• Categories

  • Archives

    « Home

    Update on Insiders Abusing Their Access Privileges in U.S. and U.K.

    It’s been awhile since we’ve talked about the problems that arise when insiders abuse or misuse their access privileges to individuals’ data and violate the individuals’ rights. Such cases have occurred in: Tucson, Ariz., where University Medical Center officials fired three employees for violating privacy of patients connected to the shooting rampage of which Jared Loughner is accused; New York City, where a police sergeant pleaded guilty “to illegally entering a federal database and giving information from a terrorist watch list to an acquaintance to use in a child-custody case in Canada”; Ohio, where the Ohio Inspector General released a report (pdf) finding that state employees improperly accessed and distributed confidential state records related to Samuel Joseph Wurzelbacher, who gained fame during the 2008 election as “Joe the Plumber”; and the U.S. government, where the State Department found that federal employees repeatedly snooped into the passport files of entertainers, athletes and other high-profile Americans. The cases aren’t confined to the United States; for example, they’ve occurred in Canada and New Zealand.

    Now, there are two new stories alleging insider abuse or misuse of access privileges in the U.S. and the U.K. First, the Telegraph reports on insiders misusing their authority in the U.K.:

    Almost 1,000 DWP staff were disciplined in a 10-month period for unlawfully or inappropriately accessing social security records, according to figures released under the Freedom of Information laws.

    Meanwhile, over the past year there were at least 13 cases per month of unlawful access to medical records reported to the Department of Health (DoH).

    The figures were obtained by the Channel 4’s Dispatches programme as part wider year-long investigation into private detectives accused of selling access to private information including health, benefit and criminal records and mobile phone bill and bank accounts.

    The DWP figures show that between April 2010 and March last year a total of 513 staff members were disciplined for “unauthorised disclosure of official, sensitive, private and/or personal information … to anyone” from its database. […]

    The DoH told the programme that it did not collect details of all cases of unlawful access of medical records but admitted there had been 158 incidents throughout last year, which was the equivalent of 13 per month.

    In 2007, the figure was 28.

    And CityPages reports on a case in Minnesota concerning allegations of misuse:

    Seated on a couch between her two basset hounds, Anne Marie Rasmusson hardly looks like the sort of siren who would cause men to dash their careers at her feet. A former cop, she hides her 5-foot-2-inch figure under a bulky sweatshirt and keeps her blond hair clipped short. […]

    The numbers were astounding: One hundred and four officers in 18 different agencies from around the state had accessed her driver’s license record 425 times in what could be one of the largest private data breaches by law enforcement in history.

    The Department of Public Safety sent letters to all 18 agencies demanding an Internal Affairs investigation of the 104 officers. If the cops are found to be in violation of federal privacy law, they could be fired.

    Rasmusson’s lawsuit, which will be filed in the coming weeks, alleges that not only was her privacy compromised, but that her story is merely a symptom of a larger culture of data abuse by police. Her attorneys charge that while police are trained to use the driver’s license database for official purposes only, in reality it’s more like a Facebook for cops. […]

    Indeed, this is hardly the first time cops have been in hot water for misusing the database. In 2010, while caught up in a tumultuous love triangle, St. Paul police officer Jessica Phillips allegedly accessed the driver’s record of her rival for the man’s affections. After the woman complained about harassing calls and texts, Phillips was criminally charged with a misdemeanor for unauthorized computer use.

    Leave a Reply