The Privacy Foundation
Dave & Buster’s Settles FTC Charges it Failed to Protect Consumers’ Information, 3/23/10, www.databreaches.com
Entertainment operation Dave & Buster’s, Inc. has agreed to settle Federal Trade Commission charges that the company left consumers’ credit and debit card information vulnerable to hackers, resulting in several hundred thousand dollars in fraudulent charges.
Federal regulators Issue Final Model Privacy Notice Form, 11/17/09, www.pogowasright.org
Eight federal regulatory agencies today released a final model privacy notice form that will make it easier for consumers to understand how financial institutions collect and share information about consumers.
Misfired e-mail was never viewed by Gmail user, 09/29/09, www.cnetnews.com
A sensitive e-mail mistakenly sent by a bank to a Gmail address that prompted a court to order Google to deactivate the account was not viewed by the recipient and has been deleted, the bank said on Tuesday.
An F.A.Q. on the Heartland Payment Systems breach, 1/22/09, www.pogowasright.org
Because Heartland Payment Systems has not really answered the questions of interest to consumers and bloggers like me, I thought — out of “an abundance of caution” — that I would compile what we know and create an F.A.Q. on the breach.
Customer Says Local Bank Warned Of Potential Security Breach, 1/21/09, www.databreaches.net
Curiouser and curiouser… Forcht Bank’s spokesperson originally told a news source that they had been told by First Data Corporation that a breach involving 8,500 debit cards was due to a retail merchant.
Heartland breach expenses pegged at $140M — so far, 5/10/2010, www.databreaches.net
The costs to Heartland Payment Systems Inc. from the massive data breach that it disclosed in January 2009 appear to be steadily adding up.
How Identity Theft Is Like the Ford Pinto, 4/8/2010, www.databreaches.net
Over on Concurring Opinions, Dan Solove describes a new paper by Chris Hoofnagle:Professor James Grimmelmann likes to shop at Kohl’s. So much so that he applied for credit at Kohl’s. And he got it. The problem is that James Grimmelmann didn’t really apply for anything. It was an identity thief.
2010 Identity Fraud Survey Report: Identity Fraud Continues to Rise, 2-/3/10, www.beSpacific.com
More than 11 million adult consumers became victims of identity fraud in 2009, up from nearly 10 million in 2008.
Identity theft victims could seek compensation, 09/10/2009, www.wlkm.com
Identity theft victims will be able to seek compensation for the time and effort it takes to clean up damaged credit history under legislation approved Wednesday (September 9th) by lawmakers, state Rep. Matt Lori announced.
FTC Issues Report on Social Security Numbers and Identity Theft, 12/18/08, www.bespacific.com
The Federal Trade Commission issued a report today recommending five measures to help prevent Social Security numbers from being used for identity theft.
UsernameCheck.com – Check your Username, 11/19/08, www.killerstartups.com
A simple service that might nonetheless come in handy sometime
Database of All UK Children Launched, 05/18/09, www.slashdot.org
“‘A controversial database which holds the details of every child in England has now become available for childcare professionals to access.
Privacy Concerns Over Google On the Rise In Germany, 11/03/08, www.slashdot.org
After protests from several sources, major German news site Spiegel Online has dropped Google Analytics.
UK companines: Leaking Like a Sieve? , 5/12/08, www.pogowasright.org
Most UK companies are losing data every month a survey has found.
Judge won’t accept pleas in Jackson Memorial Hospital ID theft case, www.databreaches.net
A husband-and-wife duo charged with running a racket to pilfer patient records from Jackson Memorial Hospital to sell to lawyers for injury claims tried to plead guilty Tuesday in Miami federal court.
Hospital fulfills subpoena, gets hit with privacy suit , 5/3/2010, www.pogowasright.org
Patient privacy is no doubt paramount in any physician practice. But when a subpoena suddenly is thrust into the physician-patient relationship, doctors may find themselves caught between the law and their privacy obligations.
Virginia Adds Medical Information Breach Notice Law, 4/8/2010, www.phiprivacy.net
The state of Virginia has passed a breach notice law requiring notice of security breaches involving medical information.
EMR Data Theft Booming, 3/26/10, www.privacy.net
Acceleration in the use of electronic medical records may lead to an increase in personal health information theft, according to a new study that shows there were more than 275,000 cases of medical information theft in the U.S. last year.
Better safe than sorry: Express Scripts should notify everyone, 10/02/09, www.databreaches.net
Almost a year after it was contacted by an extortionist, pharmacy benefits management company Express Scripts first learned that the extortionist was in possession of at least 700,000 more members’ personal information…
FTC issues Health Breach Notification Rule, 08/18/09, www.pogowasright.org
The Federal Trade Commission (“FTC” or “Commission”) is issuing this final rule…
‘Anonymized’ data really isn’t – and here’s why not, 09/08/09, www.pogowasright.org
The Massachusetts Group Insurance Commission had a bright idea back in the mid-1990s—it decided to release “anonymized” data on state employees that showed every single hospital visit.
Report: Rethinking the Role of Consent in Protecting Health Information Privacy, 1/2620/09, www.pogowasright.org
News release: “CDT today released a major policy paper intended to move the health privacy debate…
Facebook Privacy: A Bewildering Tangle of Options, 05/12/2010, www.nytimes.com
To manage your privacy on Facebook, you will need to navigate through 50 settings with more than 170 options. Facebook says it wants to offer precise controls for sharing on the Internet.
Application of New Massachusetts Data Security Regulations to Out-of-State Businesses, 05/13/2010, www.databreaches.net
Massachusetts’s new data security regulations, effective as of March 1, 2010, currently set forth the country’s most stringent requirements for protecting data.
OCR drafts guidelines for security risk analysis, 5/05/2010, www.databreaches.net
The Health & Human Services Department published draft guidance to help healthcare providers and payers figure out what is expected of them in doing a risk analysis of their protected patient health information.
First-Ever Global Cost of a Data Breach Study Shows Organisations Paid USD3.43 million per Breach in 2009, 4/28/2010 www.databreaches.net
Privacy and information management research firm Ponemon Institute, together with PGP Corporation, a global leader in trusted data protection, today announced the results of the first-ever global study into the costs incurred by organisations after experiencing a data breach. The 2009 Annual Study: Global Cost of a Data Breach report, compiled by The Ponemon Institute and sponsored by PGP Corporation, assesses the actual cost of activities resulting from more than one hundred real life breach incidents, affecting organisations from 18 different industry sectors.
Mass. Data Security Law Says ‘Thou Shalt Encrypt’, 4/25/2010, www.slashdot.org
Posted by timothy on Sunday April 25, @02:28PM emeraldd writes with this snippet from SQL Magazine summarizing what he calls a “rather scary” new data protection law from Massachusetts: “Here are the basics of the new law.
Study finds young adults do care about online privacy, despite anecdotes of raunchy photos, 4/16/2010, www.pogowasright.org
All the dirty laundry younger people seem to air on social networks these days might lead older Americans to conclude that today’s tech-savvy generation doesn’t care about privacy.
Yahoo Beats Feds in E-Mail Privacy Battle, 4/16/2010, www.wiredcom
Yahoo prevailed Friday over Colorado federal prosecutors in a legal battle testing whether the Constitution’s warrant requirements apply to Americans’ e-mail.
Library of Congress Library Acquires Entire Twitter Archive, 4/14/2010, www.bespacific.com “Have you ever sent out a “tweet” on the popular Twitter social media service? Congratulations: Your 140 characters or less will now be housed in the Library of Congress. That’s right.
Google search across the Twitter archive, 4/14/2010, www.bespacific.com
“Since we first introduced real-time search last December, we’ve added content from MySpace, Facebook and Buzz, expanded to 40 languages and added a top links feature to help you find the most relevant content shared on updates services like Twitter.
Google backs Yahoo in privacy fight with DOJ, 4/13/2010, news.cnet.com
Google and an alliance of privacy groups have come to Yahoo’s aid by helping the Web portal fend off a broad request from the U.S. Department of Justice for e-mail messages, CNET has learned.
Almost Half of Disclosed Breaches Do Not Include Number of Records Compromised, 4/14/2020, www.databreaches.net
Perimeter E-Security today unveiled the results of its annual U.S. Data Breach Study, a review of the scope and impact of data security breaches that occurred in the past year.
Data breaches to cost more in the cloud, 4/8/2010, www.databreaches.net
Remedying a data breach costs 40 percent more for businesses that store their data offshore, a study of Australian incidents has found.
New directives on border searches of electronic media, 09/27/09, www.pogowasright.org
Department of Homeland Security (DHS) Secretary Janet Napolitano today announced new directives to enhance and clarify oversight for searches of computers and other electronic media at U.S. ports of entry.
In Warrantless Wiretapping Case, Obama DOJ’s New Arguments Are Worse Than Bush’s, 4/09/09, www.pogowasright.org
Friday evening, in a motion to dismiss Jewel v. NSA, EFF’s litigation against the National Security Agency for the warrantless wiretapping of countless Americans, the Obama Administration’s made two deeply troubling arguments.
A First Principles Approach to Communications’ Privacy, 5/17/08, www.pogowasright.org
Under current doctrine, parties to a communication enjoy robust constitutional protection against government surveillance…
Student loan company: Data on 3.3M people stolen, 3/27/10, www.databreaches.net
A company that guarantees federal student loans said Friday that personal data on about 3.3 million people nationwide has been stolen from its headquarters in Minnesota.
Webcamgate: Lawyers seek restraining order against district, 2/21/10, www.pogowasright.org
A lawsuit alleging that the Lower Merion School District in Pennsylvania remotely activated security software on laptops issued to students and spied on students in their homes is shaping up to be a significant case for those interested in surveillance issues, the Fourth Amendment, and/or student privacy.
Heart Monitors in Middle School Gym Class?, 09/15/09, www.slashdot.org
My son brought home an order form from his middle school. Apparently the 7th (his grade) and 8th graders are being asked (required?) to purchase their own straps for the heart monitors…
Privacy Concerns About U.S. Database, 11/19/08, www.insidehighered.com
As a general rule, big government databases aren’t especially popular…
France Decides That Expressing An Opinion About Your Teachers Should Be Illegal, 03/04/08, www.techdirt.com
Sites like RateMyTeacher.com and RateMyProfessor.com have been around in the US for ages…
If you have information that would be of interest to the Privacy Foundation, please contact us at .(JavaScript must be enabled to view this email address)