Addressing specific privacy problems.
https://fpf.org/blog/brussels-privacy-symposium-2022-report/
BRUSSELS PRIVACY SYMPOSIUM 2022 REPORT
On November 15, 2022, the Future of Privacy Forum (FPF) and the Brussels Privacy Hub (BPH) of Vrije Universiteit Brussel (VUB) jointly hosted the sixth edition of the Brussels Privacy Symposium on the topic of “Vulnerable People, Marginalization, and Data Protection.” Participants explored the extent to which data protection and privacy law including the EU’s General Data Protection Regulation (GDPR) and other data protection laws like Brazil’s General Data Protection Law (LGPD) safeguard and empower vulnerable and marginalized people. Participants also debated balancing the right to privacy with the need to process sensitive personal information to uncover and prevent bias and marginalization. Stakeholders discussed whether prohibiting the processing of personal data related to vulnerable people serves as a protection mechanism or, on the contrary, whether it potentially deepens bias.
[The report: https://fpf.org/wp-content/uploads/2023/03/FPF-Brussels-Privacy-Symposium-2022-R2.pdf
An old yet recurring problem. Came up a lot in record retention audits.
What is the cost of not purging data or moving it offline, Sunday edition
Maybe one day, a law or regulation will require entities to purge old data that is no longer needed or requires it to be disconnected from the internet. If anyone needs a fresh example of why we need that type of law or regulation, here it is:
Richard T. Miller, DMD, PC, d/b/a Great Neck/Mid Island Dental (“Great Neck Dental”) acquired the assets of another dental practice back in 2015. The law firm of Cooperman Lester Miller Carus LLP (“CLMC”) was hired to assist with the transaction and was provided with certain patient information.
Fast forward seven years.
On October 7, 2022, CLMC notified Great Neck Dental that it had learned that one of its partners had an email account compromised between March 27 and June 1, 2022. When CLMC reviewed the compromised account, they found patient data from Great Neck Dental that could have been accessed. Information in the partner’s email account included patients’ names, dates of birth, Social Security numbers, and dental insurance information.
Great Neck Dental is not aware of any misuse of the information. Still, it now has the obligation under HIPAA to notify 22,933 patients, many of whom may no longer be at the addresses they were at in 2015 and many of whom may never have become their patients when Great Neck Dental purchased the assets of the other practice.
In addition to the costs of investigating and notifying patients, Great Neck Dental also has the cost of offering them credit monitoring and identity restoration services for a year with IDX. DataBreaches does not know whether Great Neck Dental has any insurance policy that will cover all the costs, or if the law firm is covering costs, or some combination, but a lot of time and costs have been incurred over an easily avoided breach.
Why was protected health information from that 2015 business transaction still sitting in an email account of an unnamed law firm partner?
What security provisions did the law firm have in place with its partner, and when was the last time any of it was reviewed?
It was probably a bit of a shock to Great Neck Dental to be told that patient data from seven years previously was involved in a data breach at a firm they may never have heard of and that they may have never contracted with directly.
There are lessons to be learned or re-learned:
Purge old data that is no longer needed for the purpose for which it was originally collected and stored. If you’re not sure you should or can purge it, then at least encrypt it and move it offline; and
If you are the covered entity or firm contracting with a vendor, make sure you have provisions in your contract detailing should happen to protected health information at the conclusion of any services. Then monitor to make sure those provisions are followed.
Perhaps ChatGPT is not invincable?
https://www.ft.com/content/16342e5a-550e-46ae-a3d6-5244c140cb9b
Good news: ChatGPT would probably fail a CFA exam
… Overall, the bot scored 8 out of a possible 24. Note that because GPT-4 is still quite fiddly, all the screenshots above are from its predecessor ChatGPT 3.5. Running the same experiment on GPT-4 delivered very similar results, in spite of its improved powers of reasoning, because it makes exactly the same fundamental error. The way to win at CFA is to pattern match around memorised answers, much like a London cab driver uses The Knowledge. ChatGPT seeks instead to process meaning from each question. It’s a terrible strategy. The result is a score of 33 per cent, on an exam with a pass threshold of ≥70 per cent, when all the correct answers are already freely available on the CFA website. An old fashioned search engine would do better.
Because they can get away with it?
https://www.theregister.com/2023/03/20/vessels_claiming_to_be_chinese/
Vessels claiming to be Chinese warships are messing with passenger planes
Australian airline Qantas issued standing orders to its pilots last week advising them that some of its fleet experienced interference on VHF stations from sources purporting to be the Chinese Military.
The Register has confirmed the reports.
The interference has been noticed in the western Pacific and South China Sea. Qantas has advised its crew to continue their assigned path and report interference to the controlling air traffic control authority.
… But while interfering with VHF can be disruptive, what is more concerning is the IFALPA said it has “reason to believe there may be interferences to GNSS and RADALT as well.”
RADLT is aviation jargon for radar altimeter - an instrument that tells pilots how far they are above ground. So they can avoid hitting it. GNSS is the Global Navigation Satellite System.
GNSS Jamming navigation systems or radar altimeters can greatly disorientate a pilot or worse.
Of course, there is no telling if China is merely testing out its capabilities, performing these actions as a show of power, or has a deeper motive.
Tools & Techniques.
https://www.helpnetsecurity.com/2023/03/20/facial-morphing-technology/
Detecting face morphing: A simple guide to countering complex identity fraud
Our reliance on face matching for identity verification is being challenged by the emergence of artificial intelligence (AI) and facial morphing technology. This technique involves digitally creating an image which is an average of two people’s faces, and which can deceive not only human examiners, but also facial recognition systems. The misuse of this technology can enable two individuals to use one ID, presenting a significant risk for businesses and governments.
No comments:
Post a Comment