Aug 17
Facebook is entering the location-sharing game to compete with the likes of Foursquare, meaning you can now add your location to the list of things you’re oversharing. But as with all Facebook features, the devil is in the details. Because Facebook wants to do more than just let you check into a location. They want to let your friends check you into locations, by tagging you. Sound confusing? This is how it works:
You go with your friend to a particular Starbucks. Your friend wants all her friends to know she’s at that particular Starbucks. So she “checks in” thereby broadcasting her whereabouts. But your friend can also check you in by tagging you so everyone knows that you’re at that Starbucks with her. Although, really, you don’t even have to be there, for that to happen. You are, however, notified if you’ve been checked in somewhere.
There are a number of reasons why this could be a very bad thing, but the biggest is this: you let everyone know where you are (and where you’re not).
Read more…
Aug 15
The recent ruling by U.S. District Judge Legrome D. Davis in the case of Allison v. Aetna is another proof point that the threat of identity theft caused by a data breach is not sufficient grounds for litigation. No damages equates to no victims, which mitigates one of the major risks of a breach.
Best practice suggests performing an incident risk assessment to determine the potential risk of harm to individuals when a breach of PII or PHI occurs. We suggest looking at the sensitivity of the data disclosed and the specific context of the breach which will provide an incident risk level. Using these two dimensions of risk provides a consistent basis for determining the potential risk of harm.
An example of this approach is a recent breach of medical records from a large hospital. The breached records included name, address, medical ID number, and diagnosis. No social security numbers were disclosed.
Read more…
Aug 15
Physician’s offices and small clinics are recent targets of patient data theft creating legal obligation to notify patents of the crime under the new federal HITECH Act as well as providing concurrent notice to HHS Office of Civil Rights (OCR). A recent article in HeathLeaders Media highlighted this growing problem.
According to OCR, 11 private practices, affecting a total of 54,000+ patient records have been reported to them since this legislation to protect patient privacy went into effect in September 2009.
The risk to affected patients is medical identity theft by criminals wanting to use their information to obtain illegal prescriptions and medical services. The risk to private practices is compliance with regulations, state and federal fines for privacy violations, class action litigation, and losing patients who decide to take their business elsewhere. Unfortunately, a breach of patient data is common.
Read more…
Aug 13
Mobile phone GPS (global positioning system) is often accurate in less than 100 feet. Many mobile apps work with GPS to inform you of local restaurants, banks, gas stations and attractions. Mobile phone GPS is also being used for driving navigation too, but I don’t find it as effective.
In this amazing age of progressive technology the uses seem unlimited. The good guy often finds out what he can do to improve his life with technology and the bad guy uses it to ruin others.
A U.S. Justice Department report last year estimated that more than 25,000 adults in the U.S. are victims of GPS stalking annually, including by cell phone.
The Wall Street Journal reports “The Federal Communications Commission required U.S. cellular providers to make at least 95% of the phones in their networks traceable by satellite or other technologies by the end of 2005. The agency’s intention was to make it easier for people in emergencies to get help.
Read more…
Aug 13
You’ve heard of laundry, and money laundering but have you heard of click laundering? Are you a small business owner? Do you use ads or affiliate links on your website? Find out about the latest round of internet fraud scams that can cost business owners and consumers money.
Ever heard of click laundering? It’s here! The term is a play on the legal definition of money laundering, and involves a relatively new Internet crime that is a sophisticated form of “click fraud.” Bogus ad-revenue-generating Web-link “clicks” are disguised to appear as legitimate online enquiries.
Internet fraud is evolving from the days of fake emails and phishing scams to entail e-commerce and online businesses. This newest form of fraud cost legitmate businesses and you, the consumer.
Microsoft Senior VP and General Counsel Brad Smith said: “Online ad fraud is evolving in sophistication all the time. Fighting it demands vigilance and dedication to an honest and secure online marketplace.
Read more…
Aug 12
In recent weeks, there have been two bills introduced in Washington, D.C. that are attempting to set nationwide standards for the security and privacy of consumers’ personal information. The “Data Security and Breach Notification Act of 2010” was introduced by Senator Pryor (D-Arkansas) and Senator John Rockefeller (D-West Virginia) on August 5, 2010. The bill requires businesses and organizations that handle and store private consumer information, such as social security numbers, to use reasonable security policies and procedures” to protect such information and to “provide nationwide notice in the event of a security breach.”
This act would require organizations to use appropriate security technologies and processes to safeguard the personal information of consumers. It would also require them to periodically assess their risk profile and take corrective actions in addressing security weaknesses. It also would require notification of consumers affected by a data security breach within 60 days of discovery.
Read more…