Karl Wabst's Library tagged privacy →  View Popular

"Change isn't always easy, and that came through this week in the comments of voters who marked paper ballots and scanned them into machines, rather than the old-fashioned way of pulling mechanical levers, election officials said.

As it turned out, not everyone felt comfortable without the security of the curtains on the decades-old lever machines. Voters in 19 counties marked ballots at seats or booths that were separated by partitions, then walked over to optical scanners and fed the paper in. Some used "privacy" folders provided for the trip, while others declined.

A number of voters said they didn't have enough privacy, and the areas where they filled out ballots weren't the right size or were in the wrong place, said John Conklin, a state Board of Elections spokesman. At a few poll sites, people who were signing in were right next to voters who were marking their ballots, he said.

"Privacy, I think, is something that we will have to wrestle with a little bit," he said."

www.theithacajournal.com/...+scanners+raise+privacy+issues - Preview

ballot privacy election

"A pair of bills that would require businesses to notify consumers in the event of a data breach cleared the Senate Judiciary Committee Thursday, moving on to the full Senate for consideration.

The Data Breach Notification Act, sponsored by Dianne Feinstein (D-Calif.), would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach. It would also extend notification requirements to government agencies.

The more comprehensive Personal Data Privacy and Security Act, introduced by Judiciary Chairman Patrick Leahy (D-Vt.) and co-sponsored by Utah Republican Orrin Hatch and others, would also set notification requirements, as well as tighten criminal penalties for identity theft and willfully concealing information about a breach.

Additionally, the Leahy bill would require businesses to implement preventive security policies to guard against threats to their databases. Like Feinstein's bill, it would also apply to federal agencies.

Both bills would set federal guidelines to add some certainty to the patchwork of at least 45 state laws governing data breaches, and both enjoy the support of the Business Software Alliance (BSA), the leading lobbying arm of the software industry and many hardware firms.

"BSA commends Chairman Leahy, Sen. Hatch and Sen. Feinstein for their leadership on data security and data breach notification," Robert Holleyman, the group's CEO, said in a statement."

blog.internetnews.com/...e-committee-clears-data-b.html - Preview

senate committee breach privacy

"The EU and the US have made progress on reaching a deal on a binding agreement on data sharing aimed at fighting terrorism and crime, US Homeland Security Secretary Janet Napolitano said Wednesday.

"Last week an EU-US high-level contact group identified a core set of common principles that unite our approaches to protect personal data while processing and exchanging information amongst law enforcement authorities," she said in an address to an international conference in Madrid.

"The next step is a binding US-EU agreement on data sharing and privacy," she added.

Data-sharing deals between the European Union and the United States have so far been made on a case-by-case basis.

Officials on both sides of the Atlantic have sought to boost information sharing in the wake of the September 11, 2001 attacks in the United States as a way to thwart fresh attacks as well as organised crime.

"The US and most European countries have found that this cooperation has paid dividends in the form of preventing terrorist incidents, detaining criminals and preventing illegal immigration," said Napolitano.

But reaching a formal bilateral agreement between the two sides over the issue has reportedly been hampered by questions over what impact a deal would have on private companies' obligations during data transfers as well as over the adequate length of time that shared data should be retained."

www.google.com/...M5j698NSC0LfMwqz99DbneU92gsaWg - Preview

eu us Privacy

"The U.S. Department of Health and Human Services issued an interim final rule to beef up penalties for violations of the Health Insurance Portability and Accounting Act (HIPAA), as several Congressmen criticize the agency for leaving dangerous loopholes in the law.

The new rules significantly increase penalty amounts that the U.S. Department of Health and Human Services can impose for HIPAA violations of patient privacy, according to a statement from HHS. The new rules reflect requirements enacted in the Health Information Technology for Economic and Clinical Health (HITECH) sections of the American Recovery and Reinvestment Act (ARRA) of 2009.

Before HITECH, maximum penalties were $100 for each violation or $25,000 for all identical violations of the same provision. A covered health care provider, health plan, or clearinghouse could be exempt from civil financial penalties if it demonstrated it did not know it violated the HIPAA rule.

The HITECH act increases civil financial penalties by establishing tiered ranges of increasing minimum penalties, with a maximum $1.5 million for all violations of identical provisions. And a "covered entity" can plead ignorance as a protection only if it fixes the violation within 30 days of discovery."

www.informationweek.com/...HEKAX2LV0SVQE1GHPSKHWATMY32JVN - Preview

Privacy breach law US health

"America could use a good data protection law, one that would set some standards for protecting sensitive personal information and establish a national requirement for data breach notification. One staffer for the Senate Judiciary committee says this might be the year we get it. Or maybe next year.

“I’m optimistic,” said Lydia Griggsby, the committee’s chief counsel for privacy and information policy. “Hopefully, this year will be the year.”

She is talking about S.1490, the Personal Data Privacy and Security Act of 2009, introduced by Sen. Patrick J. Leahy (D-Vt.) in July and now being considered by the Judiciary Committee. If it doesn’t move to the Senate floor this year, there is always next year, the final session of the current Congress. But the bill has been introduced in two previous congresses and has twice made it out of the committee without being passed by the Senate.

The difference this year, Griggsby said, is that Congress has become better educated about cybersecurity and data security issues over the past five years. Identity theft has become a hot issue, and agencies are repeatedly being dinged in the press with reports of data breaches that have exposed personally identifiable information.

“We are hopeful that this year we will see it move to the floor,” Griggsby said at a recent panel discussion on cybersecurity issues."

gcn.com/...national-notification-law.aspx - Preview

Privacy breach law US

"Experts from around the world gather from Wednesday in Madrid for a three-day conference that aims to hash out international standards for the protection of privacy and personal data.

US Homeland Security Secretary Janet Napolitano as well as national privacy commissioners are among the over 1,000 who are expected to take part in the event, billed as the world's largest forum dedicated to privacy.

The Spanish Data Protection Agency, an independent control authority monitoring compliance with data protection regulations, is organising the 31st International Conference of Data Protection and Privacy.

"The lack of harmonised regulations causes difficulties to citizens when it comes to exercising their rights, which benefit from different levels of protection depending on the state in which their data are being processed," it said in a statement.

Participants hope the international standards reached at the gathering will serve as the basis for a universal, binding legal instrument on data protection.

An extensive international consensus already exists to limit data processing to the purposes for which they were gathered and the need to ask users for their consent regarding international data transfers."

www.google.com/...M5gC_3suiQ5PQX2Quq6BtyeNYRpTpw - Preview

Privacy Global rule

"Consumers who have received a data breach notification letter are four times more likely than others to be the victim of identity theft, according to a survey released this week by Javelin Strategy and Research.

Approximately 11 percent of U.S. consumers have received a data breach notification letter in the past 12 months with a third of the breaches involving Social Security numbers and 15 percent involving ATM PINs, according to Javelin's third annual survey of nearly 5,000 U.S. consumers, released Tuesday.

Of those who have received a data breach notification letter in the past year, 19.5 percent said they were the victims of fraud associated with identity theft, compared to 4.3 percent who have not received a notification but were victimized.
“It wasn't just a statistical anomaly,” Robert Vamosi, a Javelin risk fraud and security analyst and the author of the study, told SCMagazineUS.com on Wednesday. “In 2007 and 2006, we saw a similar pattern, so this isn't a blip. This is something that has been going on for a while.”"

www.scmagazineus.com/...156376 - Preview

Privacy breach alerts ID Theft

"A new proof-of-concept (PoC) application enables an attacker to remotely activate a BlackBerry microphone and listen in on surrounding sounds and conversations.

The application, called PhoneSnoop, was released last week on the blog of security researcher Sheran Gunasekera. To download and install the application, an attacker would need physical access to a BlackBerry device and to know a PIN, if the owner uses one to lock his or her device.

After PhoneSnoop is installed on a device, when a call is received from a preconfigured number, the BlackBerry automatically answers the phone, allowing an attacker to listen in, Marc Fossi, senior researcher at Symantec Security Response told SCMagazineUS.com on Thursday. Once the call is connected, the BlackBerry is set to speakerphone, increasing the microphone's sensitivity to pick up sound from far distances.

“First and foremost, the most important thing about this is it's a proof of concept, Fossi said. "It's not something you need to worry about right now.""

www.scmagazineus.com/...156531 - Preview

Privacy Blackberry Microphone snooping application

"A New York computer technician has been charged with stealing the identities of more than 150 Bank of New York Mellon employees and using them to orchestrate a scheme that netted him more than $1.1 million, prosecutors said this week.

Adeniyi Adeyemi, 27, of Brooklyn was indicted Wednesday on charges of grand larceny, identity theft and money laundering for crimes allegedly committed between Nov. 1, 2001 and April 30, 2009, according to a news release from Manhattan District Attorney Robert Morgenthau.

According to prosecutors, Adeyemi, who was employed as a computer technician working at the headquarters of Bank of New York, stole the personal information of dozens of bank employees, primarily from individuals in the information technology department. He then used the identities to open bank and brokerage accounts, which served as “dummy accounts” to receive stolen funds.

Adeyemi then stole money from the bank accounts of numerous charities and nonprofit organizations, and transferred the funds into the dummy accounts, which he later withdrew or transferred to other accounts, prosecutors said."

www.scmagazineus.com/...156711 - Preview

Privacy Security ID Theft BONY

"Virginia insurance regulators issued their first fine for a violation of a 2003 law regarding the protection by agents and agencies of policyholder information, just three weeks after issuing a reminder on the requirements.

lockVirginia State Corporation Commission Bureau of Insurance officials confirmed that the action against Caryn J. Williams, a licensed life, health, property-casualty agent in Chesapeake, Va., and her property-casualty insurance company, SCK Enterprises Inc., for failing to properly protect policyholder information was the first issued by the state. Williams and the company were cited for six other infractions and fined $1,000 in September."

ifawebnews.com/...-of-2003-privacy-safeguard-law - Preview

Privacy fine insurance regulators

"The UK government has been accused of failing to protect citizens' privacy by the European Commission.

It said the government should have done more to guarantee online privacy when trials of a controversial ad-serving system were carried out in 2006.

The Commission said it had now started the second phase of legal action over the trials.

If the UK fails to answer the criticism satisfactorily, it faces being taken to the European court.

"People's privacy and the integrity of their personal data in the digital world is not only an important matter, it is a fundamental right, protected by European law," said Viviane Reding, EU telecoms commissioner. "

news.bbc.co.uk/...8337685.stm - Preview

Privacy BBC EU

"About fifteen years ago, my husband and his colleague had their laptop computers stolen out of a car. They were fearful of reporting the incident to their boss, largely because the laptops had cost the company about $7,000 each. A $14,000 hit to the departmental budget was a serious blow. And back in those days, no one gave much thought to exposure of the data on the stolen devices.

My, how times have changed!
A Buyer's Guide to Data Protection: Download now

Today, companies don't sweat much over the loss of the hardware, which has dramatically come down in price. The real cost of a lost laptop is in the potential or actual exposure of the data on the PC, especially if it is customer records or intellectual property. "

www.networkworld.com/...110209bestpractices.html - Preview

Privacy laptop lost

"Facebook head of communications Elliot Schrage posted a company blog entry on Thursday inviting members to review proposed updates to the social network's privacy policy, and much of it deals with what happens to the content of accounts that members have opted to delete.

"Specifically, we've included sections that further explain the privacy setting you can choose to make your content viewable by everyone, the difference between deactivating and deleting your account," and the process of memorializing an account once we've received a report that the account holder is deceased," Schrage wrote. Earlier this week, Facebook detailed the process of "memorializing" an account, which leaves the profile intact to current friends but hides potentially sensitive information.

Now, in the proposed new policy, which members are invited to review and comment on until November 5, Facebook explains to users that they can "deactivate" their account, which hides it but keeps information stored for potential reactivation, or alternately choose to delete it for good.

"Even after you remove information from your profile or delete your account, copies of that information may remain viewable elsewhere to the extent it has been shared with others, it was otherwise distributed pursuant to your privacy settings, or it was copied or stored by other users," the new wording explains. It's referring to content like posts and comments on other members' profile 'walls.' "However, your name will no longer be associated with that information on Facebook."

It's been a long and twisted road for Facebook's privacy regulations. The new policy was put into place after a complaint from the Canadian Privacy Commission called into question what would happen to member profile data if a user deactivated an account."

news.cnet.com/8301-13577_3-10386509-36.html - Preview

Facebook privacy

"A new report from Javelin Strategy and Research suggests that many credit and debit card holders fail to understand the importance of a notice saying that a credit card or debit card has been breached and do not protect themselves from fraud.



The company's research found that people notified of a breach of their secure data were four times as likely as the public at large of actually experiencing financial or other fraud within a year of the notification.



Further, those who experienced a breach in their secure data and then an incident of fraud very rarely link the fraud to the breach.


“Among consumers who received a data breach notification in the past 12 months, 19% suffered fraud, yet only 2% attributed their fraud to a data breach, the firm reported. “It seems as if consumers are not connecting the dots on data breach notifications to fraud events. They are aware, in the abstract, some personal records of theirs have been compromised, but when they become a victim of fraud they do not make the connection to the breach notification.”"

www.cutimes.com/...Data-Breach-Notifications.aspx - Preview

Privacy notifications breach consumers

"States often collect far more information about students than necessary and fail to take adequate steps to protect their privacy, a national study concludes. The dossiers go far beyond test scores, including Social Security numbers, poverty data, health information and disciplinary incidents.

The study from the Fordham University Center on Law and Information Policy, released Wednesday, casts light on data systems created at the urging of the federal government to track student progress. One finding: States often fail to spell out protocols for purging records after students graduate.

"Ten, 15 years later, these kids are adults, and information from their elementary, middle and high school years will easily be exposed by hackers and others who put it to misuse," said Fordham law professor Joel R. Reidenberg, who oversaw the study. States, he said, "are trampling the privacy interests of those students." "

www.washingtonpost.com/...AR2009102703562.html - Preview

Privacy School Record Retention

A new malware variant called Silon is targeting Internet Explorer users, attempting to intercept their sessions and steal credentials.

"Researchers at security vendor Trusteer Inc. issued an advisory warning that the Silon Trojan can detect when a user initiates a Web login session in Internet Explorer. It intercepts the login session, encrypts the data and sends it to a command-and-control server where it is collected with credentials from other victims.

In a more sophisticated attack, the Trojan targets people logging into their online bank accounts. New York, N.Y.-based Trusteer said Silon can inject sophisticated dynamic HTML code into the login flow between the user and their bank's Web server. The method involves using a webpage displaying a phony message asking the victim to verify their login details. If the victim complies with the request, the login credentials are sent to the command-and-control server, said Amit Klein, chief technology officer of Trusteer. "

searchsecurity.techtarget.com/...89142,sid14_gci1372664,00.html - Preview

Privacy MalWare IE Silon

"Mozilla’s flagship Firefox browser is vulnerable to at least 11 “critical” vulnerabilities that expose users to drive-by download attacks that require no user interaction beyond normal browsing.

The open-source group shipped Firefox 3.5.4 with patches for the vulnerabilities, which range from code execution risk to the theft of information in the browser’s form history."

blogs.zdnet.com/security - Preview

Privacy Firefox critical drive-by Vulnerability

"The British newspaper whose job board was hacked over the weekend is advising the half-million users whose information may have been accessed to buy identity insurance and notify credit reporting agencies.

An indignant Twitter post by one of those whose account with The Guardian jobs site was compromised says she received an email from the newspaper advising her of the illegal access and suggesting she subscribe to an identity protection service.

“got the guardian hack email – they suggest I buy identity fraud protection services. Hang on, who let people steal my information?” reads the tweet by Joelle Nebbe-Mornod, a technology consultant and former CTO now in the U.K.

The site itself gives no hint of the hack, until you scroll almost to the bottom of the home page where, under a heading of Workplace News, there is a short item headlined: Guardian jobs site – Security Breach. It links to a page of more detailed information."

www.ere.net/...-pay-for-protection-themselves - Preview

Privacy Breach British Guardian ere.net

"Joe Simitian, a Democratic state senator from California, is still scratching his head, some two weeks after Gov. Arnold Schwarzenegger vetoed SB-20, an update to the landmark 2003 Golden State breach notification bill, known as SB-1386.

They say that imitation is the highest form of flattery. Well, some 45 states have more or less copied California's pioneering move. And there was no reason to believe that a similar scenario wouldn't have played out again had the Governator signed SB-20 into law.

But, alas, it was not to be. The new legislation would have required that breach notification letters going to California residents also contain specifics around the data-loss incident, including the type of personal information exposed, a description of the incident, and advice on steps to take to protect oneself from identity theft. The law also would have mandated that organizations that suffer a breach affecting 500 or more people must submit a copy of the alert letter to the state attorney general's office"

www.scmagazineus.com/...156093 - Preview

Privacy sb-20 SB 1386 CA Schwarzenegger

"A proposed Homeland Security Department information-sharing initiative faces ongoing funding challenges, due to congressional concerns over privacy.

For the third year in a row, Congress as part of the Homeland Security spending bill prohibited DHS from using appropriated funds to stand up the National Immigration Information Sharing Operation. To start the flow of funding, the Homeland Security secretary must certify that the project -- designed to give intelligence and law enforcement agencies access to DHS immigration information -- complies with applicable laws, including privacy and civil liberties standards."

www.nextgov.com/...ng_20091023_8381.php - Preview

Privacy nextgov DHS