Group items tagged

A coalition of privacy groups today urged the Obama Administration to defend California's landmark financial privacy law against the banking industry's legal efforts to overturn it. The US Supreme Court is currently considering taking up the banks' appeal of a 2008 decision by the 9th Circuit Court upholding almost all provisions of the Financial Information Privacy Act of 2003 (SB 1 - Speier). On March 9th, the Supreme Court invited the Obama Administration to voice its opinion on the California privacy law. The case is American Bankers Association v. Brown, Supreme Court Docket Number 08-730. Letters to President Obama and Solicitor General Elena Kagan were signed by The Consumer Federation of California, Privacy Rights Clearinghouse, CALPIRG, Consumers Union, Consumer Action, The Older Women's League, The California Alliance for Retired Americans, and Chris Larsen, Propser Marketplace, and founder of Californians for Privacy Now, the organization that spearheaded a 2003 ballot initiative campaign that turned fierce banking industry opposition into acquiescence with SB 1. "This represents a defining moment for privacy rights" the letter states. We ask you to stand with consumers by telling the Supreme Court to reject the banks' appeal in Brown." Privacy advocates support the State of California's position in this legal matter, which is that there is no merit to the appeal filed by the American Bankers Association. At issue is whether federal laws preempt portions of California law that regulate the sharing of private consumer information within a financial institution's family of affiliates.

The California State Senate approved today SB 20, legislation by State Senator Joe Simitian (D-Palo Alto), which aims to strengthen existing privacy protection laws for California consumers. The new law builds on legislation authored by Simitian in 2002 that requires a business or government agency that incurs a data breach to provide notice to the individual(s) whose information was compromised. More than 40 states have adopted similar legislation since that time, largely based on the California measure. "No one likes to get the news that information about them has been stolen," said Simitian, "but when it happens, people are entitled to get a notice they can understand, and that helps them decide what to do next." "The premise is simple," added Simitian. "What you don´t know can hurt you. Ignorance is not bliss. And you can´t protect yourself if you don´t know you´re at risk." Simitian said his latest proposal (SB 20), "is designed to make a good law even better." California´s current security breach notification law (AB 700, Simitian -2002) requires notice to consumers when their information has been compromised, but does not require data holders to provide any standard set of information about the nature of the breach. SB 20 will enhance consumer knowledge about security breaches by requiring that the notification contain specified information, including the type of personal information breached and the date of the breach.

The Kaiser Permanente hospital in Bellflower has been hit with a $187,500 fine for failing for a second time to prevent unauthorized access to confidential patient information, state pubic health officials said today. [Updated at 3 p.m.: A spokesman for the hospital said the fine was part of the ongoing investigation into employees improperly accessing the medical records of Nadya Suleman and her children. Disciplinary action has been taken against the employees, said Jim Anderson, a hospital spokesman. All the incidents occurred in January; a previous post said they had occurred in April and May.] State officials said Kaiser Permanente Bellflower Medical Center compromised the privacy of four patients when eight employees improperly accessed records. This is the second penalty against the hospital, officials said. The hospital was fined $250,000 in May for failing to keep employees from snooping in the medical records of Nadya Suleman, the woman who set off a media frenzy after giving birth to octuplets in January. The fine was the first penalty imposed and largest allowed under a new state law enacted last year after the widely publicized violations of privacy at UCLA Medical Center involving Farrah Fawcett, Britney Spears, California First Lady Maria Shriver and other celebrities. "We are very concerned with violations of patient confidentiality and their potential harm to the residents of California," said Dr. Mark Horton, director of the California Department of Public Health. "Medical privacy is a fundamental right and a critical component of quality medical care in California."

A number of software errors are present in the Global Election Management System (GEMS) voting system (version 1.18.19), put out by the company Premier Election Solutions, Inc. A Deck Zero error led to 179 tallied ballots inadvertently being deleted from initial results in the November 4, 2008 election in California - which was subsequently corrected, according to California Secretary of State, Debra Bowen. As a result, the state may withdraw approval for the use of this system.

The software vendor's commissioned research will be revealed during a panel discussion with leaders from the California Office of Privacy Protection, Intel, and MySpace. Wednesday, Jan. 28, 2009, is Data Privacy Day, and to mark the occasion, Microsoft is participating in a panel discussion in San Francisco with privacy experts from the California Office of Privacy Protection, the Center for Democracy and Technology, Intel (NSDQ: INTC), and MySpace. Better this week than last, when Heartland Payment Systems and Monster.com disclosed major malware-driven data breaches that promise privacy headaches or worse for affected account holders. It is such incidents that worry Peter Cullen, Microsoft (NSDQ: MSFT)'s chief privacy strategist, because of the impact they can have on consumer trust. "Trust is becoming increasingly important," he said. That's why Data Privacy Day exists. Microsoft and other organizations recognize that without trust, the online economy only gets worse for everyone. Cullen explained that Data Privacy Day represents a global opportunity for organizations and individuals to come together to discuss how to better educate consumers about data privacy issues. One way to advance the discussion, Cullen said, was to commission some research, which Microsoft did in two cities, in California and Texas. "We wanted to understand how different segments of consumers, from teens to professionals to boomers, thought about privacy," he said. "There were some rather interesting results that came out of this." "Our hypothesis is that across these three segments, there would be different ways of thinking about these things," said Cullen. "We were really surprised to learn there's a large degree of similarity in the way people think about privacy."

Facebook has been in the news a lot lately, and that's not good news for Chris Kelly, who is the chief privacy officer for Facebook, and - as we've reported - is quietly exploring a possible run for the Democratic nomination for state attorney general. Kelly was at the center of a firestorm this week regarding changes in Palo Alto-based Facebook's terms of service, which critics argued gave the social-networking site control over members' uploaded material, including photos, seemingly forever. On Wednesday, Kelly told CNN that the company will listen to complaints. The company's official blog now outlines how it has pulled back but Facebook has faced other problems that could hamper Kelly's efforts to run for a California political post. Last year, as Cnet reported, the firm reached an agreement with New York Attorney General Andrew Cuomo after an investigation of complaints that Facebook hadn't addressed consumers' complaints of "harassment and inappropriate conduct" regarding underage members. Facebook officials have said they are cooperating with law enforcement to protect their users from predators. But with the Democratic AG race already looking crowded - with San Francisco District Attorney Kamala Harris and Los Angeles City Attorney Rocky Delgadillo in the mix, among others - Democratic consultants are watching with great interest. Poke this, friends: Could this be the juicy stuff of television ads in a Democratic law-and-order race in California?

Kaiser Permanente says that the personal information of 29,500 employees in Northern California may have been exposed in a security breach. "A handful" of employees have reported identify theft, the Oakland, Calif.-based managed-care giant said. Police in San Ramon, Calif., seized a computer file containing the employee information from a suspect who was arrested. The suspect was not a Kaiser Permanente employee, and officials declined to provide further details. The file contained the names, addresses, phone numbers, Social Security numbers and dates of birth of the Kaiser workers. No health plan member information or personal health information was involved in the data breach, according to Kaiser officials. "We regret that this unfortunate incident occurred, and we understand the anxiety and worry that some employees may feel," said Gay Westfall, senior vice president for human resources at Kaiser Foundation Health Plan and Hospitals, Northern California, in a written statement. Kaiser is providing one year of free credit-monitoring to workers whose information was in the file.

One of the more interesting panel discussions at the IDC Cloud Computing Forum on Feb 18th in San Francisco was about managing the complexities of security, privacy and compliance in the Cloud. The simple answer according to panelists Carolyn Lawson, CIO of California Public Utilities Commission, and Michael Mucha, CISO of Stanford Hospital and Clinics is "it ain't easy!" "Both of us, in government and in health, are on the front-lines," Lawson proclaimed. "Article 1 of the California Constitution guarantees an individual's right to privacy and if I violate that I've violated a public trust. That's a level of responsibility that most computer security people don't have to face. If I violate that trust I can end up in jail or hauled before the legislature," she said. "Of course, these days with the turmoil in the legislature, she joked, "the former may be preferable to the later." Stanford's Mucha said that his security infrastructure was built on a two-tiered approach using identity management and enterprise access control. Mucha said that the movement to computerize heath records nationwide was moving along in fits and starts, as shown by proposed systems likeMicrosoft (NSDQ: MSFT)'s Health Vault and Google (NSDQ: GOOG)'s Personal Health Record. "The key problem is who is going to pay for the computerized of health records. It's not as much of a problem at Stanford as it is at a lot of smaller hospitals, but it's still a huge problem." Mucha said that from his perspective security service providers in the cloud and elsewhere are dealing with a shrinking security parameter or fence, which is progressing from filing cabinets, to devices, to files, and finally to the individual, who under the latest Health Insurance Portability and Accountability Act (HIPAA) privacy rules has certain rights, including rights to access and amend their health information and to obtain a record of when and why their Protected Health Information (PHI) record has bee

If practice makes perfect, it's no wonder commercial pilot Chesley B. (Sully) Sullenberger III was able to save the day last week, guiding a malfunctioning jetliner over New York City and landing it safely in the Hudson River. It turns out Sullenberger was well trained for the job and had been studying crisis management. The Associated Press' Amy Westfeldt says Sullenberger, 57, of Danville, California, is a former fighter pilot who runs a safety consulting firm in addition to flying commercial aircraft. Westfeldt says Sullenberger is president of Safety Reliability Methods, a California firm that uses "the ultra-safe world of commercial aviation" as a basis for safety consulting in other fields. "When a plane is getting ready to crash with a lot of people who trust you, it is a test," Civil engineer Robert Bea told Westfeldt. "Sully proved the end of the road for that test. He had studied it, he had rehearsed it, he had taken it to his heart." The pilot "did a masterful job of landing the plane in the river and then making sure that everybody got out," Mayor Michael Bloomberg told AP. "He walked the plane twice after everybody else was off, and tried to verify that there was nobody else on board, and he assures us there was not. He was the last one up the aisle and he made sure that there was nobody behind him."

In honor of this day, the California Office of Privacy Protection--the first governmental privacy office in the nation--has created a presentation which you can download from their Web site at www.privacy.ca.gov. It's called "Secure Your Computer to Protect Your Privacy," and it explains why computer owners should use Internet firewalls, install and maintain anti-virus and anti-spyware software, and keep their operating systems and applications up to date to protect themselves from malicious attacks. The state privacy office offers lots of other information on how Californians can protect themselves and their data. You can visit their Web site, call them toll-free at (866) 785-9663, or go Wednesday at 5:30 p.m. to the main San Francisco Public Library, where Joanne McNabb, the state's privacy chief, is scheduled to appear on a panel with representatives from Microsoft, Intel, the Center for Democracy and Technology, MySpace and Teen Angels. The panel is free and is part of an international effort to raise awareness about privacy practices and privacy rights

Premier Election Solutions (formerly Diebold Election Systems) admitted in a state hearing Tuesday that the audit logs produced by its tabulation software miss significant events, including the act of someone deleting votes on election day. The company acknowledged that the problem exists with every version of its tabulation software. The revelation confirmed that a problem uncovered by Threat Level in January, and reiterated in a report released two weeks ago by the California secretary of state's office, has widespread implications for election jurisdictions around the country that use any version of the company's Global Election Management System (GEMS) software to tabulate votes. "Today's hearing confirmed one of my worst fears," said Kim Alexander, founder and president of the non-profit California Voter Foundation. "The audit logs have been the top selling point for vendors hawking paperless voting systems. They and the jurisdictions that have used paperless voting machines have repeatedly pointed to the audit logs as the primary security mechanism and 'fail-safe' for any glitch that might occur on machines. To discover that the fail-safe itself is unreliable eliminates one of the key selling points for electronic voting security."

California regulators have fined Kaiser Permanente Bellflower (Calif.) Medical Center $250,000 for failing to keep workers from peeking at the electronic health records of Nadya Suleman, who gave birth to octuplets at the hospital in January. The fine is the first under a new state law, which took effect in January, aimed at protecting patient medical records at hospitals and carries the maximum penalty allowable. Twenty-three unauthorized staff and physicians accessed the medical records, including some at other Kaiser facilities. Seven people viewed the records more than once, according to the California Public Health Department, which licenses hospitals in the state. Kaiser fired one person who peeked at Suleman's records, 14 others resigned and eight were disciplined.

An insider at the California Water Service Company in San Jose broke into the company's computer system and transferred $9 million into offshore bank accounts and fled the country. Abdirahman Ismail Abdi, 32, was an auditor for the water company, which delivers drinking water throughout the state and is located in San Jose, Calif. Abdi resigned from his position on April 27. Allegedly, that night he went back to work and made three wire transfers totaling more than $9 million from the company's accounts to an account in Qatar. Abdi was seen by a janitor on the night of the crime, according to the San Jose Mercury News, citing court documents filed Wednesday in the federal court at San Jose. The next morning, the water company discovered what had been done and worked with their bank to have the money returned to their account. The company notified police, who are currently investigating the case, Jose Garcia, public information officer at the San Jose Police Department, told SCMagazineUS.com on Friday.

Internal controls failure.

On January 7, backers of California's Proposition 8 filed a federal lawsuit, asking that they be exempted from complying with California election laws that require disclosure of the names of people who give as much as $100 to a campaign for or against an initiative. The case is ProtectMarriage.com v Bowen, no. 2:09-cv-00058 (Sacramento). It was assigned to U.S. District Court Judge Morrison England, who was appointed in 2002. The case depends on the 1982 U.S. Supreme Court precedent Brown v Socialist Workers '74 Campaign Committee, which said that disclosure is not compelled if there is a reasonable possibility that campaign contributors, if identified, will be subject to harassment. Besides the Socialist Workers Party, other groups that have won freedom from disclosure include the Freedom Socialist Party, Socialist Action, and the Communist Party.

ABOUT two-thirds of Americans object to online tracking by advertisers - and that number rises once they learn the different ways marketers are following their online movements, according to a new survey from professors at the University of Pennsylvania and the University of California, Berkeley.

ABOUT two-thirds of Americans object to online tracking by advertisers - and that number rises once they learn the different ways marketers are following their online movements, according to a new survey from professors at the University of Pennsylvania and the University of California, Berkeley.

"A federal law designed to prevent employers and health insurers from discriminating against an individual based on their genetic predisposition to disease took effect late last month, signaling a new era where intermingling genetic advances and privacy concerns create new challenges in health care. But left out of the federal Genetic Information Nondiscrimination Act, commonly known as GINA, were privacy protections for individuals seeking long-term care, disability and life insurance coverage. Each of those areas was left up to the individual states. At least 10 states regulate the use of genetic information in long-term care insurance. But in California, privacy protections were left to expire by lawmakers in January 2008. Mark Billingsley, spokesman for state insurance commissioner Steve Poizner, said in an e-mail that there "appears to be a giant loophole" in California's insurance code regarding long-term care insurance and genetic privacy protections. He said he couldn't identify a single provision in the state code that would preclude a private insurer from requesting such a test for underwriting purposes. "

"The United States House of Representatives took a major step this week toward enacting a national data breach notification law. H.R. 2221, the Data Accountability and Trust Act (DATA), cleared the House with a voice vote. In its current form, DATA requires businesses to notify customers and the Federal Trade Commission (FTC) if sensitive information has been exposed to a security breach. If the U.S. Senate can reconcile its own approach to data breach notification legislation with DATA, a new federal standard will emerge. If signed into law by President Barack Obama, a federal data breach ¬law would pre-empt the jumbled mass of dozens of state laws. "You'd be better served by federal legislation if the federal legislation has teeth and doesn't pre-empt the state's law," said California state senator Joe Simitian, speaking to executive editor Scot Petersen in September. "If there was a meaningful standard at the national level, I think many states would be happy to accept it." Aside from the data breach notification required by the HITECH Act, DATA would put into place the first national law of its kind. H.R. 2221 was sponsored by House Subcommittee Chair Rep. Bobby L. Rush of Illinois. The bill specifically states that: "Any person engaged in interstate commerce that owns or possesses data in electronic form containing personal information shall, following the discovery of a breach of security of the system maintained by such person that contains such data -- 1. notify each individual who is a citizen or resident of the United States whose personal information was acquired by an unauthorized person as a result of such a breach of security; and 2. notify the Federal Trade Commission."

"Craig Newmark, founder of Craigslist and a customer-service guru, was riding on a public train in San Francisco, California, recently when something common but annoying occurred: The railcar filled with people and became uncomfortably hot. If the inconvenience had happened a few years ago, Newmark said he would have just gone on with his day -- maybe complaining about the temperature to a friend. But this was 2009, the age of mobile technology, so Newmark pulled out his iPhone, snapped a photo of the train car and, using an app called "SeeClickFix," zapped an on-the-go complaint, complete with GPS coordinates, straight to City Hall. "A week or so later I got an e-mail back saying, 'Hey, we know about the problem and we're going to be taking some measures to address it,' " he said. Welcome to a movement the tech crowd is calling "Gov 2.0" -- where mobile technology and GPS apps are helping give citizens like Newmark more of a say in how their local tax money is spent. It's public service for the digital age."

Maybe Craig of Craigslist has finally found something to do with technology besides making it easier to find a prostitute in Los Angeles?

"Medical records for about 15,500 Northern California Kaiser patients - about 9,000 of them in the Bay Area - were compromised after thieves stole an external drive from a Kaiser employee's car last month, Kaiser officials said Tuesday." Kaiser officials said the electronic device contained patients' names, medical record numbers and possibly ages, genders, telephone numbers, addresses and general information related to their care and treatment. No Social Security numbers or financial information was contained on the drive, and Kaiser officials said there's no evidence that the information has been used inappropriately. The device was not encrypted, but some of the information was password protected. Kaiser has sent letters to the 15,500 members and the employee, who Kaiser would not identify, has been fired.

Another hospital employee fired for inappropraite access of medical records. More damage to a medical group reputation because someone failed to get the message.

"By now, California is well-acquainted with Meg Whitman, Steve Poizner and Carly Fiorina - Silicon Valley's big-name candidates this election season. But a pair of relatively unknown tech alums, sitting lower on the ballot, are even more an indication of the political maturation of the valley, a place that has traditionally favored pushing policy from the sidelines instead of crafting and enforcing it in Sacramento."

Geek politicians who want to do for CA what they did for the tech industry. Government 2.0 or crash, reboot, crash...