Search


Intersection: Sidewalks & Public Space

Chapter by Melissa Ngo

"The Myth of Security Under Camera Surveillance"


  • Categories


  • Archives

    « Home

    Archive for the ‘Security’ Category

    Information Age: More than a third of security pros sending sensitive data without encryption

    Tuesday, July 15th, 2014

    Information Age reports on a new survey from Voltage Security concerning the encryption of sensitive information:

    Despite headline-making breaches that have called attention to the importance of data encryption, nearly 36% of IT security professionals admit to sending sensitive data outside of their organisations without using any form of encryption to protect it, a new survey from Voltage Security reveals. [...] Read more »

    Vermont Attorney General Fines Local Business For Failing To Notify Consumers Of Security Breach

    Monday, July 14th, 2014

    Vermont Attorney General William H. Sorrell announced that his office has fined (pdf) Shelburne Country Store in Shelburne, Vermont, because of a security breach that affected customers’ privacy:

    Shelburne Country Store in Shelburne, Vermont will pay a $3,000 civil penalty for failing to inform 721 internet buyers of a security breach of their credit card information. In late 2013, the company’s website was hacked and credit card information stolen. Upon being informed of the breach in January 2014, the company quickly fixed the problem, but did not notify consumers until it was contacted by the Attorney General’s Office. [...]

    Under Vermont’s Security Breach Notice Act, businesses are required to send the Attorney General a confidential notice within 14 business days of discovery of a data breach. The business must also send notice to consumers in the most expedient time possible, but no later than 45 days.

    InformationWeek: Florida Law Aims To Tighten Data Security

    Friday, July 11th, 2014

    InformationWeek reports on a new law in Florida that concerns information privacy and security:

    A new law designed to protect Floridians from identity theft could have far-reaching repercussions on healthcare organizations that reside or do business in the Sunshine State. Under the Florida Information Protection Act of 2014 (FIPA), any covered entity or third-party agent must now report breaches to the Florida Department of Legal Affairs and to consumers within 30 days (compared with the prior law’s 45 days). If they show good cause, organizations may get a 15-day extension or receive a law enforcement extension. Violators can be fined $1,000 per day for the first 30 days and $50,000 for each subsequent 30-day period under the Florida Deceptive and Unfair Trade Practices Act (FDUTPA); the fine is not to exceed $500,000.

    The state also expanded ”personal information” to include individuals’ first name or first initial and last name, in combination with any one of the following: passport number; medical history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional; or health insurance policy number, subscriber identification number, or any unique identifier health insurers use to classify individuals. [...]

    The act, which passed unanimously, should slow the flood of data breaches, advocates said. Faster reporting times, an expanded collection of relevant data, and increased law enforcement involvement will encourage organizations to be more proactive and give law enforcement more opportunities to catch cybercriminals.

    Consortium for School Networking Issues Privacy Resources for K to 12 Grades

    Thursday, July 10th, 2014

    The Consortium for School Networking has announced the release of privacy resources for school districts:

    CoSN (Consortium for School Networking) today unveiled two freestanding resources to accompany its in-depth, step-by-step privacy toolkit. Designed to help school system leaders navigate the complex federal laws and related issues, the complementary resources include:

    •  “10 Steps Every District Should Take Today”; and

    •  “Security Questions to Ask of an Online Service Provider

    Launched in March through CoSN’s Protecting Privacy in Connected Learning initiative, the existing toolkit addresses compliance with laws such as the Family Education Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA) and offers smart practices to better protect student privacy and their data. The security questions for online service providers were included in the v.1 toolkit. [...]

    In the fall, CoSN will expand the toolkit with additional sections covering the Protection of Pupil Rights Amendment (PPRA) and the Health Insurance Portability & Accountability Act (HIPAA) – filling out the privacy guide with all four federal privacy laws applied to K-12 education.

    MIT Technology Review: Can Software Make Health Data More Private?

    Tuesday, July 8th, 2014

    MIT Technology Review considers whether software can help protect the privacy of medical information:

    Today a patient’s data typically stays within a hospital group or doctor’s practice. If you get care elsewhere you are essentially a blank slate unless a special request for your data is made, in which case the entire record becomes accessible. But many patients may not want their entire medical history to be accessible by everyone they see, so there is pressure to develop tools that can be used to limit access. One tricky issue is that redacting details of a diagnosis may not remove all the clues as to that condition, such as prescribed drugs or lab tests.

    A new tool developed by computer scientists at the University of Illinois can figure out which parts of a record may inadvertently reveal aspects of a patient’s medical history. The idea is that as data-sharing proposals advance, the patient would decide what parts of his or her record to keep private. A clinician would get advice from the technology on how to amend the record to ensure that this occurs. [...] Read more »

    Wired: ISPs File Legal Complaint in Europe Over Spying

    Monday, July 7th, 2014

    Wired reports that a group of Internet service providers and nonprofits in different countries have filed a legal complaint over allegations of spying by Britain’s GCHQ and the United States’s National Security Agency:

    Seven Internet service providers and non-profit groups from various countries have filed a legal complaint against the British spy agency GCHQ. Their issue: that the clandestine organization broke the law by hacking the computers of Internet companies to access their networks.

    The complaint, filed with the Investigatory Powers Tribunal, calls for an end to the spy agency’s targeting of system administrators in order to gain access to the networks of service providers and conduct mass surveillance. The legal action was filed in conjunction with Privacy International, and stems from reports last year that GCHQ hacked employees of the Belgian telecom Belgacom in order to access and compromise critical routers in the company’s infrastructure to monitor the communication of smartphone users that passed through the router. [...] Read more »