Archive

Posts Tagged ‘PII’

Repeat Data Loss Offenders…

October 1, 2009 3 comments

I was doing some data mining this week on the excellent DataLossDB.com site and it occurred to me to dig a little deeper into where the risky places to give your PII/PHI to are. I was hoping to find that some segments are cleaning up their act, but it seems not. The fact we’re seeing multiple entries by people could have two possible meanings: Read more…

Advertisements
Categories: Data Loss, PHI, PII, Privacy Laws Tags: , ,

Think Like A Spy…

September 25, 2009 Leave a comment

PhishingRecently John Sileo spoke at the Department Of Defense’s Joint Family Readiness Conference on the topic of identity protection and theft. As a two time victim of identity theft, John is well placed to speak from the heart about the practical, factual, and emotional aspects of this problem, and though I was not able to attend his presentation the writeup on his presentation is well worth a read.

John advocates a couple of thought processes which I’ll let you read the details of directly from the transcript, but to summarize he encourages us all to “Think Like A Spy” – to question the validity of the request for information at every stage, and with every person. Read more…

Missouri’s new Data Protection Disclosure Law.

September 21, 2009 Leave a comment

Although maybe unnoticed, a month ago Missouri finally joined that heady club called “States which have Data Privacy Laws”.

On 28th August, the “Missouri Data Breach Notification Law”, or House Bill 62 took effect, not protecting, but at least enforcing care and attention of residents personal information (Social Security Numbers, Driver’s Licence Numbers, and information which could be used to access a residents financial accounts). Note I use the word “resident”, because, as with the other 47 or so State laws, this one applies to the Residents of Missouri, not to the businesses. If you have Missouri resident information in your datacenter in Tinbuktoo, you are still required (under civil and actual damages) to comply. Read more…

Army National Guard shows how much it cares about 131,000 identities…

August 6, 2009 Leave a comment

National Guard Website

A busy week in the world of data loss, with the report from the Army National Guard Leaders that a personal laptop containing the records of 131,000 former and current guard members was stolen from a contractor on 27th July 2009. The information included the usual culprits – Name, Address, Social Security Number etc.

What this information was doing on a contractors personal device, and not locked up and restricted is undisclosed, but the important thing is that the Army Guard is showing it’s eagerness to resolve the situation and protect its members. Read more…

Changes to PII and PCI regulations in Nevada

This week Linda McGlasson talked on BankInfo security about some changes to Nevada’s data protection stance. Nevada’s laws are no less complex than other states, but interestingly they have a few which, when combined, give a tighter than usual position.

The interesting bills are CHAPTER 603A – SECURITY OF PERSONAL INFORMATION, which deals with the regulations of Business Practices. This law puts the state teeth behind the PCI regulations, enforcing things which the payment card industry require as part of PCI compliance with state-driven criminal and financial penalties. Read more…

TJX (T.J. Maxx) reaches settlement with states on Data Loss

June 24, 2009 3 comments

For those who were included in the January 2007 94 million record loss of credit card numbers from TJX (Still the highest loss by number of records ever reported), You may be interested to know that they have agreed a settlement with the 41 various states on the fine. Around $5.5 million of the settlement was for data and consumer protection, and $1.75 million to reimburse the states costs of the investigation.

You can read the details of the deal struck with the FTC from their website. Read more…

Categories: Data Loss, PII Tags: , ,

Cornell University looses 45,000 records..

June 24, 2009 1 comment

datalossdb.org entryCornell University Entry

Another typical notification of data loss by an educational establishment. In summary, the personal details of around 45,000 current and former students and staff were lost when the laptop containing them was stolen.

Cornell have been very open with the facts of the matter, their site talks about what they have, and will do about it, and the help they are offering people affected. They also mentioned that their policy is that such data should be either encrypted, or in a secure location. Two things they admit this particular member of staff violated. Read more…