed interest in expanding current regulations of
the major American technology companies, often referred to as “Big
Tech.” This Legal Sidebar provides a high-level overview of the
current regulatory framework governing Big Tech, several proposed
changes to that framework, and the legal issues those proposals may
implicate. The Sidebar also contains a list of additional resources
that may be helpful for a more detailed evaluation of any given
regulatory proposal…”
No comments:
Post a Comment