Group items tagged

By now, many employees are uncomfortably aware that their every keystroke at work, from email on office computers to text messages on company phones, can be monitored legally by their employers. What employees typically don't expect is for the company to spy on them while on password-protected sites using nonwork computers. But even that privacy could be in jeopardy. A case brewing in federal court in New Jersey pits bosses against two employees who were complaining about their workplace on an invite-only discussion group on MySpace.com, a social-networking site owned by News Corp., publisher of The Wall Street Journal. The case tests whether a supervisor who managed to log into the forum -- and then fired employees who badmouthed supervisors and customers there -- had the right to do so. The case has some legal and privacy experts concerned that companies are intruding into areas that their employees had considered off limits. "The question is whether employees have a right to privacy in their non-work-created communications with each other. And I would think the answer is that they do," said Floyd Abrams, a First Amendment expert and partner at Cahill Gordon & Reindel LLP in New York. The legal landscape is murky. For the most part, employers don't need a reason to fire nonunion workers. But state laws in California, New York and Connecticut protect employees who engage in lawful, off-duty activities from being fired or disciplined, according to a report prepared by attorneys at the firm Proskauer Rose LLP. While private conversations might be covered under those laws, none of the statutes specifically addresses social networking or blogging. Thus, privacy advocates expect to see more of these legal challenges. In February, three police officers in Harrison, N.Y., were suspended after they allegedly made lewd remarks about the town mayor on a Facebook account. The officers mistakenly thought the remarks were protected with a password, but city officials view

Identity thieves using the names and Social Security numbers of Irving Independent School District employees have made thousands of dollars in purchases, school officials say. One woman has been accused of fraudulent use or possession of identifying information and two charges of credit card abuse. A second person linked to the theft case has been arrested but no charges have yet been filed in the Irving case, authorities said. At least 64 of the 3,400 teachers and other employees whose names were on the old benefits report that somehow ended up in the trash have said they are identity theft victims. The school district mailed letters to current and former employees about the breach, but 472 of the letters were returned as undeliverable. Pat Lamb, district security director, said in a story for Sunday's online edition of The Dallas Morning News that the employees at risk of being on the list worked for the district in the 2000-01 school year and had payroll deductions for benefits. "We still do not know how our records were compromised," Lamb said. "We don't know if somebody was supposed to shred that information, but it ended up in a Dumpster." Lamb said his name was among those on the report, which was generated in 2000. Cynthia Will, a former teacher, pleaded for help from the school board last week. More than $25,000 was charged in her name, including a $4,000 diamond ring, the newspaper reported. "It was stunning the damage that was done in just seven days," she told the board. Will has to carry an affidavit stating that she is an identity theft victim and if there are warrants on her old driver's license number that they are not for her. Dawn Bizzell, who has taught in the district since 1996, said district officials acted too slowly. An employee advisory wasn't posted until Jan. 26. Bizzell said she learned she was an identity theft victim on Nov. 28 and police told her of the district connection on Dec. 3.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

Kaiser Permanente says that the personal information of 29,500 employees in Northern California may have been exposed in a security breach. "A handful" of employees have reported identify theft, the Oakland, Calif.-based managed-care giant said. Police in San Ramon, Calif., seized a computer file containing the employee information from a suspect who was arrested. The suspect was not a Kaiser Permanente employee, and officials declined to provide further details. The file contained the names, addresses, phone numbers, Social Security numbers and dates of birth of the Kaiser workers. No health plan member information or personal health information was involved in the data breach, according to Kaiser officials. "We regret that this unfortunate incident occurred, and we understand the anxiety and worry that some employees may feel," said Gay Westfall, senior vice president for human resources at Kaiser Foundation Health Plan and Hospitals, Northern California, in a written statement. Kaiser is providing one year of free credit-monitoring to workers whose information was in the file.

LOS ANGELES-Fifteen hospital workers have been fired and another eight disciplined for looking at medical records of octuplet mother Nadya Suleman without permission, hospital officials said Monday. Kaiser Permanente reported the violations of health care privacy laws to the state and has warned employees at its Bellflower facility to keep away from Suleman's records unless they have a medical purpose, said hospital spokesman Jim Anderson. "Despite the notoriety of this case, to us this person is a patient who deserves the privacy that all our patients get," Anderson told The Associated Press. Anderson would not elaborate on how the other eight employees were reprimanded, saying only that the punishments were significant. A similar privacy breach at UCLA hospitals led to celebrities' medical information getting leaked to tabloids in recent years, including details of Farrah Fawcett's cancer treatment showing up in the National Enquirer. Anderson said Kaiser does not believe any of Suleman's information was shared with the media, based on the results of their inquiry. The 33-year-old single mother of 14 gave birth to her octuplets on Jan. 26 at Kaiser's hospital in Bellflower, about 17 miles southeast of Los Angeles. Her attorney Jeff Czech said Suleman does not plan to file a lawsuit, though he suspects Kaiser employees were looking for medical information on Suleman's sperm donor. He said the name is not listed on the Advertisement medical records. "She trusts Kaiser and they said they'd look into it," Czech said. "We feel that they're on top of it and are taking care of it." Anderson could not provide details about when Suleman's medical records were accessed and by what kind of hospital employee. He said Kaiser had warned its employees about patient confidentiality rules before Suleman checked into the hospital in December. "Even though no one knew she was there, they knew she was going to have a lot of babies," Anderson said. "The extra monitoring he

To find out more about the survey, I asked Deloitte LLP chairman of the board Sharon Allen to provide some additional context. Given that my only risk-management concern early this week relates to thunderstorms off the coast of South Padre Island, I asked Sharon to step in as a guest blogger today. Here's what she sent me: When I was a high school student growing up in the small farming community of Kimberly, Idaho, little did I know that a song from that time could serve as an anthem for something happening in the workplace today. The Beatles' 1967 classic "Hello Goodbye" is a study in contrasts, as are the current attitudes about social media. Social media has arrived - and with it, employers and employees are singing very different songs about what constitutes appropriate social networking both on and off the job. Recently, I commissioned the third annual Deloitte LLP "Ethics & Workplace" survey. We polled 500 executives and 2,000 employees outside Deloitte. Our survey found that 60 percent of business executives believe they have a right to know how employees portray themselves and their organizations in online social networks. Perhaps because nearly three-fourths of the employees in our poll agreed that the use of social networks makes it easier to damage a company's reputation. However, more than half of employees polled say their social networking pages are not an employer's concern. That belief is especially true among younger workers, with nearly two-thirds of 18- to 34-year-old respondents stating that employers have no business monitoring their online activity.

Banks and financial firms are placing more emphasis on internal threats to cut the flow of data leakage as a result of employee mistakes or workers disgruntled with layoffs and downsizing during the economic crisis, according to a recent survey. The report, "Protecting What Matters: The Sixth Annual Global Security Survey," is based on a Deloitte survey of 250 CISOs in the financial-services industry. It found that 36% of respondents believe the internal threat represents the greatest risk to organizations, compared to 13% who said external threats are the biggest concern. Mark Steinhoff, head of Deloitte's financial services security and privacy practices, said an organization's biggest mistake would be to let its guard down. While the number of security breaches may have declined over the last year, cybercriminals are not rationing back their efforts. "The number of breaches that are occurring are really at the hands of insiders and organizations are understanding that there is a real threat of malicious attacks and exposure of personal information by insiders," Steinhoff said. The failing economy may be driving the increased concern over insider threats, Steinoff said. "The climate we're in today causes concerns about disgruntled employees," he said. "We are seeing the layoffs and other forms of downsizing. Frankly with limited budget and less than satisfied employees, it really raises the parameter on that threat." Human error is the leading cause of information systems failure, and is likely to be the main cause of security attacks in the near future, according to 86% of those surveyed. To protect against employee mistakes that lead to a breach, financial firms should focus on risk rather than compliance to protect themselves, Steinhoff said. "[Organizations] need to look at what they want to protect and look at various types of threats internally and evaluate who has access to the data and who has access to which system, and approach it from that persp

A majority of business executives believe that they have a right to know what their employees are doing on social-networking sites, but most workers say it's none of their bosses' business, according to a new survey by Deloitte. The survey was conducted in April with about 2,000 U.S. adults. Of the 500 respondents with managerial job titles (vice president, CIO, partner, board member, etc.), 299, or 60%, agreed that businesses have a right to know how employees portray themselves or their companies on sites like Facebook and MySpace. But 53% of employee respondents said their profiles are none of their employers' business, and 61% said that they wouldn't change what they were doing online even if their boss was monitoring their activities. That disagreement, says Sharon Allen, chairman of Deloitte's board and the sponsor of the survey, is one that companies need to address, particularly as these sites have become part of younger workers' lives. "It does, in fact, tee up the challenging debate or discussion that needs to take place to try to resolve both of their concerns," she said. Few businesses are having that conversation, according to the survey, though many executives indicated that it was on their minds. When asked what their company's policy was regarding social-networking use, roughly a quarter (26%) of employees said they knew of specific guidelines as to what they could and couldn't post. Similar numbers said their office didn't have a policy or they didn't know if their company had a policy - 23% and 24%, respectively.

"Big Brother is watching. That is the message corporations routinely send their employees about using email. But recent cases have shown that employees sometimes have more privacy rights than they might expect when it comes to the corporate email server. Legal experts say that courts in some instances are showing more consideration for employees who feel their employer has violated their privacy electronically. Driving the change in how these cases are treated is a growing national concern about privacy issues in the age of the Internet, where acquiring someone else's personal and financial information is easier than ever. "Courts are more inclined to rule based on arguments presented to them that privacy issues need to be carefully considered," said Katharine Parker, a lawyer at Proskauer Rose who specializes in employment issues. In past years, courts showed sympathy for corporations that monitored personal email accounts accessed over corporate computer networks. Generally, judges treated corporate computers, and anything on them, as company property. Now, courts are increasingly taking into account whether employers have explicitly described how email is monitored to their employees."

Hackers broke into the Federal Aviation Administration's computer system last week, accessing the names and national identification numbers of 45,000 employees and retirees, a union leader says. Tom Waters, president of American Federation of State, County and Municipal Employees Local 3290, said FAA officials briefed union leaders Monday about the security breach. FAA spokeswoman Laura Brown confirmed the agency's computers were hacked last week. Story continues below ↓advertisement | your ad here Waters said union leaders were told hackers gained access to two files. One file had the names and Social Security numbers of 45,000 employees and retirees on the FAA's rolls as of February 2006. Social Security is the U.S. government-directed pension system, and in the absence of a national identity card, other people's social security numbers can be used to steal identities for illicit purposes. Waters said the other file contained medical information that was encrypted. "These government systems should be the best in the world, and apparently they are able to be compromised," said Waters, an FAA contracts attorney. "Our information technology systems people need to take a long hard look at themselves and their capabilities. This is malpractice in their world." FAA officials told union leaders the incident was the first of its kind at the agency. But Waters said his union complained about three or four years ago about an incident in which employees received anti-union mail that used names and addresses that appeared to be generated from FAA computer files.

While the recession injured many industries in 2008, health care was one of the few bright spots in the employment picture, growing by 372,000 jobs last year, according to the U.S. Bureau of Labor Statistics' January 2009 Employment Situation Summary. The large aging population has health care employers in need of qualified workers: stat. Therefore, despite the current economic conditions, health care employers will continue to increase staff in 2009, according to CareerBuilder.com's annual health care hiring forecast, conducted online within the U.S. by Harris Interactive. Close to one-in-five (17 percent) of large health care employers (50 or more employees) plan to increase the number of full-time, permanent employees in 2009, while 67 percent foresee either making no change in the number of employees or are unsure. Sixteen percent plan to decrease the number of employees. "The health care industry continues to boast high demand for qualified workers. Employers are reacting to this need by continuing strong recruiting efforts this year," says Jason Ferrara, vice president of corporate marketing for CareerBuilder.com. "Half of health care employers, the highest among industries we surveyed, have open positions for which they can't find qualified candidates. In response, health care employers will have to adjust their recruitment and retention strategies to find and keep top talent."

Two U.S. Securities and Exchange Commission employees are under investigation by federal criminal authorities for allegedly using insider information to trade stocks, a source familiar with the matter said on Thursday. A report by the SEC's internal watchdog alleges that the two SEC lawyers traded in stock of a large financial services company despite being told by another SEC employee of ongoing investigations of that company, CBS News reported. The SEC inspector general report said one SEC attorney under investigation works in the Office of the SEC's Chief Counsel and has access to a tremendous amount of nonpublic information, CBS News said. An SEC spokesman said: "We take seriously even the suggestion that any SEC employee would engage in insider trading. We note that the inspector general report neither accuses any SEC employee of insider trading nor concludes that any such conduct took place." Calls to the SEC's inspector general and Federal Bureau of Investigation were not immediately returned.

Johns Hopkins is alerting more than 10,000 of its hospital patients that they may have been victims of identity theft. An investigation suggests a former employee who worked in patient registration may have been linked to a scheme to create fake drivers' licenses in Virginia, according to this letter from Baltimore-based Hopkins to the Maryland attorney general's office. Most of the patients are at very low risk, the letter says - they're included because the former employee accessed their records in the course of her work. But a few dozen have already been identified as likely victims, and a few hundred who have Virginia mailing addresses and whose records were accessed by the former employee may also be at risk. Hopkins is offering those patients credit monitoring, fraud resolution and identity-theft reimbursement for certain expenses.

GovLoop (http://govloop.com), an online community created for and by government employees, announced today it has signed up its 10,000th member less than a year after launching. Dubbed by some as a "Facebook for Feds," GovLoop brings together government employees from the U.S. and other nations to discuss ideas, share best practices and create a community dedicated to the betterment of government. A revolution is happening in government as the result of a new generation of government employees, the rise of Web 2.0 technologies, and the Obama administration's focus on transparency, participation, and collaboration. This revolution is often called "Government 2.0" and GovLoop is at the center of this movement. The social network was developed by Steve Ressler, a 28-year old federal employee from Tampa, Fla. who is also a co-founder of Young Government Leaders (http://youngovernmentleaders.org). Fed up with the silos that existed across government agencies, including artificial barriers between levels of government, rank and age, Ressler believed there had to be a better way to share information, so he launched GovLoop.com in June 2008.

Some American Express card members' accounts may have been compromised by an employee's recent theft of data, the company said Thursday. American Express Co. spokeswoman Susan Korchak said a "relatively small portion" of card members was involved, but declined to be more specific. The former employee has been arrested and the company is investigating how the data was obtained, she said. The company is in the process of notifying affected card members by letter. In one such letter sent last week, American Express Privacy Officer Alfred Silipigni said he was informing the member of "an unfortunate issue" concerning his card. "We recently learned that certain account data was acquired without authorization by an employee who is no longer with the company," he wrote. "The former employee has been arrested, and we are cooperating with law enforcement authorities with their ongoing investigation." American Express declined to disclose any more details about the incident beyond what was in the letter. The company has put additional fraud monitoring and protection controls on the accounts at issue, Korchak said. American Express has about 39 million corporate, small business and consumer cards in force in the United States.

The Kaiser Permanente hospital in Bellflower has been hit with a $187,500 fine for failing for a second time to prevent unauthorized access to confidential patient information, state pubic health officials said today. [Updated at 3 p.m.: A spokesman for the hospital said the fine was part of the ongoing investigation into employees improperly accessing the medical records of Nadya Suleman and her children. Disciplinary action has been taken against the employees, said Jim Anderson, a hospital spokesman. All the incidents occurred in January; a previous post said they had occurred in April and May.] State officials said Kaiser Permanente Bellflower Medical Center compromised the privacy of four patients when eight employees improperly accessed records. This is the second penalty against the hospital, officials said. The hospital was fined $250,000 in May for failing to keep employees from snooping in the medical records of Nadya Suleman, the woman who set off a media frenzy after giving birth to octuplets in January. The fine was the first penalty imposed and largest allowed under a new state law enacted last year after the widely publicized violations of privacy at UCLA Medical Center involving Farrah Fawcett, Britney Spears, California First Lady Maria Shriver and other celebrities. "We are very concerned with violations of patient confidentiality and their potential harm to the residents of California," said Dr. Mark Horton, director of the California Department of Public Health. "Medical privacy is a fundamental right and a critical component of quality medical care in California."

"Important personal information, such as social security numbers, names and zip codes, of many Notre Dame employees was exposed to the Internet after the University accidentally placed the information in a publicly accessible location. The data breach affected about 24,000 employees, including some students who work for the University, Gordon Wishon, associate vice president of information technology and the University's chief information officer, said. The personal information that was exposed will no longer be accessible because the University immediately removed it from the Internet and secured it, he said. "

"Nearly every practicing doctor in the United States is being warned that their identities might have been stolen when the laptop of an employee of an insurance trade group was snagged from a car in Chicago. The laptop contained business and personal information such as Social Security numbers, addresses and certain identification numbers on the laptop of an employee from the Chicago-based Blue Cross and Blue Shield Association, a trade group for the nation's Blue Cross health insurance plans. The association confirmed that an employee "broke protocol and transferred to a personal laptop" information that was stolen in late August. No patient information was on the database, and so far, no doctor has reported a security breach. However, nearly 20 percent of the doctors listed in the database have their Social Security numbers as their medical-care provider identification, putting these health professionals at risk for identity theft, according to an article in the Chicago Tribune."

The Oklahoma Department of Human Services (DHS) is notifying more than one million state residents that their personal data was stored on an unencrypted laptop that was stolen from an agency employee. The computer file contained the names, Social Security numbers, birth dates and home addresses of Oklahoma's Human Services' clients receiving benefits from programs such as Medicaid, child care assistance, nutrition aid and disability benefits, the agency announced Thursday. The computer, which was stolen when a thief broke into the car April 3 after the employee stopped on her way home from work, was password protected, and officials do not believe the burglar realized what he or she was stealing. Therefore, the risk of the data being accessed is minimal, according to the agency. "We feel this was not a situation where someone was targeting the agency or that information," DHS spokeswoman Mary Leaver told SCMagazineUS.com on Friday. "We feel it was random." Leaver said the state Office of Inspector General is conducting an investigation, out of which likely will come a mandatory review of information security policies. However, it is not believed the employee violated existing policy when the incident occurred, she said. News of the theft comes one day after the Ponemon Institute, in conjunction with Intel, released a study that found the average value of a lost laptop is $49,246. About 80 percent of the cost is related to the chance that a breach could occur, the study showed.

With so many workers being axed, the threat to sensitive customer, corporate, military information should be examined. Once workers leave with sensitive information, good luck controlling exposure. Cross International borders and the issue potentially expands into an national "incident" with dire consequences for corporate reputation. Protectionism vs Patriotism. Issues raised in the Great Depression revisited with more impact due to expansion of the economy to global status.

Microsoft Corp.'s plan to eliminate U.S. workers after lobbying for more foreigner visas is stirring resentment among lawmakers and employees. As many as 5,000 employees are being shown the door at Microsoft, which uses more H1-B guest-worker visas than any other U.S. company. Some employees and politicians say Microsoft should get rid of foreigners first. "If they lay people off, are they going to think of America first or are they going to think of the world first?" Chuck Grassley, a Republican Senator from Iowa, said in an interview. He sent a letter to Microsoft Chief Executive Officer Steve Ballmer the day after Microsoft announced the job cuts last month, demanding Ballmer fire visa holders first. Across the technology industry, some of the biggest users of H1-B visas are cutting jobs, including Intel Corp., International Business Machines Corp. and Hewlett-Packard Co. The firings at Microsoft, the world's largest software maker, came less than a year after Chairman Bill Gates lobbied Congress for an expansion of the visa program. Even before Microsoft announced the cuts, its first-ever companywide layoffs, comments on a blog run by an anonymous Microsoft worker angrily debated getting rid of guest workers first. The author of the Mini-Microsoft blog eventually had to censor and then completely block all arguments about visas, after the conversation "got downright nasty."

The following is an excerpt from the book The Truth About Identity Theft. In this section of Chapter 11: Social Engineering (.pdf), author Jim Stickley explains how easy it really is to hack a password. People often ask me how hard it is to hack a password. In reality, it is rare that I ever need to hack someone's password. Though there are numerous ways to gain passwords on a network and hundreds, if not thousands, of tools available to crack encrypted passwords, in the end I have found that it is far easier to simply ask for them. A perfect example of this type of attack was a medium-sized bank that I was testing recently. The bank's concern was related to the new virtual private network (VPN) capabilities it had rolled out to a number of its staff. The VPN allowed staff to connect directly to their secured network while at home or on the road. There is no doubt that a VPN can increase productivity, but there are some pretty major risks that can come with that convenience. The bank explained that the VPN was tied into its Active Directory server. For people who are not technical, basically this just means that when employees log in via the VPN, they use the same credentials they use to log on to their computer at the office. So I went back to my office, sat down, and picked up the phone. The first call I made was to find out the name of an employee in the IT department. I called the company's main line to the bank, pressed 0, and asked to speak with someone in the IT department. I was asked what I was calling about, so I told the employee I was receiving emails from that bank that seemed malicious. I could have used a number of excuses, but I have found that if you tie in an unhappy customer with a potential security issue, your call gets further up the food chain. In this case, I reached a man who I will call Bill Smith. I made up a story about the email, and after a few minutes, he was able to explain to me that I had called the wrong bank and it was actuall