CIPP Information Privacy & Security News

Recent news reports on copier security have brought to the forefront how information stored on a copier's hard drive may be accessible to would-be identity thieves and others. While this vulnerability is eye-opening to many, this concern has been important to manufacturers for quite some time. Just as you would install a virus scan on your laptop or PC, you need data safeguards for multifunction printers (MFPs).

More and more companies are recognizing that they're accumulating ever-increasing amounts of data but not necessarily gaining business insights from it. The missing link is the transformation of data into information that is comprehensive, consistent, correct and current. That isn't a problem technology can solve for you

With increasing dependency on information systems and advances in cloud computing, the smart grid and mobile computing, maintaining the confidentiality and integrity of citizens' personally identifiable information is a growing challenge. A new draft document from the National Institute of Standards and Technology (NIST) addresses that challenge by adding privacy controls to the catalog of security controls used to protect federal information and information systems.

"The Electronic Frontier Foundation said it sued the Justice Department and other U.S. agencies to get information about their policies for using social networks including Facebook and Twitter in investigations, data collection and surveillance. The civil rights group said in a complaint filed yesterday in federal court in San Francisco that the government has used social-networking sites in conducting investigations and hasn't clarified the scope of that use or whether there are any restrictions or oversight to prevent abuses. The EFF said in its complaint that it is seeking the information to "help inform Congress and the public about the effect of such uses and purposes on citizens' privacy rights and associated legal protections." It cited news articles that reported police searching Facebook photos for evidence of underage drinking and an FBI search of an individual's home after the person sent messages on Twitter during the G-20 Summit notifying protesters of police movements. Facebook, based in Palo Alto, California, is the world's largest social networking site with more than 300 million users who post photos, messages and other information on their own free Facebook pages. Twitter, based in San Francisco, is a free Web service with 58 million users that lets people send 140- character messages, called "tweets," to multiple followers. EFF, also based in San Francisco, filed Freedom of Information Act requests with federal agencies in October. None of the agencies had completed processing the requests by the applicable 20-day deadline, according to the complaint. The lawsuit seeks a court order for the government to process the requests and produce documents."

"Using Facebook and Facial Recognition to ID Random People : A professor at Carnegie Mellon conducted a study recently and found that about one third of people he took snapshots of on campus could be identified using Facebook and a facial-recognition technology recently bought by Google. Not only that, but 27% of those folks had information on their Facebook profiles - like birth date or birthplace - that enabled him to correctly predict the first five digits of their Social Security numbers (you know, the part of your Social Security number that's supposed to be totally secret)."

The federal U.S. Federal Sentencing Guidelines calculator was developed by an innovative lawyer who was looking to develop a tool to help lawyers do the calculation for their clients.

According to Gartner Group report, there are 141.1 million mobile payment-ready devices in circulation and that the vast portion of the world's population (mostly in Asia) is actively using NFC and other techniques to pay for items via mobile. However, the US is lagging wildly in this regard, with nearly no activity in the space at present even though two-thirds of young people would be happy to wave their phones in front of a candy machine to grab a bite. Sadly, two-thirds of older folks would balk at the opportunity.

Worried about security, but unwilling to spend a bundle? No problem. With these 11 free programs, you'll keep your computer--and your wallet--safe.

The purpose for all of this online snooping is singular: Google, Microsoft, Yahoo, Apple, Facebook and others are intent on delivering more relevant online ads to each and every one of us - and bagging that advertising money.

"Ordering Pizza in 2015"

The House Energy and Commerce Committee is slated to vote Wednesday on legislation that would require strong security policies from firms that collect and store individuals' sensitive information and provide for nationwide notification in the event of a data breach. The bill was sponsored by House Energy and Commerce Commerce, Trade, and Consumer Protection Subcommittee Chairman Bobby Rush, D-Ill., and was tweaked to win his panel's approval in June, but more revisions are expected.

The House Energy and Commerce Committee is slated to vote Wednesday on legislation that would require strong security policies from firms that collect and store individuals' sensitive information and provide for nationwide notification in the event of a data breach. The bill was sponsored by House Energy and Commerce Commerce, Trade, and Consumer Protection Subcommittee Chairman Bobby Rush, D-Ill., and was tweaked to win his panel's approval in June, but more revisions are expected.

"It's one of the newest and most popular stops on the Washington, D.C. tour, and its artifacts of history leave clues for how information security professionals should approach their future. The International Spy Museum has just celebrated its 7th year and its 5 millionth visitor, says Executive Director Peter Earnest, a former CIA officer who's run the museum since its inception. In an exclusive interview, Earnest discusses: the museum's goals and growth plans; who visits the museum and what they get from the experience; lessons to be learned by today's information security professionals. Earnest is a 35-year veteran of the Central Intelligence Agency (CIA). He served 25 years as a case officer in its Clandestine Service, primarily in Europe and the Middle East. He ran intelligence collection and covert action operations against a range of targets including Soviet Bloc representatives and Communist front organizations. As Museum director, he has played a leading role in its extraordinary success as a Washington attraction. He edits the Museum's book ventures and has frequently been interviewed by the major media in radio, TV, and the press on current intelligence issues."

Insulin pumps are vulnerable to determined hackers who could also remotely mess up the readings of blood-sugar monitors, Jerome Radcliffe, a security researcher who has diabetes revealed at the Black Hat computer security conference, Las Vegas, Nevada. In other words, a hacker could cause a diabetic patient to receive either too much or too little insulin.

In this video, Andre Gold, vice president and CISO of MoneyGram International, will discuss the basics of disaster recovery and business continuity planning, and define several general terms associated with disaster recovery and business continuity planning to help organizations develop a more accurate understanding. The text transcript of Gold's comments is included below. Andre Gold: Over the past four to five years, I've spent a lot of time in disaster recovery and business continuity planning as part of my role as the chief risk officer as well as the CISO for a couple major organizations. During that time, in working with those firms, I've had a greater appreciation of disaster recovery and business continuity planning, and I've learned that although BCP and DR are very important to firms, when its actually time to execute upon those respected strategies, many firms fail, and they fail fundamentally because they lose sight of the core elements of disaster recovery and business continuity planning. And with that, it's those core elements that we will be discussing today.

"A federal law designed to prevent employers and health insurers from discriminating against an individual based on their genetic predisposition to disease took effect late last month, signaling a new era where intermingling genetic advances and privacy concerns create new challenges in health care. But left out of the federal Genetic Information Nondiscrimination Act, commonly known as GINA, were privacy protections for individuals seeking long-term care, disability and life insurance coverage. Each of those areas was left up to the individual states. At least 10 states regulate the use of genetic information in long-term care insurance. But in California, privacy protections were left to expire by lawmakers in January 2008. Mark Billingsley, spokesman for state insurance commissioner Steve Poizner, said in an e-mail that there "appears to be a giant loophole" in California's insurance code regarding long-term care insurance and genetic privacy protections. He said he couldn't identify a single provision in the state code that would preclude a private insurer from requesting such a test for underwriting purposes. "

"Craig Newmark, founder of Craigslist and a customer-service guru, was riding on a public train in San Francisco, California, recently when something common but annoying occurred: The railcar filled with people and became uncomfortably hot. If the inconvenience had happened a few years ago, Newmark said he would have just gone on with his day -- maybe complaining about the temperature to a friend. But this was 2009, the age of mobile technology, so Newmark pulled out his iPhone, snapped a photo of the train car and, using an app called "SeeClickFix," zapped an on-the-go complaint, complete with GPS coordinates, straight to City Hall. "A week or so later I got an e-mail back saying, 'Hey, we know about the problem and we're going to be taking some measures to address it,' " he said. Welcome to a movement the tech crowd is calling "Gov 2.0" -- where mobile technology and GPS apps are helping give citizens like Newmark more of a say in how their local tax money is spent. It's public service for the digital age."

Maybe Craig of Craigslist has finally found something to do with technology besides making it easier to find a prostitute in Los Angeles?

"Lora Bentley spoke with Anzen analysts Megan Brister and Jordan Prokopy via e-mail regarding behavioral advertising - what companies are doing, what regulators want to do and what we, as advertising consumers, need to know. With their coworker Miyo Yamashita, the analysts recently wrote a guest opinion for IT Business Edge. Bentley: Why are so many concerned about privacy when it comes to behavioral advertising? What is it about the Internet that convinces consumers that information they share there is not being used? Brister and Prokopy: Most concerns stem from the lack of transparency around data disclosure practices. While consumers may value a Web site's product and service offerings, they are generally unaware that businesses share their information with an extensive group of other businesses in order to deliver targeted advertising. This group includes news Web sites, advertising networks, profiling services, and Web analytics providers, to name a few. As Pamela Jones Harbour, a Commissioner at the Federal Trade Commission (FTC), discussed at the FTC Roundtable earlier this week, there is an asymmetry between consumer perceptions and business realities. Once consumers are informed of businesses' data handling practices, they will want to have more control over how businesses manage their information. As we discuss in our article, some businesses engaged in online behavioral advertising have been slow to adopt transparent consumer data management policies. This is a concern particularly for vulnerable groups, such as minors or non-English speaking consumers, because they may not understand legally written policies. Consumer advocacy groups argue that without knowledge and control over the collection, use, and disclosure of data, Web sites may misuse or expose sensitive data about consumers' health, lifestyles and finances."

"The inspector general of the National Archives and Records Administration is investigating a potential data breach affecting tens of millions of records about U.S. military veterans, Wired.com has learned. The issue involves a defective hard drive the agency sent back to its vendor for repair and recycling without first destroying the data. The hard drive helped power eVetRecs, the system veterans use to request copies of their health records and discharge papers. When the drive failed in November of last year, the agency returned the drive to GMRI, the contractor that sold it to them, for repair. GMRI determined it couldn't be fixed, and ultimately passed it to another firm to be recycled. The incident was reported to NARA's inspector general by Hank Bellomy, a NARA IT manager, who charges that the move put 70 million veterans at risk of identity theft, and that NARA's practice of returning hard drives unsanitized was symptomatic of an irresponsible security mindset unbecoming to America's record-keeping agency."

"Consumers are often oblivious to the fact that some businesses share a great deal of their personal information with other businesses who deliver targeted behavioral advertising, says Anzen analysts Megan Brister and Jordan Prokopy. In an e-mail interview with IT Business Edge editor Lora Bentley, Brister and Prokopy say most consumers are just not aware of the business practices of companies that use personal information for profit. The Federal Trade Commission recently held meetings with consumer and privacy advocates, business and government leaders to discuss privacy, regulatory, and business issues of online behavioral advertising. It plans plan to ramp up efforts to protect consumers and possibly push for tougher legislation to protect consumers. One issue, Brister and Prokopy say, is the lack of transparency by companies that engage in behavioral advertising. These companies have been slow to adopt clear data-management policies and even when they do have policies, they are often written in language that is difficult to understand. Fortunately for consumers, some type of regulation appears to be on the way. The FTC appears eager to penalize businesses who lack transparency regardless of whether the consumer actually experienced any real negative effects as a result, Brister and Prokopy say."

"Professors from the University of California - Berkeley and the University of Pennsylvania have released the results of a joint study which indicates that young people and old are concerned about private information getting into the wrong hands. They found that approximately two-thirds of all consumers polled said they did not want tailored content if that meant they would be tracked via the Internet. Other interesting findings include: * 66% of respondents reported that tailored/targeted ads 'did not appeal' * 55% of 18-24 year olds reported not wanting tailored ads and 37% reported not waiting tailored discounts * 54% of 18 - 24 year olds report not wanting tailored news * For those over age 65, 82% report not wanting tailored ads and 68% report not wanting tailored news"