For those of us who care about , these past seven days have truly sucked.
With relatively little fanfare in the midst of a cacophonous (that means ) parade of news, three significant events seriously undermined our constitutional right to privacy and highlighted (in a muted sort of way) the extent to which new business practices and perhaps the second oldest human inclination (criminality) have continued the relentless assault on our individual rights and liberties. The worst part is that it seems we’re all becoming accustomed to it. Indeed, these affronts to our privacy seem to be becoming part of the country’s genetic makeup… perhaps even as American as apple pie.
By , partner, Jackson Lewis LLP
According to a study*, data breaches occurring in the hands of third-party vendors amounted to 39 percent of breaches in 2010. Whether it be cloud service providers, benefits brokers, medical billing services, debt collection companies, consultants, accountants, law firms, staffing services, shredding/data destruction services, cleaning service providers and other businesses, most companies utilize third party vendors to provide an array of services. Those services often involve letting the vendor access, store and/or process personal information, which creates additional risk and legal obligations for the company using the vendor, such as the service provider contract requirement in Massachusetts.
By Ondrej Krehel,
How do most corporate data breaches happen? Lost laptops and USB drives.
Now many businesses have some kind of security practice in place for lost corporate computers, whether it’s encrypted drives with remote wipe, or a call lost-and-reporting procedure. But how many have USB drive best practices on the books? Not many.
Receiving a breach letter or email doesn’t mean you’ll become a victim. It means something’s happened that could put you at risk. Faced with a breach notice, most people do one of two things—both wrong. They ignore it and throw it away or they freak out and start closing accounts. Do this instead:
1. Read the notice carefully to learn what information may have been exposed and how. (Keep the notice in case you ever need to prove that your data was compromised through no fault of your own.)
If you thought hacktivism, privacy violation fines and cloud security were so last year, think again. Identity Theft 911 experts highlight risks that will impact your organization in 2012.
A massive cyber attack on American infrastructure is the 21st-century equivalent of the neutron bomb. All buildings remain standing but systems inside them are rendered useless. Human beings aren’t killed on a large scale, but few, if any, are left standing either. And while this sounds pretty dire, it’s quite likely some segment of this nation will at some time be shut down by cyber terrorists.
The Department of Defense has been slapped with a $4.9 billion class action lawsuit for allegedly violating the privacy rights of TRICARE data breach victims whose personal information was stored on tapes stolen from an employee in September.
A military family filed the suit on behalf of 4.9 million victims—former and current military personnel and their families—who still don’t know if their information was on the stolen tapes. The breach victims also have not been offered any fraud and credit monitoring services or identity theft resolution services.
It was announced recently that . There was no elaborate hacking, and no technical skill was required on the part of the thieves—some tapes containing these records were stolen from a car belonging to an employee of SAIC who was prosaically transporting them between federal facilities in San Antonio Texas. The data included not only sensitive medical information, including prescription records, but also the names, addresses and Social Security numbers of victims.
Nearly five million current and former soldiers and their family members had their data stolen from a military contractor in September, putting them at risk for identity theft. The lost information includes individuals’ names, Social Security numbers and medical information.
The data was saved on computer tapes that were stolen from a car belonging to an employee of Science Applications International Corp. (SAIC), a large military contractor that runs medical centers for soldiers and their families.
[Related Article: ]