You have an unlisted phone number, you guard your personal information, you shred your financial papers- so everything is private and safe, right? Would you be alarmed to know that even when you think things are private, a perfect stranger can look you up online, see your address, birth date, past addresses, and even see a photo of your home, down to the detail of your child's play set out in the back yard? Alarmed yet? You should be. Take a look at this website: www.zabasearch.com. Simply plug your name in, and you are likely to be surprised, and probably a bit distressed to see all the information that is readily available online. How could this happen? Easy. Virtually every major change in your life is recorded somewhere in a government document. When you are born, a birth certificate is issued. When you obtain a driver's license, get married, buy a house, file a lawsuit ' all of these events are recorded in public documents easily available to you and to others. Government records are intentionally public in order to enable citizens to monitor the government and to ensure accountability in our society. The challenge is to balance the public's right to information with the individual's right to privacy.

Naturally, privacy watchdogs answer the question in this post title with a resounding "Yes!" The answer is so emphatic, in fact, that the Center for Digital Democracy and U.S. Public Interest Research Group are filing a 52-page complaint with the FTC today alleging that mobile marketers collect so much "non personally identifiable information" that it infringes on users' privacy-and are "unfair and deceptive." Mobile devices, which know our location and other intimate details of our lives, are being turned into portable behavioral tracking and targeting tools that consumers unwittingly take with them wherever they go. (Shh! Don't tell them the FBI can remotely turn on the microphone of several cell phone brands and convert your phone into a roving bug, even when it's off!) But is the Internet private-and should it be? Is a profile that states that you are interested in outdoor rec and currently in the Santa Clara, CA, area an invasion of your privacy? And if so, should we ban all outdoor rec stores and centers in Santa Clara from collecting personally identifiable information like, say, a picture of you when you walk in their lobby? Should we prohibit all employees from asking your name and if you slip and mention it, make sure they never call you by it?

It is information no one would want scattered on papers in a parking lot, much less thrown away in a dumpster for anyone to find. Medical records were found behind a 99 Cents store in southwest Houston putting people's identities at risk. "This has got Social Security numbers, Medicare numbers. That's pretty serious," said the man who found the documents. Dozens of documents with sensitive personal information were dumped. A self-proclaimed dumpster diver who wants to remain anonymous found them.

How does technology affect my privacy? Most of us have things we want to keep private - from our parents and teachers, from our siblings, from our friends. We all know that it's important not to leave a personal journal or a student card lying around in plain view. But have you ever wondered about how technology affects your privacy? Think about the technology that you use every day - to connect with your friends, to chat online, to download your favourite music. Did you know that technologies like these can be used to monitor your behaviour online? And that this private information can be stored and sold, often without you ever knowing about it? Why should I care? Because all these new technologies can have a significant impact on your personal privacy. And if you know how to use them properly you can control your private information - and make it more difficult for others to use your information without your permission. What do I really know about my privacy? Check out this privacy quiz and find out!

Beyond PCI: Other Regulations to Look For in 2009 Just a few days ago, the Federal Reserve, the Office of Thrift Supervision and the National Credit Union Administration announced the enactment of comprehensive new rules regarding card practices. These rules, which will not take effect until July 1, 2010, impose restrictions on a number of controversial issuer practices, including interest rate increases, late fees and double-cycle billing. Many industry observers predict that the rules will result in less credit being made available, and on stricter terms, than has been the case over the last several years. These rules may not be the end of the matter. Rep. Carolyn Maloney (D-NY), who in 2008 introduced the Credit Cardholders' Bill of Rights Act of 2008 (which sought to regulate many of the same practices as the then-proposed Fed rules), stated that she was disappointed in the delayed effectiveness of the Fed rules and promised to revive the Credit Cardholders' Bill of Rights in 2009 to, as she put it, "bridge the gap" between now and the effective date of the Fed rules.

Facebook's developer platform has been used for a zillion marketing campaigns so far, but this one is actually dead-on hilarious. Fast-food chain Burger King has created "Whopper Sacrifice," a Facebook app that will give you a coupon for a free hamburger if you delete 10 people from your friends list. Burger King has put out some interesting campaigns as of late ("Whopper Virgin," "Subservient Chicken"), but this one piques our interest because of how gleefully it pokes fun at our social-networking obsessions. "Now is the time to put your fair-weather Web friendships to the test," the Whopper Sacrifice site explains. "Install Whopper Sacrifice on your Facebook profile, and we'll reward you with a free flame-broiled Whopper when you sacrifice ten of your friends. The funniest part: The "sacrifices" show up in your activity feed. So it'll say, for example, "Caroline sacrificed Josh Lowensohn for a free Whopper." Unfortunately, you can't delete your whole friends list and eat free (however unhealthily) for a week. The promotion is limited to one coupon per Facebook account. My Facebook friends had better appreciate the fact that I made a New Year's resolution to cut out red meat. Hint, hint.

On January 7, backers of California's Proposition 8 filed a federal lawsuit, asking that they be exempted from complying with California election laws that require disclosure of the names of people who give as much as $100 to a campaign for or against an initiative. The case is ProtectMarriage.com v Bowen, no. 2:09-cv-00058 (Sacramento). It was assigned to U.S. District Court Judge Morrison England, who was appointed in 2002. The case depends on the 1982 U.S. Supreme Court precedent Brown v Socialist Workers '74 Campaign Committee, which said that disclosure is not compelled if there is a reasonable possibility that campaign contributors, if identified, will be subject to harassment. Besides the Socialist Workers Party, other groups that have won freedom from disclosure include the Freedom Socialist Party, Socialist Action, and the Communist Party.

The suggestion comes after a 12 month period in which the Government has admitted losing millions of personal records, including the entire child benefit database. Richard Thomas, the information commissioner, will tell MPs that its annual tracking survey has found a big jump in the way that people view loss of personal data, excessive surveillance, privacy intrusions and identity theft. Its survey of 1,000 people found 94 per cent of people ranked "protecting personal information" as their top concern, ranked equal with concerns about crime. Public awareness of access to their personal information held by public bodies has also jumped, from 74 per cent to 86 per cent between 2007 and 2008. Mr Thomas will say that part of the reason has been the 277 data breaches by public bodies, since HM Revenue and Customs said it had lost the personal details of 25 million families on the child benefit database in October 2007.

President-elect Barack Obama has promised to computerize all of America's medical records within five years. He made the pledge last week in a speech at George Mason University. "This will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests," he said. "But it just won't save billions of dollars and thousands of jobs, it will save lives by reducing the deadly but preventable medical errors that pervade our health care system." But the road to digitized medical records will be a tough and expensive one, CNN Money reported. Today, only about 8% of the country's 5,000 hospitals and 17% of its 800,000 physicians use electronic medical records. There is also the issue of patient privacy. Numerous hospitals have faced security issues since moving to electronic medical records. The Industry Standard reported on a security breach at a Los Angeles hospital last month. And then there is the cost. Studies done by Harvard, RAND and the Commonwealth Fund peg the cost of the digitization plan between at least $75 billion to $100 billion, according to the CNN article. However, the health care industry spends $2 trillion dollars a year, so the $100 billion may be well worth the long-term savings.

One of my predictions for last year was that privacy would be a growing concern among mainstream users. I didn't repeat that prediction this year, but perhaps I should have. The reason? Apparently, younger web users seem to care more about privacy controls. Or at least, they use them more. According to Facebook chief privacy officer Chris Kelly, more teenagers than adults use privacy controls on the social network, at a rate of 60% to about 25-30%. That's surprising given the conventional wisdom that younger Internet users tend not to care about the privacy of their data. A recent study from Computer Associates confirms that many teens are at least somewhat concerned with online privacy. That study showed that 79% of teens aged 13-17 who are members of a social networking site like MySpace or Facebook protect their profiles from the general Internet in some way (i.e., only allow friends or friends of friends to view their information). Profiles on Facebook, of course, are automatically protected from viewing by the Internet at large, but protecting them from the rest of your network requires additional steps. That teens are more likely to utilize Facebook's granular privacy controls points to one of two things that lead to the same conclusion: 1. Teens care more about online privacy than adults, or, 2. Teens are simply more aware of social networking privacy controls than adults.

This tip is part of Mitigating Web 2.0 threats, a lesson in SearchSecurity.com's Data Protection Security School. Visit the lesson page or our Security School Course Catalog for additional learning resources. Social networking, a term relatively new to the computing vernacular, has already become part of the cultural norm for a great proportion of Internet users. Even more recently, the use of online communities to establish and build connections among those with shared interests has become part of the corporate world as well. As professional social networks such as LinkedIn and Blue Chip Expert continue to grow, and professional groups gain in popularity on once-personal sites like Facebook and MySpace, enterprise security and risk management professionals must face the reality that these sites are emerging conduits for the unauthorized disclosure of confidential corperate information. Add the use of public social networking tools to the list of concerns, and the effectiveness of the traditional corporate security perimeter is further diminished. However, a robust set of policy, process and architecture aids in mitigating the risks of being social. Broadly, social networking is described as software that lets people interact, rendezvous, connect, play or collaborate by use of a computer network. This definition covers the popular social networking sites, including those mentioned above, as well as blogs, wikis, RSS, podcasts, tags, and more recently, search engines. While there are numerous benefits to social network solutions, including reducing costs and increasing collaboration, we'll focus on addressing the risks.

This tip is part of SearchSecurity.com's Data Protection School lesson, E-discovery and security in the enterprise. Visit the E-discovery and security in the enterprise lesson page for additional learning resources. Most information security pros have a handle on the major data types found in their environments, but they also know that there is a whole lot more data lurking around the edges. These unknown data types can include documents used by individuals, or whole applications owned by departments that have quietly become essential to the business. Most of the time, focusing on the squeaky wheels is an acceptable strategy; if there's no "squeak" then there's no need to worry. But when it comes to litigation, and especially managing the electronic discovery process, what you don't know can hurt you. There are four major types of data in use today: paper documents; structured data sets, like databases; semi-structured applications, like email and image stores; and unstructured repositories, like file servers. Comprehending the vast volume of these varied records can be a challenge for everyone involved, which includes information technology, records management, legal staff, and even the data owners themselves. But since almost all business information is stored in digital formats today, electronic storage systems are the most popular target for the discovery motions filed as part of legal proceedings. It is most efficient for a litigator to head straight for your email, spreadsheets and applications, looking for what they term electronically stored information (ESI). Making matters worse for IT administrators, new rules for civil litigation enacted at the end of 2006 (called the Federal Rules of Civil Procedure, or FRCP) have pushed up the timetable of electronic discovery. What was once a delayed and informal process has become much more structured, with lawyers meeting to discuss available ESI, typically just a few weeks after legal action commences. When l

Enterprise employees frequently use social networking tools, most notably Web-based applications. It's no surprise more organizations are wondering what happens if social networking data becomes relevant to an e-discovery investigation. How does an enterprise go about discovering and assessing Web 2.0 data? How responsible is an organization, legally speaking, for the information that's out there in the Web 2.0 world? What risks arise from e-discovery as it relates to Web 2.0 data, and how can you mitigate them? In this tip, we will look at e-discovery as it relates to Web 2.0 and consider the strongest options for minimizing risks to the organization. E-discovery basics We begin with a quick look at what e-discovery is and how it can create risk. Essentially, e-discovery is the electronic extension of the legal process of discovery, which Wikipedia defines as "the pre-trial phase in a lawsuit in which each party through the law of civil procedure can request documents and other evidence from other parties or can compel the production of evidence by using a subpoena or through other discovery devices, such as requests for production and depositions." If you're an IT person, not a lawyer, it's important to note that the rules governing the discovery process now require plaintiffs to address all electronically stored information or ESI. In other words, if your organization faces litigation, it will have to deal with the issue of e-discovery, which will entail a whole lot more than turning over some old emails. Depending upon your role in the organization, the first you may hear of this is a "notice of litigation" with perhaps a "litigation hold directive" containing a "preservation directive." Here is a generic e-discovery request below. Apart from a few limiting factors, such as subject matter, named persons and a specified time period, the scope of such a notice is likely to be broad; blame standard procedure, not some high-powered attorney pushing his or her lu

Consumer Sentiment rose up by 1.8 points in early January to 61.9%, compared with market expectations for a slight decline to 59.0%. Despite this surprising gain, sentiment is still 8.4 points below its September level and 21.0% below its year ago level. The current level remains well below its recessionary average of the past 50 years. Current Conditions slipped by 0.3 points to 69.2%. This is 5.8 percentage points below its September level and 26.7% below its year ago level. Consumer Expectations jumped by 3.2 points to 57.2%. Nevertheless, they are still 10.0 percentage points below their September level and 16.0% below their year ago level. Bottom Line: Consumer sentiment climbed in early January. However, sentiment had collapsed in October in reaction to the intensification of the financial and credit market turmoil. Overall assessments of the economy, as well as assessment of current conditions and consumer expectations, are still significantly below their September level and well below their year ago levels. Thus, despite this month's increase, household assessments of the economy are still mired at recessionary levels. The causes of consumers' pessimism are also dampening real consumer spending.

Heartland Payment Systems, the sixth-largest payments processor in the U.S., announced Monday that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud. Meanwhile, Forcht Bank, one of the 10 largest banks in Kentucky, told its customers it would begin reissuing 8,500 debit cards after being informed by its own card processor of a possible breach. In the case of Heartland, while the company continues to assess the damages inflicted by the attack, Robert Baldwin, the company's president and CFO, says law enforcement has already noted that the attack against his company is part of a wider cyber fraud operation. "The indication that it is tied to wider cyber fraud operation comes directly from conversations with the Department of Justice and the U.S. Secret Service," Baldwin says. The company says it believes the breach has been contained. Heartland, headquartered in Princeton, NJ, handles approximately 100 million transactions per month, although the number of unique cardholders is much lower. "It is still a question as to the percentage of the data flow they were able to get," Baldwin says, adding he would not speculate on the number of cards potentially exposed. Specifics surrounding when the breach occurred are still being analyzed. But Baldwin says two forensic auditing teams have been working on the breach analysis and investigation since late 2008, after Heartland received the notification from Visa and MasterCard. The investigation began immediately after the credit card companies told Heartland they saw suspicious activity surrounding processed card transactions. Described by Baldwin as "quite a sophisticated attack," he says it has been challenging to discover exactly how it happened.

It's time to comply. Nov. 1 is here, and financial institutions throughout the U.S. are still scrambling to meet their Identity Theft Red Flags Rule compliance deadline. For the past year, we've done what we can to guide your efforts with articles, interviews, research, webinars and white papers. You can see the fruits of our efforts here. These are the resources you need to ensure not just your own compliance, but that of your third-party service providers and key business partners. Within this special guide, please find: * A summary of the final rule and guidelines, including a listing of all 26 red flags; * A detailed look at the examination procedures for the new rule; * Insights from federal regulators and banking practitioners on what to expect post-Nov. 1; * Analysis of what compliance means to your institution and its customers for years to come.

If practice makes perfect, it's no wonder commercial pilot Chesley B. (Sully) Sullenberger III was able to save the day last week, guiding a malfunctioning jetliner over New York City and landing it safely in the Hudson River. It turns out Sullenberger was well trained for the job and had been studying crisis management. The Associated Press' Amy Westfeldt says Sullenberger, 57, of Danville, California, is a former fighter pilot who runs a safety consulting firm in addition to flying commercial aircraft. Westfeldt says Sullenberger is president of Safety Reliability Methods, a California firm that uses "the ultra-safe world of commercial aviation" as a basis for safety consulting in other fields. "When a plane is getting ready to crash with a lot of people who trust you, it is a test," Civil engineer Robert Bea told Westfeldt. "Sully proved the end of the road for that test. He had studied it, he had rehearsed it, he had taken it to his heart." The pilot "did a masterful job of landing the plane in the river and then making sure that everybody got out," Mayor Michael Bloomberg told AP. "He walked the plane twice after everybody else was off, and tried to verify that there was nobody else on board, and he assures us there was not. He was the last one up the aisle and he made sure that there was nobody behind him."

The GUIDE's Response & Recovery Issue Available in Digital Format Now! Our recent Response & Recovery issue focusing on Hurricane Ike is now available in digital format. If you did not receive the printed copy, follow this link for access to this invaluable resource

Scammers are at it again - taking advantage of Google sponsored ads for acquiring traffic in order to redirect it to malware-infected copies of legitimate software. win.rar GmbH is warning users of an ongoing fraudulent AdWords campaign pushing a malware-infected copy of WinRAR, the popular archiving application. Starting from the basic fact that, both, legitimate and malicious users can purchase their visibility, the fake WinRAR release is only the tip of the iceberg. Let's take a peek at the campaign impersonating Download.com - impersonation is a form of flattery - and discuss a separate campaign promising to deliver free copies of the free in general, WinRAR and WinZip, managed by a Zango adware affiliate.