“Move
fast and break things.” It’s not just a Big Tech strategy, it’s
an explanation of most “rush job” failures.
Ohioans’
and Coloradans’ personal info exposed in pandemic unemployment data
breaches
Two
more states have reported breaches or issues with state portals to
apply for pandemic-related unemployment benefits.
In
Ohio, Maggy McDonel reports:
The personal information of Ohioans receiving pandemic unemployment assistance was recently exposed to a data breach, according to Ohio Department of Jobs and Family Services.
The information reportedly included names, Social Security numbers and street addresses.
ODJFS acknowledged what it described as the “data issue” in a release sent out Wednesday afternoon.
The department says Deloitte Consulting notified it last weekend that around two-dozen people were able “to view other PUA claimants’ correspondence.”
Read
more on Fox19.
And
in Colorado, Joe Rubino reports:
All 72,000 people signed up for pandemic unemployment assistance in Colorado are eligible for a year of free credit monitoring after a system error gave six people approved for benefits access to everyone else’s private information.
The Colorado Department of Labor and Employment was alerted to the problem Saturday. In a statement, the department referred to the situation as a “limited and intermittent data access issue.” State officials insist it was not a data breach.
Ohio
and Colorado are the third and fourth states we know of that have
reported problems with state portals involved in filing for
unemployment assistance. Arkansas
was
the first
and
Illinois
was
the second. At this point, it doesn’t seem like the states are all
using the same program, but do not be surprised if more states report
problems like these.
“Saving
face” at the expense of a few (million) deaths...
Data
Leak Suggests China Had Hundreds of Thousands of Coronavirus Cases in
230 Cities
Jim
Geraghty reports on a very significant data leak:
This
may be the most spectacularly
under-discussed story of the pandemic:
A dataset of coronavirus cases and deaths from the military’s National University of Defense Technology, leaked to 100Reporters, offers insight into how Beijing has gathered coronavirus data on its population. The source of the leak, who asked to remain anonymous because of the sensitivity of sharing Chinese military data, said that the data came from the university. . . .
While not fully comprehensive, the data is incredibly rich: There are more than 640,000 updates of information, covering at least 230 cities—in other words, 640,000 rows purporting to show the number of cases in a specific location at the time the data was gathered. Each update includes the latitude, longitude, and “confirmed” number of cases at the location, for dates ranging from early February to late April.
Read
more on National
Review.
Lots
of questions. Was this an “authorized user” breach or could
anyone do it?
Ron
Hurtibise reports:
Hundreds of customers of ADT Security Services were spied on through security cameras installed inside and outside of their homes, two federal lawsuits filed Monday are claiming.
ADT, headquartered in Boca Raton, “failed to provide rudimentary safeguards” to prevent an employee from gaining remote access to the customers’ cameras over a seven-year period, a news release from the Dallas-based Fears Nachawati Law Firm states.
ADT notified customers of the breaches and then tried to pay them off if they agreed not to reveal them publicly, according to the suits filed in U.S. District Court in Fort Lauderdale.
Read
more on Sun-Sentinel.
Worth
reading and thinking about.
Verizon
– 2020 Data Breach Investigations Report
…
If
you look closely you may notice that it has sprouted a few more
industries here and there, and has started to grow a greater interest
in other areas of the world. This year we analyzed a record total of
157,525 incidents. Of those, 32,002 met our quality standards and
3,950 were confirmed data breaches. The resultant findings are
spread throughout this report. This year, we have added
substantially more industry breakouts for a total of 16 verticals
(the most to date) in which we examine the most common attacks,
actors and actions for each. We are also proud to announce that, for
the first time ever, we have been able to look at cybercrime from a
regional viewpoint—thanks to a combination of improvements in our
statistical processes and protocols, and, most of all, by data
provided by new contributors—making this report arguably the most
comprehensive analysis of global data breaches in existence…”
Is
this the end of facial recognition? (Hint: Hell no!)
Kari
Rollins and David Poell of SheppardMullin write:
The Seventh Circuit has recently ruled that plaintiffs have standing to enforce the Illinois Biometric Information Privacy Act’s informed consent requirements in federal court. As we have written before, BIPA regulates the collection, use, and retention of a person’s biometric information, e.g., fingerprints, face scans, etc. For years, federal trial courts have been split on whether a violation of BIPA’s informed consent provision is alone sufficient to confer Article III standing. The decision in Bryant v. Compass Group USA, Inc., — F.3d —-, 2020 WL 2121463 (7th Cir. May 5, 2020) removes that uncertainty and will drastically change the landscape of BIPA litigation going forward.
Read
more on EyeOnPrivacy.
While
we worry about a pandemic...
Papers,
Please! writes:
Air travel in the US has been reduced by more than 90%, measured by the numbers of people passing through checkpoints at airports operated by the Transportation Security Administration (TSA) and its contractors.
And the Department of Homeland Security (DHS) has postponed its threat to start unlawfully refusing passage to travelers without ID credentials compliant with the REAL-ID Act of 2005 for another year, from October 1, 2020, to October 1, 2021.
So relatively little attention is being paid right now to air travel or TSA requirements — making it the ideal time for the TSA to try to sneak a new ID requirement for air travel (to take effect in 2021) into place without arousing public protest.
Read
more on Papers,
Please!
Try
translating that for students!
Tackling
Privacy by Design: Practical Advice Following Multiple
Implementations
When
advising clients on Privacy by Design (PbD) implementation, I often
feel like the voice in his or her head is saying, “I see your lips
moving, but all I hear is blah, blah, blah.” After experiencing
those moments a few times, it occurred to me how professionals living
in the PbD space are speaking
a different language from business owners, product and
service designers, and those in charge of privacy compliance for
their organization. The purpose of this article is to demystify PbD
(a bit), and to offer some practical advice for businesses looking to
implement PbD in its products and services.
Sounds
useful… Can we extract ‘Best Practices?’
Hogan
Lovells Launches Global Privacy Guide to Support Businesses with
COVID-19 Exit Plans
As
the world focuses its efforts on the right strategy to beat the
coronavirus and make normal life safe again, businesses are devising
and implementing a variety of measures to deal with the COVID-19
crisis which rely on the collection, use and dissemination of
personal data.
To
assist with this challenge and ensure that privacy and cybersecurity
aspects are appropriately addressed, Hogan Lovells has released today
a detailed
guide providing legal analysis and practical recommendations.
The guide has been prepared by a team spanning its 45 offices around
the world and led by the firm’s Global Regulatory practice.
Reading
for shut-ins.
Bart
Gellman's long-awaited (at least by me) book on Edward Snowden, Dark
Mirror: Edward Snowden and the American Surveillance State,
will finally be published in a couple of weeks. There is an adapted
excerpt in
the Atlantic.
It's
an interesting read, mostly about the government surveillance of him
and other journalists. He speaks about an NSA program called
FIRSTFRUITS that specifically spies on US journalists. (This isn't
news; we learned about this in 2006.
But there are lots of new details.)
Inside
every cloud, a silver lining.
Inside
the Rise of a Hot New Industry: Social Distancing Consultants
Marker
Medium:
“…As shelter-in-place laws start to relax across the U.S., and
businesses
begin to reopen —or
at least to start thinking about it—everyone from retailers,
restaurants, hairdressers, fashion boutiques, and building managers
are desperate to overhaul their spaces with new safety protocols so
they can protect employees and customers —and start making money
again. The problem? No
one really knows what they are doing.
Federal guidelines cover the basics of hand-washing, sanitizing, and
mask-wearing, but they lack specificity for different scenarios. For
example, if you install a plexiglass screen, how large should it be?
What’s the best way to redesign an office floor plan to limit
interactions? Should employee temperatures be taken every shift?
What about customer temperatures? Amid this uncertainty, a new
cottage industry comprised of opportunists and pivoters has sprung up
to fill the void: the social distancing consultant. From architects
and designers to maintenance and marketing companies, these firms
have recast themselves virtually overnight as experts in the new,
high-demand art of keeping people six feet apart. Social distancing
services have become a boon to the struggling
architecture industry,
as other projects have been
put on hold...”
The joy of
face masks!
No comments:
Post a Comment