Archive for the ‘Identity Theft’ Category

h1

5.4 million affected by health data breaches in 2010, says HHS

September 17, 2011

In calendar year 2010, HIPAA-covered entities notified the Health and Human Services Department of 207 breaches that affected 500 or more individuals. This resulted in breach notifications being sent to approximately 5.4 million individuals, finds an HHS report.

The most common cause of these large breaches in 2010 was theft, according to an annual report (.pdf) submitted to congressional committees. The report covers breaches between Sept. 23, 2009 and Dec. 31, 2010.

Read more: 5.4 million affected by health data breaches in 2010, says HHS – FierceGovernmentIT http://www.fiercegovernmentit.com/story/54-million-affected-health-data-breaches-2010-says-hhs/2011-09-12#ixzz1YD0i3CB4
Advertisements
h1

Oracle lawsuit highlights cloud security and liability concerns

June 14, 2011

Montclair State University’s recent lawsuit against Oracle highlights one of the major fears for potential Oracle cloud computing users — that of data security and liability.

Montclair State is suing Oracle for mismanagement of a failed multimillion-dollar PeopleSoft ERP implementation. One of the New Jersey college’s claims is that Oracle hedged on providing a hosted data center environment in which Montclair could convert its financial data to ready it for PeopleSoft applications. According to Montclair, Oracle wanted the university to sign an amendment that would excuse Oracle from legal liability if Oracle wasn’t able to keep Montclair’s financial data confidential.

“Oracle’s proposed amendment was inconsistent with Oracle’s obligation to maintain the University’s data confidential under the terms of the parties’ existing agreement …” the lawsuit reads. As a result, the university bought more server hardware to do the data conversion in-house, a measure that cost it time and money.

Source Oracle lawsuit highlights cloud security and liability concerns

h1

Data in the “Cloud” Needs Fourth Amendment Protection

May 30, 2011

“Cloud computing” is the term for applications that are handled by third-party software and storage on the Internet, like Google Docs and QuickBooks Online, as opposed to programs like Microsoft Word and Quicken, which you load and access from your PC.

Gmail and Hotmail were early examples of cloud computing. The cloud computing concept has since expanded to include popular applications like photo editing and sharing, money management and social networking. It also takes in the increasing number of cloud-based storage services, like Dropbox, which allows you to port documents from client to client, and Carbonite, which performs near real-time back-up of data and documents on your PC.

What most Americans don’t realize is that data stored in the cloud is not protected by the Fourth Amendment the way that same data is if stored on a PC, CD or detachable hard drive in the home. A new bill in Congress, S.1011, introduced last week by Sen. Patrick Leahy (D-VT), as a big step toward closing this loophole. S.1011, also cited by Berin here, extends the due process provisions against illegal wiretapping in the existing Electronic Communications Privacy Act (ECPA) to personal data stored in data centers owned and operated by third parties.

Source Data in the “Cloud” Needs Fourth Amendment Protection

h1

Opinion: How to be a modern IT manager

May 18, 2011

The spectre raised by Nicholas Carr in 2003 – that IT doesn’t matter – has risen again, summoned by the two prevailing trends of the day: cloud computing and the consumerisation of IT.

IT managers and CIOs today would do well to read the original Harvard Business Review essay, in which Carr argues that IT is becoming a commodity the same way rail transportation or electric power did. The essay has well-known flaws, the worst of which is Carr’s narrow characterisation of IT as network, compute, and storage infrastructure. But in at least one respect Carr was prescient: The commoditisation of those core infrastructure functions is now taking place.

For an increasing number of workloads, it matters less and less whether you spin up VMs in Amazon’s datacentre or in your own – or even whether you licence applications on premise or rent them from an SaaS provider. Today’s key questions are “How fast can I get it?” and “What’s the TCO?”

At the same time, CIOs and IT managers are under assault from a commoditising force Carr never anticipated: Consumer devices that users bring to work. IT has been forced to accommodate mobile devices tied to commercial networks because smartphones and tablets deliver huge gains in productivity.

Those who try to erect a Maginot line against commoditisation, and insist that all IT from infrastructure to mobile devices must stay under their complete control, hobble their business’ competitiveness and limit their careers. At the same time, no company would tolerate the chaos of lines of business buying and deploying their own technologies without regard to security, integration, or economies of scale.

Finding a middle ground between those extremes is part, but not all, of becoming a modern CIO. We are entering a period of accelerated change, one that includes the break-up of the Windows desktop paradigm. Here is my advice to CIOs, IT managers, CTOs, and other technology leaders:

Become a technology strategist. The era of the CIO who simply “keeps the joint running” is over. Just as good business strategists need to think beyond the next quarter and explore new opportunities, IT leaders need to look for emerging technologies that accelerate innovation, from promising cloud applications to internal app stores to advanced virtualisation management. Standing still isn’t a safe place to be anymore.

Build a service catalogue. Gone are the days when you can simply serve the business stakeholders who bark loudest with one-off, end-to-end infrastructure and apps to meet their needs. Technology leaders need to step up and say: “You want to drive the cost out of operations? Then give me the resources up front to provision shared services and the authority to make every appropriate department use them so I get maximum economies of scale”. Embrace commoditisation when you can and you’ll free up resources.

Cultivate your developers. When infrastructure becomes commoditised, developers are the big winners. Development, test and deployment cycles shorten dramatically, leaving more time for developers to interact with the business, engage in agile practices, and create applications that accelerate business processes. Coming out of a disastrous recession, the number one imperative is to jump on new business opportunities. Create a development culture where you can deliver apps to meet that challenge with all appropriate speed.

Practice postmodern security. Networks are permeable. In fact, most are already infected. The perimeter still needs to be protected, of course, but concentrate your efforts on authentication, access control, encryption and other security technologies that protect data and applications.

Empower your users. In most businesses, the most valuable employees are often the ones who have the initiative to provision their own technology. If they’re not going to wait for IT to build what they want and go to the cloud instead, don’t clamp down; help them find the right providers and create a framework for provisioning instead. Rather than ban mobile devices, create policies that enable people to use them safely – and explore new technologies like mobile client hypervisors.

The truth is that every part of IT matters – but a smooth-running, elastic infrastructure is the new baseline. To stay strategic, CIOs need to drive cost out of infrastructure and shift investment to technology and development that grows the business. And when IT makes users its ally, and shares control over technology, IT isn’t diminished – it just broadens and deepens its integration with business.

Source Opinion: How to be a modern IT manager

Visit us at http://www.gosecure.com soon

h1

EU Data retention directive ‘flawed, unlawful’

April 20, 2011

European state powers to retain data about customers’ telecommunications are set to come in for a kicking with the release of an offical report from the European Commission.

The report, due out this afternoon, is expected to evaluate and gently prod the Commission towards taking further steps to harmonising existing legislation (pdf) in this area and ensuring that it does not clash with the basic human right to privacy.

Others, including digital civil rights organisation EDRI and the Lib Dems Home Affairs spokeswoman in the European Parliament Baroness Ludford, are more critical.

According to the official report, which The Register has seen in leaked form only, privacy rights may be subject to limitation where such limitation is “proportionate to the general interest”. It is right, the report says, that European states should retain data on telecommunications between their citizens, both as a means to break down barriers to trade and as a proportionate response to international terrorism and serious crime.

Source EU Data retention directive ‘flawed, unlawful’

Visit us at http://www.gosecure.com soon

h1

Privacy concerns over new student database

April 12, 2011

Oxford University’s decision to add students to the University’s Development and Alumni Relations System database has provoked mixed reactions.

An email was sent out to students on Thursday stating that the University will be adding information on all students to the new database “in order to facilitate better communication and engagement for the entire Oxford community.”

However, students wishing to opt out of having their information migrated are given the opportunity to do so before the 4th May.This data includes name, contact details, date of birth, gender, marital status, nationality, supervisor, college advisor, programme of study and educational history. Academic results will not be transferred.

Imagine hackers are licking their lips already over this one, and thought Oxford was supposed to have some smart people, but look at this self-contradictory explanation:
It is said that details in DARS are held securely, and the data can then be used for networking purposes so that those who have left university can “connect with other, like-minded alumni”.
The email sent to students also states that the data may be used by colleges, faculties, departments, administrative units, international offices, recognised alumni societies, and sports and other entities associated with the University.

Hopefully, the students at Oxford are smarter or more savvy than the folks who came up with this plan and they will opt out immediately.

Read more on privacy concerns of students

Visit us at http://gosecure.com soon

h1

Data Protection Laws In India

March 30, 2011

With issues like cloud computing and m-governance the things have become even more complicated. The real problem is that India does not have any dedicated Privacy Law, Data Protection Law and Legal Enablement of M-Governance in India informs Praveen Dalal, a Supreme Court Lawyer and leading Techno Legal expert of India. With the proposed use of Cloud Computing, Software as a Service (SaaS) and M-Governance by Indian Government, more “Privacy Violations”, “Cyber Security” and many more “Regulatory Issues” would arise in future. These “Initiatives” cannot succeed in India in the absence of adequate and strong Laws in this regard, informs Dalal. With the proposed Draft Electronic Delivery of Services Bill 2011 (EDS Bill 2011) things would even become more complicated. When most of the public services would be delivered through Mandatory E-Governance Model, a very strong Data Protection Regime and Privacy Protection Regulatory Framework would be required, opines Dalal.

Read More http://cjnewsind.blogspot.com/2011/03/data-protection-laws-in-india.html

Vist us at http://gosecure.com