Archive | Data Security RSS feed for this section

Oh, you mean government has to follow the law? What was I thinking???

Just another story that illustrates how stupid government thinks we are. Or, perhaps another story for us to illustrate how stupid government is. President Obama announced on January 12th new cyber reforms. He is calling on Congress to mandate that companies whose customer data is breached inform affected individuals within 30 days. But why don’t agencies that are hacked have to notify citizens when their data is compromised? Good question it seems.

On a more humorous note, the silence on the government’s responsibility to protect its own data became awkward, as pro-ISIS hackers allegedly leaked personal information on U.S. military members around the same time Obama was speaking.
There currently is no U.S. requirement for notifying breach victims within a certain time period. A hodgepodge of state regulations give companies varying guidance on contacting victims. Less than 30 percent of federal agencies recently surveyed notified affected individuals of high-risk breaches, the Government Accountability Office reported last year.

The Federal Agency Data Breach Notification Act, introduced by Rep. Gerry Connolly, D-Va., in the last Congress would require, among other things, notifying individual victims within 72 hours after discovering evidence of a personal data breach.

According to Connolly, “he does not feel the administration is applying a double standard by omitting agencies from its legislative agenda.”

Need we say anymore?

Comments are closed

Metadata Matters: Is Big Brother Watching? Yup!

I am one who is continually harping on security and protection of all assets in an organization. I turned the table on myself the other day and started thinking about the mis-use and abuse of personal information by organizations. If we look at Morgan Stanley, why on earth was an essentially a junior level financial advisor given access to all client data? What were they thinking? Big mistake. What about from the marketing perspective? As a member of that profession, marketing loves to gather as much data as possible about clients to increase sales. In fact, our job depends on it. Just a fact of life maybe.

But what about other uses, or mis-uses of privacy data? Regardless of industry, including government, who does have access to my personal information? More people than I would think and more information than I would expect. Not all internal breaches are caused by nefarious purposes but the information is available for the taking.

I suppose it can be attributed to the ethics of the organization, how they protect data, and the importance they place on protecting privacy data. I’ve had my personal information compromised three times now. In the last incident, which was HIPAA data, it was entirely up to me to protect my identity. That included notifying all credit agencies, putting credit holds on all accounts, and purchasing credit monitoring software. To say the least it’s rather irksome. Given that most organizations don’t even report a breach until they absolutely must, we, the people carry the burden of someone else’s mistake. And then we have to figure out how to get our identity back. 

I wonder how bad will this get?  Since most employers are now doing comprehensive background checks, you do have some recourse. You can request your own Lexis/Nexis Accurint Person Report, which is free. At least you can see what your potential employer may see.

Comments are closed