tag:blogger.com,1999:blog-26301867600958247912023-09-26T08:42:57.194-07:00Identity Theft and BusinessWhere D = data, and V = value, and R = risk, the desired outcome is DV > DR = Success (borrowed from a friend)John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.comBlogger148125tag:blogger.com,1999:blog-2630186760095824791.post-9181327410991627922010-03-30T08:02:00.000-07:002010-03-30T08:18:06.309-07:00Longer Term Effects of ID TheftThe story below may be a great example of how identity theft can occur at any time from some unlikely sources. A person takes out a student loan and gives their personal information out. An incident like this happens and they get the obligatory "credit monitoring" service. Yet several years later they find that they have been victimized in a dozen non-credit types of crimes. They find that mysteriously their medical insurance policy is waivered due to multiple false claims made. They discover that dozens of small retail accounts have been opened purchases were made and never paid. Now they are being hounded by credit recover agencies or attorneys trying to collect on bad debt. During a routine traffic stop they find warrants have been issued because their ID was used with police after multiple traffic violations. They are arrested. Credit monitoring alone cannot help those victims. Everyone needs to be aware of the outcome of millions of ID theft cases each year that are not directly related to the credit bureaus or banks and credit cards. These far-reaching effects are much more serious and very complex issues to deal with. An ID theft victims needs the help of professionals who will advocate for them, and even represent them in righting corrupt personal file entries throughout the system.<br /><br /><span style="font-style:italic;">Personal Information of 3.3 Million Stolen<br />A student loan firm is providing credit monitoring and protection services to some 3.3 million people affected by a data breach, the Washington Post reports. A spokesman for Educational Credit Management (ECMC), a nonprofit student loan guaranty agency headquartered in Minnesota, said portable media containing personally identifiable information was stolen in an "old-fashioned theft" from company headquarters. The stolen information included names, addresses, birth dates and Social Security numbers, but no banking information, an ECMC press release said. <br /></span>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com1tag:blogger.com,1999:blog-2630186760095824791.post-77555281913471728832010-03-10T10:13:00.000-08:002010-03-10T10:28:19.728-08:00Office Awareness TrainingWhen I speak with business owners about the dangers of data breaches within the office, I often have to point out the issue of copy machines. Copiers can record thousands of documents on the internal hard drive. As mentioned in the article below it is very simple to capture the contents of the drive on a laptop in just a couple of minutes. This also applies to the copy machines in office supply businesses and copy shops. As most private businesses lease their copiers it is incumbent on the rental company to erase hard drives before removing the machine from the client's office. They need to be reformatted to insure the data is erased.<br /><br /> "When you protect the information on others you are protecting them, when someone else does it they are protecting you."<br /><br /><span style="font-style:italic;">Copy Machines Pose Privacy Risks <br />Boston's WBZ-TV reports on a privacy threat looming in homes and offices: copy machines. Security expert John Juntunen demonstrated how easily accessible a copy machine's stored data can be, connecting his laptop to a copier and downloading a child support document and one woman's IRA application containing her address, Social Security number and date of birth. Another hard drive produced contact information for Caroline Kennedy. Though companies are supposed to wipe used hard drives clean before selling a machine, that isn't always executed, the report states. "I think it's an issue that's going to have major ramifications," says security expert Sean O'Leary.<br /> </span>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com1tag:blogger.com,1999:blog-2630186760095824791.post-81286949537757586682010-03-09T13:54:00.000-08:002010-03-09T13:58:05.820-08:00Lifelock Settles with the FTCFor all of those who have purchased a Lifelock product without reading the contract here ya go. <br /><br /><span style="font-style:italic;">Federal Trade Commission Chairman Jon Leibowitz and Illinois Attorney General Lisa Madigan announced a settlement today that requires LifeLock, Inc., to pay a total of $12 million to settle charges that its claims of providing comprehensive identity theft protection were false. According to the FTC, LifeLock did offer some protection against specific types of ID theft, but the company's practice had no effect on the most common form: the misuse of existing credit card and bank accounts. "While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it," Leibowitz said.</span><br /><br />I have many clients who had a Lifelock plan until I explained to them what they are not getting in the bargain. Please read the fine print before you buy!John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com2tag:blogger.com,1999:blog-2630186760095824791.post-16647304797374659942010-03-05T14:34:00.000-08:002010-03-05T14:42:10.096-08:00What, Medical Identity Theft?A little over three years ago I was speaking with a good friend and author on identity theft. He had predicted that medical identity theft would soon be the new frontier of identity theft. He had been soundly rejected by the press and some so called experts. They put down his theory as soundly as if he had purported that the world was flat after all. In fact John Gardner was exactly right. Read the article below to see just how pervasive medical identity theft and fraud has become.<br /><span style="font-style:italic;"><br />A new survey from the Ponemon Institute shows that nearly six percent of American adults have been victims of medical identity theft, with an average cost per victim of $20,160. The cost comes from the efforts victims face to sort out what happened with concerned parties such as doctors, hospitals, insurance companies and credit agencies, the San Francisco Chronicle reports. "The National Study on Medical Identity Theft" is based on findings from 156,000 people who agreed to discuss the general topic of identity theft, with 5.8 percent confirming they had been the targets of medical ID theft. Based on those statistics, the study estimates that 1.42 million adults in the U.S. may have experienced the theft of their medical identification information</span>.John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-38199261778325639312010-03-02T10:26:00.000-08:002010-03-02T10:27:58.096-08:00The Cost of Data TheftThe pice to Fix Data Theft: $7 Million and Counting<br />The theft of 57 unencrypted hard drives from BlueCross-BlueShield of Tennessee has given thieves access to personal data on upwards of 500,000 customers and is costing millions to fix, PCWorld reports. The drives contained recordings of more than one million customer support calls as well as 300,000 screen shots, which in some cases included names, birthdates and Social Security numbers. BlueCross is now auditing its security practices, the report states. The process of investigating the breach and notifying customers has cost more than $7 million so far. According to Michael Spinney of the Ponemon Institute, while the average data breach costs $6.75 million, the company could be paying much more due to the complexity of the breach.John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-48906963255870118652010-03-02T10:15:00.000-08:002010-03-02T10:24:49.209-08:00FTC to Appeal Red Flags Exemption for Attorney FirmsFTC Set to Appeal the Red Flags Rule Exemption for Attorneys and Law Firms<br /><br />On February 25, 2010, the Federal Trade Commission filed a notice that it is appealing the D.C. District Court’s December 28, 2009 judgment in favor of the American Bar Association in American Bar Association v. FTC. The District Court’s summary judgment held that the FTC’s Identity Theft Red Flags Rule (“Red Flags Rule” or the “Rule”) does not apply to attorneys or law firms. The Rule implements Sections 114 and 315 of the Fair and Accurate Credit Transactions Act. In relevant part, the Rule requires creditors and financial institutions that offer or maintain certain accounts to implement an identity theft prevention program. The program must be designed to detect, prevent and mitigate the risk of identity theft. Prior to the district court’s decision, the FTC had taken the position in publications and numerous panels that attorneys and law firms meet the Rule’s definition of “creditor” because they allow clients to pay for legal services after the services are rendered.<br /><br />View the FTC’s notice of appeal notice last week stating its intention to appeal the court's judgment notice<br />http://www.huntonprivacyblog.com/uploads/file/ABA_v__FTC_Notice_of_Appeal.pdfJohn Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-85774193999479892172010-02-24T11:23:00.000-08:002010-02-25T09:00:33.596-08:00Iowa Victims Fear Identity Theft<span style="font-style:italic;"><span style="font-style:italic;"><span style="font-style:italic;">Thousands of Iowa residents fear they could become victims of identity theft after the state's Racing and Gaming Commission licensing database was hacked during routine Internet maintenance last month, the Des Moines Register reports. The FBI is investigating the breach of the database, which includes the names, addresses, dates of birth and Social Security numbers of 80,000 current and former casino and racetrack employees. Experts say those whose information was compromised have every reason to be concerned. Citing examples of financial and medical identity fraud, California-based attorney Mari Frank said, "the sky is the limit as to what could happen...</span><br /><span style="font-style:italic;"></span></span></span><br />Can anyone think of a reason to NOT have identity theft protection and restoration services when this sort of thing can and does happen almost daily? There is only one such service that provides complete restoration for all types of identity theft issues. The one I am proud to represent.John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-34916235406284064792010-02-09T10:56:00.000-08:002010-02-09T11:03:20.648-08:00Top Five Mistakes of Privacy Training Programs<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 9"><meta name="Originator" content="Microsoft Word 9"><link rel="File-List" href="file:///C:/DOCUME%7E1/JOHNTA%7E1/LOCALS%7E1/Temp/msoclip1/01/clip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:donotoptimizeforbrowser/> </w:WordDocument> </xml><![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><b><span style=";font-family:";font-size:12pt;color:black;" ></span></b><span style=";font-family:";font-size:12pt;color:black;" >I won't prattle on about the breach of 50,000 <span class="blsp-spelling-corrected" id="SPELLING_ERROR_0">Californians</span>' <span class="blsp-spelling-error" id="SPELLING_ERROR_1">SSNs</span> along with their names and addresses <span class="blsp-spelling-corrected" id="SPELLING_ERROR_2">inadvertently</span> sent out last week by the Cal Dept of Health. The envelopes actually had the <span class="blsp-spelling-error" id="SPELLING_ERROR_3">SSNs</span> printed on the envelopes sent to some 50,000 <span class="blsp-spelling-corrected" id="SPELLING_ERROR_4">recipients</span> of health care aid. Anyone who can't reach out to their own comprehensive identity theft restoration service and avoid identity theft and the fallout from records entries should be ashamed.
<br />
<br />Instead I will report the following...
<br />Good intentions aside, many companies are missing the opportunity to effectively train employees on data protection. "Many corporations have adopted a check-box approach toward compliance" with the obligations set out in various data protection regulations, says Jay Cline, <span class="blsp-spelling-error" id="SPELLING_ERROR_5">CIPP</span>, in a <i><span class="blsp-spelling-error" id="SPELLING_ERROR_6">Computerworld</span></i> article. Cline says common mistakes that companies make include separating rather than melding privacy, security and records management and ethics training; using too few communications channels; and failing to measure training effectiveness. "Employee training is probably the most important component of an information risk management process," he writes. "Yet few companies actually measure..."</span><span style=";font-family:Arial;font-size:10pt;color:black;" >
<br /></span><span style=";font-family:Verdana;font-size:7.5pt;color:black;" ><a href="http://r20.rs6.net/tn.jsp?et=1103022598741&s=40570&e=0018uOZoFSInyUCVN5-_pcEpHEt0PTKgTSNtlnrQJChMpZGRtmMKDhhrP5tfTqahyK_UbbSjUDhPemcRYkriG8D74CdxlnuegAjnVBIIWposkFuCWVNseSPEuozLvRcfCehERolnp2QvAvXsOEWvaXzKu9kZX-MsEWZMRcKW_tIhipECzMkxcA-VXnvrGzY%20"><b>Full Story</b></a></span>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-90880664229091621232010-01-26T10:29:00.001-08:002010-01-26T10:30:09.778-08:00Mortgage Broker Fined<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 9"><meta name="Originator" content="Microsoft Word 9"><link rel="File-List" href="file:///C:/DOCUME%7E1/JOHNTA%7E1/LOCALS%7E1/Temp/msoclip1/01/clip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:donotoptimizeforbrowser/> </w:WordDocument> </xml><![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <p class="MsoNormal">I recently had a conversation with a mortgage broker that was not aware of the importance of security is to client transactions other than a vague awareness of the risk of identity theft. There are numerous business sectors that simply do not understand their responsibilities and liability when it comes to protecting their clients' personal information. Chief among them are mortgage and legal professionals. </p> <span style=";font-family:";font-size:12pt;" >
<br />A mortgage broker charged with improperly disposing of consumers' personal financial records has paid a $35,000 settlement to the Federal Trade Commission (FTC). Gregory Navone, of Las Vegas, disposed of about 40 boxes of sensitive consumer records in a public dumpster, according to the December 2008 FTC complaint. The records included tax returns, mortgage applications, bank statements, photocopies of credit cards and drivers' licenses and at least 230 credit reports. The settlement also requires Navone to employ an information security program for sensitive consumer information, and to hire an independent, third-party security professional to conduct compliance audits annually for the next 10 years.
<br /><b>
<br /></b></span>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-47649182750460706102010-01-21T08:42:00.000-08:002010-01-21T08:48:17.629-08:00What is Identity Theft?With all of the articles about breaches, including the ones I have posted, sometimes it is important to get back to basics about identity theft itself. Below is an excerpt from a PC World article published yesterday which outlines the definition of identity theft as it has evolved.
<br />
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 9"><meta name="Originator" content="Microsoft Word 9"><link rel="File-List" href="file:///C:/DOCUME%7E1/JOHNTA%7E1/LOCALS%7E1/Temp/msoclip1/01/clip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:donotoptimizeforbrowser/> </w:WordDocument> </xml><![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <p style="font-style: italic;" class="MsoNormal">"Identity theft happens when your personal information is accessed by someone else without your explicit permission."• "Identity fraud occurs when criminals take that illegally obtained personal information and misuse it for their financial gain, by making fraudulent purchases or withdrawals, creating false accounts, or attempting to obtain services such as employment or <span class="blsp-spelling-error" id="SPELLING_ERROR_0">healthcare</span>. Personally identifying information such as your Social Security number, bank or credit card account numbers, passwords, telephone calling card number, birth date, name, address and so on can be used by criminals to profit at your expense."• "Almost 10 million Americans learned they were victims of identity fraud in 2008, up from 8.1 million victims in 2007.</p> <p style="font-style: italic;" class="MsoNormal"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></p> <span style="font-style: italic;font-family:";font-size:12pt;" >"Identity theft also falls into this category [of financial fraud]; cases classified under this heading tend to be those where the perpetrator possesses the complainant's true name identification (in the form of a Social Security card, driver's license, or birth certificate), but there has not been a credit or debit card fraud committed."</span>
<br />
<br />
<br />John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com1tag:blogger.com,1999:blog-2630186760095824791.post-76502976678807685892010-01-19T09:33:00.000-08:002010-01-19T09:37:52.964-08:00"Just Another Data Breach"<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 9"><meta name="Originator" content="Microsoft Word 9"><link rel="File-List" href="file:///C:/DOCUME%7E1/JOHNTA%7E1/LOCALS%7E1/Temp/msoclip1/01/clip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:donotoptimizeforbrowser/> </w:WordDocument> </xml><![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><span style="font-size:85%;"><span style=";font-family:Verdana;font-size:10pt;color:black;" >Data breaches have become so ubiquitous </span></span><span style=";font-family:Verdana;font-size:10pt;color:black;" >that more often than not they go unnoticed, and often unreported.
<br />I wonder how any victims of identity theft resulting from those breaches feel? While it is reported here that the number of breaches is on a decline the number of breached records is increasing and the number of ID theft victims holds steady. vIts all in the numbers.
<br />
<br /><i>ITWire.com</i> reports that the number of data breaches reported to the media has declined significantly over the past 18 months. The article cites an <i>Open Security Foundation</i> blog post that says the number of breaches reported in global media has dropped from about 1,000 per month between 2005 and 2008, to about 500 per month. The blog speculates that boredom in the press may be a cause. "Just another data breach" isn't news anymore, the report states.
<br /></span><b><span style=";font-family:Verdana;font-size:7.5pt;color:black;" ><a href="http://rs6.net/tn.jsp?et=1102950267487&s=40570&e=0013HtG04LCCP2oHn3cWsqr8oqeAgrTlDbnWAnB0pMUBMscCtNNVxyFSVPs8QHz2xwiBMZimhEFYzU2xyISv2B_2Gf0kMmp27nvTEz8ZUsgYRO9WBNnavYPMOCgzIrPnFTTra_arAJ2yHShSJJ2unnk5A==" target="_blank" shape="rect" track="on" linktype="link">Full Story</a></span></b>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-83168478419633177492010-01-15T13:58:00.000-08:002010-01-15T14:00:19.138-08:00Malice Outpaces Error as Breach Cause<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 9"><meta name="Originator" content="Microsoft Word 9"><link rel="File-List" href="file:///C:/DOCUME%7E1/JOHNTA%7E1/LOCALS%7E1/Temp/msoclip1/01/clip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:donotoptimizeforbrowser/> </w:WordDocument> </xml><![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><b><span style="font-size: 12pt; font-family: "Times New Roman"; color: rgb(51, 102, 51);"></span></b><span style="font-size: 12pt; font-family: "Times New Roman";">In its annual report on data breaches The Identity Theft Resource Center (ITRC) says that 2009 marks the first time that malicious attacks have moved beyond human error as the leading cause of data breach,<i> Dark Reading</i> reports. According to the ITRC's "2009 Data Breach Report," hackers and insider theft accounted for 36.4 percent of breaches, human error 27.5 percent. The ITRC also found that compromised paper documents were involved in 26 percent of data breaches. In the 2009 report, the ITRC says that while the number of officially reported data breaches fell in 2009, it cannot determine if the overall breach rate is falling because of the number of unreported breaches.
<br /></span><span style="font-size: 7.5pt; font-family: "Times New Roman";"><a href="http://rs6.net/tn.jsp?et=1102944083947&s=40570&e=001nz5oO2-49RLvzQHAP17fZy6Pxky4r7xLwN7dVZ6dwg4SnvkIJnXPB3j1N7f7ofiOqUbDmYgCzxUo_SGo6wCmhAF-4qApm82U2StEKI8AxZ_KhXybnpEtDUY0Itr_Gjp8l-CjpcDyyQjTjy7lycIKS3jZ7vVeIPjceDZwzqd4-qZUyM6HMyrPUE_GJCm2jAW1%20" shape="rect" track="on" linktype="link"><b>Full Story</b></a></span>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-6162691914990236552010-01-07T07:50:00.000-08:002010-01-15T10:02:04.590-08:00An Armed SocietyEver hear of the phrase "<span style="font-weight: bold; font-style: italic;">An armed society is a polite society</span>"? It does take things a bit far but the principle is right on the money. I've said time and again that if you can successfully remove the value from the data then you can actually reverse the trend in data theft and misuse. It shouldn't be the sole responsibility of the "data keepers" to protect it from lurking thieves. Just as in terrorism or any crime of attack, the good guys have to be right 100% of the time where the attacker only has to be right once. Not exactly great odds.<br /><br />When you look at the practical percentages of theft surrounding your personal data you can see that the odds are lower of your stuff being stolen <span style="font-weight: bold; font-style: italic;">and used</span>, than is widely perceived. Currently there are roughly 10 million domestic identity theft victims each year according to FTC and Ponemon Institute estimates. A little over 60% of those cases are the result of data theft from a public or private entity. But that doesn't mean that it is any less devastating. The problem is that when you entrust the data keeper to report the loss to you, or to fix a breach weak link, or frankly do anything for you after the fact, you are dreaming. No breached entity will tell you that the breach will likely result in identity theft. They will run damage control instead, meaning that they will downplay that aspect to protect their public image. The problem with that is that time is now on the side of the thieves to sell or use your personal information. A breached entity can take months or in some cases years to notify you of the loss. Sometimes not at all if the breach doesn't rise to the threshold the states' reporting laws have in place.<br /><br />In light of that reality why then can't we all empower ourselves to be our own first line of defense when it comes to our personal data? With the power to act in our hands we are able to react to incidents of breach and identity theft much faster and with greater precision than is possible from the university, government agency, employer, or hospital, etc, that lost it in the first place. A professional agency dedicated to notifying us when our information is misused and report that misuse within hours is our best line of personal defense. If that agency can not only report these incidents to you in a timely way but also act as your proxy to correct the errors and false records entries on your behalf when it does occur is the most direct way to protect ourselves.<br /><br />Tangentially, by having such a representative we are lowering the value of the data to the thieves. Illicit data brokers and identity thieves rely on time being on their side to profit from the misuse of your information. They need days or weeks to actually use the data to make purchases or obtain insurance, file false claims, get employment, etc. Draining bank accounts or running up credit purchases, while pretty awful, are largely handled by the banks and credit card companies themselves. With timely reporting a bank generally will help the victim but only with timely reporting. That means within hours or a day or so at the longest. Beyond a few days a banks' responsibility is much reduced. If you are not aware of the misuse you cannot report it to the bank. An agency that can notify the client within hours of an identity theft episode can shut down the misuse and render that identity information nearly useless almost immediately. The client is isolated from the incident, identified as a victim of identity theft, and the agency then can begin the restoration of the records or credit files affected. They will also look for other misuse within other databases in the event the incident is more widespread than the original incident. This can all take place within hours of the incident. Not a bad timely response to the attack in my opinion.John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com1tag:blogger.com,1999:blog-2630186760095824791.post-78086949602913616972010-01-06T13:08:00.000-08:002010-01-07T07:48:58.387-08:00Welcome to the Other Side of New Year's DayNow that we have successfully transitioned into 2010 with our skin intact I want to once again return to the subject of our <span class="blsp-spelling-error" id="SPELLING_ERROR_0">PII</span>, those who wish to have their way with it, and the hapless <span class="blsp-spelling-error" id="SPELLING_ERROR_1">aggregators</span> and keepers with file cabinets and servers chock full of it. To that end I have included links to a couple of things to ponder in these first few days of the year.
<br />
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 9"><meta name="Originator" content="Microsoft Word 9"><link rel="File-List" href="file:///C:/DOCUME%7E1/JOHNTA%7E1/LOCALS%7E1/Temp/msoclip1/01/clip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:donotoptimizeforbrowser/> </w:WordDocument> </xml><![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <p class="MsoNormal" style="margin-right: 0.5in;"><b style="font-style: italic;"><span style=";font-family:Verdana;font-size:10pt;color:black;" >Navy's <span class="blsp-spelling-error" id="SPELLING_ERROR_2">InfoSec</span> Chief Suffers Sixth Breach</span></b><span style=";font-family:Verdana;font-size:10pt;color:black;" >
<br /><span style="font-style: italic;"> The Navy's Chief Information Officer Robert Carey recently received notification of a compromise of his personally identifiable information (<span class="blsp-spelling-error" id="SPELLING_ERROR_3">PII</span>), reports </span><i style="font-style: italic;"><span class="blsp-spelling-error" id="SPELLING_ERROR_4">govinfosecurity</span>.com</i><span style="font-style: italic;">. For Carey, it was the sixth such notification, and came from the Army--where he hasn't worked in 24 years. Carey used the event to describe his philosophy on data protection and enumerate a seven-point summary of his department's efforts to reduce the risk of a breach within the Department of the Navy. "In today's Information Age, <span class="blsp-spelling-error" id="SPELLING_ERROR_5">PII</span> must be treated with extreme care because unauthorized access to <span class="blsp-spelling-error" id="SPELLING_ERROR_6">someone's</span> digital identity can and does cause grave consequences," Carey wrote</span>.
<br /></span><b><span style=";font-family:Verdana;font-size:7.5pt;color:black;" ><a href="http://rs6.net/tn.jsp?et=1102923384773&s=40570&e=001xpoKg2-EtEWievBn9glIHeBxW_VaO7sHznwsu8Dm751U50-5Lfnx6phXK1SB1foy-VthwPAyYbP8ZAttaxlySmAAVLo6DGugKrRjrRtVgUXO2vSRhVpncWugSHeOXWA3j45UXW-IF6e2zQ57oJGV-KAiHFp0AfMu" target="_blank">Full Story</a><o:p></o:p></span></b></p> <p class="MsoNormal"><b><span style=";font-family:Verdana;font-size:7.5pt;color:black;" ><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></b></p> <b style="font-style: italic;"><span style=";font-family:Verdana;font-size:10pt;color:black;" >Three Breaches Compromise 30,000 at Penn State</span></b><span style=";font-family:Verdana;font-size:10pt;color:black;" >
<br /><i style="font-style: italic;">The Pittsburgh Post-Gazette</i><span style="font-style: italic;"> reports that Penn State has begun the process of notifying nearly 30,000 individuals that their personally identifiable information (<span class="blsp-spelling-error" id="SPELLING_ERROR_7">PII</span>), including Social Security numbers, may have been compromised as a result of three separate <span class="blsp-spelling-error" id="SPELLING_ERROR_8">malware</span> infections discovered in late December. The school said it has no evidence that the individual or organization behind the <span class="blsp-spelling-error" id="SPELLING_ERROR_9">malware</span> gained access to the <span class="blsp-spelling-error" id="SPELLING_ERROR_10">PII</span>, but has decided to notify as a precautionary measure. "We do not have any indication that it was accessed by unauthorized parties. We prefer to err on the side of caution," said spokesperson Annemarie <span class="blsp-spelling-error" id="SPELLING_ERROR_11">Mountz</span>. The event was the second known breach at Penn State in 2009.</span>
<br /></span><span style=";font-family:Verdana;font-size:7.5pt;color:black;" ><a href="http://rs6.net/tn.jsp?et=1102923384773&s=40570&e=001xpoKg2-EtEUvHhWdf-udwO6lbiQDDzFmNDhq1arZRUyhFV1VyyeIyRzUHpfuZpJ9mWapNoBxXN1VRnRH6sR91ic9o_OZjSVBRlkuDJutdSzz1bIZJU04QlZ-F5lvkDEDk5OvsAyldiHd78_vC08HPjn8LHy7PWnf" target="_blank"><b>Full Story</b></a></span>
<br />
<br />Does it occur to anyone that for as long as we have been entrusting our personal information to others they have been losing it, a lot? One of life's principals is that "Continuing to do the same things while hoping for different results" is a <span class="blsp-spelling-corrected" id="SPELLING_ERROR_12">hopeless</span> waste of time. If they continue to lose our personal information why then do we continue giving it to them without any sort of check and balance? Certainly all of the laws passed have not had any <span class="blsp-spelling-error" id="SPELLING_ERROR_13">nulling</span> effect, nor any of the so-called procedures and software "solutions". This is not a problem that we have to accept as a <span class="blsp-spelling-corrected" id="SPELLING_ERROR_14">given</span> that requires a highly technical or overly complex set of controls. This is a very basic condition that if we, as the actual owners of the prize were to take into our own hands, could quite well nip in the bud. Think about it. Do we all put our prized silver in a big building or a bunch of buildings and then hire people to guard it or do we keep our own at home and watch it our selves?
<br />
<br />The examples above are not isolated cases unless you consider the US Navy and Penn State to be marginal. This is big time mainstream stuff.
<br />
<br />Oh, Happy New Year!
<br />
<br />John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-53509256429052090232009-12-15T09:24:00.000-08:002009-12-15T09:40:23.145-08:00Great ArticleI intend to take the balance of the year (two plus weeks) off from this column. In the meantime the link below is to a very good article written by a colleague, Julie Friend. I would encourage everyone to read this piece that shows how data loss and identity theft can have far reaching effects on individuals and businesses alike.<br /><br />Someone recently told me that the release of those emails proved that the case for climate change was overstated. This individual was showing his ignorance of the realities of global weather changes. Similarly, I see a number of people who should know better who think that those of us who write and work in the field of data protection are overstating the case. I guarantee that not one single victim or breached business would agree with that. Ms. Friend and I along with many others have seen too many cases of devastating loss, arrest, character <span class="blsp-spelling-corrected" id="SPELLING_ERROR_0">assassination</span>, and records corruption to think for a moment that this is an overstated issue. If anything we have not reached enough people.<br /><br />Originally published in Voluntary Benefits magazine Ms. Friend has graciously allowed me to provide this link for you.<br /><p class="MsoNormal"><a href="http://www.voluntarybenefitsmagazine.com/article-detail.php?issue=issue-7&article=identity-theft%20%E2%80%93-yes-it%E2%80%99s-real-and-it-can-happen-to-you%21" target="_blank">http://www.<wbr><span class="blsp-spelling-error" id="SPELLING_ERROR_1">voluntarybenefitsmagazine</span>.com/<wbr>article-detail.<span class="blsp-spelling-error" id="SPELLING_ERROR_2">php</span>?issue=<wbr>issue-7&article=identity-<wbr>theft%20%E2%80%93-yes-it%E2%<wbr>80%99s-real-and-it-can-happen-<wbr>to-you!</a></p><p class="MsoNormal"><br /></p><p class="MsoNormal"><a href="http://www.voluntarybenefitsmagazine.com/article-detail.php?issue=issue-7&article=identity-theft%20%E2%80%93-yes-it%E2%80%99s-real-and-it-can-happen-to-you%21" target="_blank"><br /></a></p> <p class="MsoNormal"> </p>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com1tag:blogger.com,1999:blog-2630186760095824791.post-2259223451537723372009-12-07T09:52:00.000-08:002009-12-07T09:56:47.431-08:00New Massachussets Regulations go into Effect in March<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 9"><meta name="Originator" content="Microsoft Word 9"><link rel="File-List" href="file:///C:/DOCUME%7E1/JOHNTA%7E1/LOCALS%7E1/Temp/msoclip1/01/clip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:donotoptimizeforbrowser/> </w:WordDocument> </xml><![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><b><span style=";font-family:Verdana;font-size:12pt;color:black;" ></span></b><span style=";font-family:Arial;font-size:100%;color:black;" >
<br /></span><span style="font-style: italic;font-family:Arial;font-size:100%;color:black;" >Now is the time to start gearing up for compliance with the Bay State's strict new data protection regulations, reports the Boston Herald. The rules take effect in March. Businesses that ignore them "could be at risk," said Bob Baker of the Smaller Business Association of New England. The regulations are widely considered the strictest in the nation. They require entities that possess personal information on any Massachusetts resident to employ certain measures to protect that data. According to Barbara Anthony of the Massachusetts Office of Consumer Affairs, the goal of the law is to "create a culture of security consciousness with respect to the handling of personal information." Editor's note: Privacy Tracker subscribers, for a compliance guide on the Mass. data protection regulations, visit the Privacy Tracker Web site.</span><span style=";font-family:Arial;font-size:100%;color:black;" >
<br /></span><span style=";font-family:Arial;font-size:10pt;color:black;" ><span style="font-size:100%;"><a href="http://rs6.net/tn.jsp?et=1102870267289&s=40570&e=001ygwj4Al6rEydA_1ifmAkqi_hz6agsZ0NGQNBSs1aKkohdSO-QwwVeyIbRGuQNz9sq36Eb_oc4fncbf3ykc-8Ous8ELu4zay5GAmtvuxcMiGZ82TcUv_r2wU-5D3VRTFJE6DLVlkd9s8Kixjdny4Sd6qlPhlk6ghPde0dnsutqvOVFEfgTOXpKbcAVDruK5AL%20" shape="rect" track="on" linktype="link"><b><span style="font-family:Verdana;">Full Story</span></b></a></span><span style="text-decoration: underline;"><span style="font-weight: bold;">
<br />
<br /></span></span><span style="font-size:100%;">All covered businesses should follow these guidelines carefully. What will happen within the next 12 months is that this will become a federal set of regulations, and at that point there will be no time to argue over compliance and exemptions. Smart companies will put this sort of program in effect prior to that.</span>
<br /></span>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-66889721647569975422009-12-03T08:07:00.000-08:002009-12-03T08:27:08.785-08:00Two Important Stories<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 9"><meta name="Originator" content="Microsoft Word 9"><link rel="File-List" href="file:///C:/DOCUME%7E1/JOHNTA%7E1/LOCALS%7E1/Temp/msoclip1/01/clip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:donotoptimizeforbrowser/> </w:WordDocument> </xml><![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} p.MsoBodyText, li.MsoBodyText, div.MsoBodyText {margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:Verdana; mso-fareast-font-family:"Times New Roman"; mso-bidi-font-family:Arial; color:black;} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --></style><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 9"><meta name="Originator" content="Microsoft Word 9"><link rel="File-List" href="file:///C:/DOCUME%7E1/JOHNTA%7E1/LOCALS%7E1/Temp/msoclip1/01/clip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:donotoptimizeforbrowser/> </w:WordDocument> </xml><![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} p.MsoBodyText, li.MsoBodyText, div.MsoBodyText {margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:Verdana; mso-fareast-font-family:"Times New Roman"; mso-bidi-font-family:Arial; color:black;} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <p style="font-family: arial;" class="MsoBodyText"><span style=";font-size:85%;" >These two stories although seemingly unrelated, point out two aspects of identity theft that are very much related. In January of this year the Kaiser Permanente Group headquarters in Oakland Ca. experienced a breach of employee personal information from its’ Human Resources offices. The person charged with the theft was a temporary worker in that office.<o:p></o:p></span></p> <p style="font-family: arial;" class="MsoBodyText"><span style=";font-size:85%;" ><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p style="font-family: arial;" class="MsoBodyText"><span style=";font-size:85%;" >We see in these stories the relationship between the current economic climate, a crime of opportunity that will generate cash for the thief, temporary workers who have no real sense of responsibility the employer, and the irrefutable fact that while we can be diligent with our personal information, it is mostly in the hands of businesses and governments, and out of our control. <o:p></o:p></span></p> <p style="font-family: arial;" class="MsoBodyText"><span style=";font-size:85%;" ><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p style="font-family: arial;" class="MsoBodyText"><span style=";font-size:85%;" >Business owners and Privacy specialists need to take stock of company risk by assessing their internal systems, and putting in place policy guidelines for employees to deal with sensitive information, and procedures for handling breaches when they occur.<o:p></o:p></span></p> <p style="font-family: arial;" class="MsoBodyText"><span style=";font-size:85%;" ><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p style="font-family: arial;" class="MsoBodyText"><span style=";font-size:85%;" >All individuals need to be reminded that their ultimate information security policy should include tools to deal with these corporate breaches that result in identity theft. One cannot correct their own insurance or SSA files, their DMV records, and other databases once corrupted by identity theft fallout. We need that help of professionals in the business of restoring identities of fraud victims.<o:p></o:p></span></p> <p style="font-family: arial;" class="MsoBodyText"><span style="font-size:85%;"><b><span style=""><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></b></span></p> <p style="font-family: arial;" class="MsoBodyText"><span style="font-size:85%;"><b><i><span style="">Medical ID Theft on the Rise</span></i></b><i><span style="">
<br />The recession has contributed to a rise in medical identity theft, and as health records move online, the problem is expected to worsen, reports the Wall Street Journal. "Medical identity theft is the fastest-growing form of identity theft," says Jim Quiggle of the Coalition Against Insurance Fraud. Most of the fraud occurs at the hands of healthcare workers who are paid to sell patients' information, the report states. Incidents of medical identity fraud are highest in states with large retiree populations. Experts advise consumers to monitor their medical and credit records, keep insurance cards private and avoid providing personal information over the phone.</span></i></span><span style=";font-size:85%;" >
<br /></span><span style=";font-size:85%;" ><a href="http://rs6.net/tn.jsp?et=1102860833045&s=40570&e=001XOMC3F95sfQHjiT58LqaIWF6SvtEAus6MxYsfuwg3tYb7UzsYpLp_5lb1FYSFgv2calcz41KcTJcuGWcgr98aI_sx_LnLsf0GtMYE_ZKKUjNBDy7oWx2_Um4LS2mGCHJ8P1m3mM1v7bi2eKYah7YIOiKjrhub41G" target="_blank"><b>Full Story</b></a><o:p></o:p></span></p> <p style="font-family: arial;" class="MsoBodyText"><span style="font-size:85%;"><i><span style=""><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></i></span></p> <span style="font-family: arial;font-size:85%;" ><b><i><span style="">Temporary Workers Come with Risk</span></i></b><i><span style="">
<br />'Tis the season to keep an eye on temporary workers, according to the general manager of the Payment Card Industry Security Standards Council. "Vigilance is key," Bob Russo told Computerworld, adding that it's a good time of year for managers to "hover over" workers. Russo says that temps, especially, can pose a data security risk to businesses. He recommends that organizations conduct background checks and training, and says they should take care to get their access controls in place. Other tips include monitoring the use of handheld scanners, reviewing log data daily and implementing "hard" firewall policies</span></i></span><span style="font-family: arial;font-family:Arial;font-size:85%;" >.
<br /></span><span style="font-family: arial;font-family:Arial;font-size:85%;" ><a href="http://rs6.net/tn.jsp?et=1102860833045&s=40570&e=001XOMC3F95sfRvEuM6RRb7n2UtNPqmIuEdPoTDMmyjuyjHEHDYisyLeWvSuY4uyhSSxpHGNadTyHw7tAPWvZ5D7fgi19B7IU23tk57OfrGwgPRfELewM7WtT8KOveehSkR2yz0vVsmVxmEe59trCGQ6q_T-XGU2_u2Kc3F4UWqsrpSrQ0wmdjDQmqky8dfEaOW%20"><b>Full Story</b></a></span>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-43634673665852729942009-11-30T09:10:00.000-08:002009-11-30T10:12:24.221-08:00Data breached Records Skyrockets<span style="font-style: italic;">Forbes reports on the numbers of data breaches during the first 11 months of 2009. According to the Identity Theft Resource Center, government agencies and businesses reported 435 breaches as of November 17, the report states. But that number, which would indicate a 50 percent reduction from last year's statistics, is deceiving, says Forbes. "In fact, the number of personal records that were exposed...has skyrocketed to 220 million records...compared with 35 million in 2008." The report highlights two of this year's major breaches--Heartland Payment Systems and the National Archive and Records Administration.</span><br /><br /><br />If anyone is still of the impression that data breach is a fading issue needs to understand this.<br />The people that are actively seeking to steal and sell sensitive personal information are getting better at it. This is large-scale international crime and the profits are tremendous.<br />Often times the persons responsible for the collection of these data are not the identity thieves. The lists and files are sold as many times as is feasible to anyone who can pay. Organizations from al Qaeda, to international underground immigration rings have been linked to the use of stolen identifiable information to further their operations.<br /><br />In the speaking engagements I do I always advocate the use of common sense when it comes to safeguarding your personal information, but also that most all identity theft is the result of large scale data theft and therefore cannot be protected by us as individuals.<br />If there is any one lesson I hope everyone gets from this is to understand the scope of data theft and identity theft. To understand it is to be able to secure ourselves much as we do for our health, by having a mitigating protection such as we do with healthcare insurance. But keep in mind that identity theft "insurance" per se cannot replace money lost to identity theft, only out of pocket expenses incurred by you the victim in pursuit of clearing up an identity theft episode. Only a restoration service can clear up records and reinstate the victim to pre-theft status.John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-84658657204268198212009-11-25T09:10:00.000-08:002009-11-25T09:13:10.238-08:00Keeping Personal Data Private<a name="LETTER.BLOCK24"> </a><table style="border: 0px none ; margin: 0px; border-collapse: collapse; width: 701px; height: 153px;" id="content_LETTER.BLOCK24" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td style="border: 0px none ; padding: 15px 0px; font-family: Arial,Helvetica,sans-serif; color: rgb(0, 0, 0); font-size: 10pt;" styleclass="style_ZeroCell Article MainText" align="left" valign="top"><span style="font-family: Arial,Helvetica,sans-serif; color: rgb(0, 0, 0); font-size: 10pt;font-family:Arial,Helvetica,sans-serif;font-size:85%;color:#000000;" ><span style="font-family: Verdana,Geneva,Arial,Helvetica,sans-serif;"><span style="color: rgb(51, 102, 51);font-size:100%;" ><span style="font-weight: bold;"></span></span><span style="font-size:100%;"><span style="font-style: italic;">The Personal Data Privacy and Security Act of 2009 went to the full Senate earlier this month and a New York Times editorial says that Senate leaders should find the time to vote on it. Sponsored by Vermont Senator Patrick Leahy, the bill "would put more protections in place for personal data" and would fill the gap in federal data protection legislation. "There are many important issues competing for Congress's attention," the editors state, "but keeping people's personal information safe should rank high on the list." The bill would criminalize the concealment of security breaches and mandate encryption, among other requirements. </span></span><br /></span><span style="font-size:78%;"><a style="font-family: Verdana,Geneva,Arial,Helvetica,sans-serif; font-weight: bold;" href="http://rs6.net/tn.jsp?et=1102847215863&s=40570&e=001qxZJw0inxYF5be7WXN_o0_NFKkKIyHjvzvjtnSimP3jBIDx2aVyCy4jgsK-LkP7xMXHY_vDLDpIWWKFraqMeSLWZD9EdFu9CuaOZo_X7F7KkzvR-ceVup5pYuYn4xulMXOimduRIfGZaiLbjNPo0wujhaJFoCO7_-2bgkcqSt55QB4-HgKVKTA==" shape="rect" target="_blank" track="on" linktype="link">full Story</a><br /><br /><span style="font-size:100%;">Happy Thanksgiving everyone!</span><br /><br /></span></span></td></tr></tbody></table>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-80604424963866294652009-11-16T11:04:00.003-08:002009-11-16T11:19:18.329-08:00Another Suit Filed Over Red Flags Rule<span style="font-size:100%;"><br /></span><span style="font-style: italic;font-family:Verdana,Geneva,Arial,Helvetica,sans-serif;font-size:100%;" >The American Institute of <span class="blsp-spelling-error" id="SPELLING_ERROR_0">CPAs</span> (<span class="blsp-spelling-error" id="SPELLING_ERROR_1">AICPA</span>) has filed a lawsuit against the Federal Trade Commission (FTC) over the Red Flags Rule, reports <span><span class="blsp-spelling-error" id="SPELLING_ERROR_2">WebCPA</span>.com</span>. <span class="blsp-spelling-error" id="SPELLING_ERROR_3">AICPA</span> </span><span style="font-style: italic;font-family:arial;font-size:100%;" ><a href="http://rs6.net/tn.jsp?et=1102828884301&s=40570&e=001RikWZgG6xzy8u-9tSovZOCi5PKBw6wtFy04g2Il8g4-RABwGjj-MPYhO1XmmzvtnKRQtCv8OcQapoRB9ETHhgGJk9ZO6Z_Y5XDi-xAOhrrv9PW92fg5EpUpc-LzeJx616FhbqptUALuXS4EAxegC9j54rm4ST7u9fJR47eFT_mw=" shape="rect" target="_blank" track="on" linktype="link">says</a></span><span style="font-style: italic;font-family:Verdana,Geneva,Arial,Helvetica,sans-serif;font-size:100%;" > the FTC is wrong to interpret that the rule should apply to accountants. The Red Flags Rule requires that financial institutions and creditors take certain measures to prevent and recognize identity theft. "We do not believe that there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered," said <span class="blsp-spelling-error" id="SPELLING_ERROR_4">AICPA</span> president and CEO Barry <span class="blsp-spelling-error" id="SPELLING_ERROR_5">Melancon</span>. Late last month a U.S. District Court judge granted an American Bar Association motion to prevent the FTC from holding practicing attorneys accountable to the rule. </span><span style="font-style: italic;font-size:100%;" ><br /></span><span style="font-style: italic;font-size:100%;" ><a style="font-family: arial; font-weight: bold;" href="http://rs6.net/tn.jsp?et=1102828884301&s=40570&e=001RikWZgG6xzyKa2geKOITvsv4NrSFVP03NqSWw97sUfNR_ua1zliw0oV7LdEGylbs4csrXxTprb6ehhtYFoHLhKUGdgFlQnGYWXgry-yqPfOgKBbPys65Ku8AI9cqcH50vuI5-l0JbWg3DazBzl7s4ED62wLiEE23mWxAMyYHmdjS0xoQBCIGAw==" shape="rect" target="_blank" track="on" linktype="link">Full Story</a></span><span style="font-style: italic;font-size:100%;" ><br /></span><span style="font-style: italic;font-size:100%;" ><br /></span><span style="font-size:100%;">Anyone who has read or even scanned the Red Flags legislation cannot help but to see that this is intended to lower the incidents of identity theft through a sensitivity and understanding of what some of the causes are.</span><span style="font-size:100%;"> Attorneys seem to be sensitive more to having oversight from outside their ranks than to stop</span><span style="font-size:100%;">ping identity theft. I am pretty certain however that when an attorney suffers at the hand of identity thieves they want to know what the company whose compromise caused the theft had done to safeguard their information prior to the breach</span><span style="font-size:100%;">.</span><span style="font-style: italic;font-size:100%;" > </span><span style="font-size:100%;">Not wanting to lose their own thunder the lobbyists for <span class="blsp-spelling-error" id="SPELLING_ERROR_6">CPAs</span> feel the need for their own exemption. That is evident in the statement by Mr. <span class="blsp-spelling-error" id="SPELLING_ERROR_7">Melancon</span> who mistakenly links billing to theft. It isn't the billing Mr. <span class="blsp-spelling-error" id="SPELLING_ERROR_8">Melancon</span>, it's the data lying about in your company waiting for someone to walk out with it on a CD, or to hack your servers and get it.</span><span style="font-style: italic;font-size:100%;" ><br /><br />Again,<span style="font-weight: bold;"> "When you safeguard the information you keep on others you are protecting them. When someone else does it they are protecting you."</span><br /></span><span style="font-style: italic;font-size:78%;" ><span style="font-style: italic;font-size:100%;" ><br /></span><br /></span>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-58126048845804808572009-11-02T07:52:00.000-08:002009-11-03T08:01:04.383-08:00Red Flags Delayed Until June 1, 2010<em>At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the "Red Flags" Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC</em>.<br />Read the FTC Announcement:<br /><a href="http://www.ftc.gov/opa/2009/10/redflags.shtm" shape="rect" target="_blank">http://www.ftc.gov/opa/2009/10/redflags.shtm</a><br /><br />And in a related story I am sorry to report;<br /><br /><em>The American Bar Association is celebrating a ruling by the U.S. District Court for the District of Columbia barring the Federal Trade Commission (FTC) from applying the requirements of the Red Flags Rule to attorneys.<br />"This ruling is an important victory for American lawyers and the clients we serve," ABA President Carolyn B. <span id="SPELLING_ERROR_0" class="blsp-spelling-error">Lamm</span> said in a written statement. "The court recognized that the Federal Trade Commission's interpretation of the Fair and Accurate Credit Transactions Act (<span id="SPELLING_ERROR_1" class="blsp-spelling-error">FACTA</span>) over-reaches and its application to lawyers is unreasonable. By voiding the <span id="SPELLING_ERROR_2" class="blsp-spelling-error">FTC's</span> interpretation of a statue that was clearly not intended to apply to the legal profession, the court has ensured that lawyers stay focused on the mission of their work: providing aid and counsel to the individuals and organizations that need us."<br />The FTC is expected to appeal the Court's ruling. FTC General Counsel Willard Tom said, "It's safe to assume the Commission is going to consider its options very seriously. We think there is no reason lawyers should be exempt."<br /></em>Read more:<br />Ruling bars application of FTC 'Red Flags Rule' to legal profession<br /><br /><a href="http://www.wisbar.org/AM/Template.cfm?Section=News&Template=/CM/ContentDisplay.cfm&ContentID=87099" shape="rect" target="_blank" track="on" linktype="link">http://www.wisbar.org/AM/Template.cfm?Section=News&Template=/CM/<span id="SPELLING_ERROR_3" class="blsp-spelling-error">ContentDisplay</span>.<span id="SPELLING_ERROR_4" class="blsp-spelling-error">cfm</span>&<span id="SPELLING_ERROR_5" class="blsp-spelling-error">ContentID</span>=87099 </a><br /><br />I hope the legal profession is aware that a lot of people (including me), are going to pay close attention to the security practices of law firms. This means of course that law firms will no longer be tossing paper client records into dumpsters as has happened several times in the last year, and if police reports are accurate seems to be a favorite way for law firms to dispose of old records. As I reported last year I also had two encounters <span id="SPELLING_ERROR_6" class="blsp-spelling-corrected">where</span> a County Superior court judge handed out materials on recycled paper <span id="SPELLING_ERROR_7" class="blsp-spelling-corrected">containing</span> personal and banking information that had been previously entered into evidence. The way I see this the legal profession has shown itself to be not only ignorant of the intention of the laws and due perhaps to industry hubris cannot bear to be regulated by an outside authority.<br /><br />When your or my identity is misused by thieves as the result of a law <span id="SPELLING_ERROR_8" class="blsp-spelling-corrected">firms</span> lax information security practices will we really care that they <span id="SPELLING_ERROR_9" class="blsp-spelling-corrected">successfully</span> lobbied for exemption to a procedure that might well have prevented the crime from even happening? What are they celebrating, a win?John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-81264682410178947062009-10-29T09:33:00.000-07:002009-10-29T09:47:21.836-07:00The FBI Favors A National Breach Notification Standard<em>The Federal Bureau of Investigation is in favor of a national data breach notification standard, reports <span id="SPELLING_ERROR_0" class="blsp-spelling-error">Nextgov</span>.com. Agency officials say it would help law enforcement fight <span id="SPELLING_ERROR_1" class="blsp-spelling-error">cybercrime</span>, the report states. During a <span id="SPELLING_ERROR_2" class="blsp-spelling-error">cybersecurity</span> discussion in Washington yesterday, the head of the <span id="SPELLING_ERROR_3" class="blsp-spelling-error">FBI's</span> <span id="SPELLING_ERROR_4" class="blsp-spelling-error">Cyber</span> Criminal Section said such a standard "would help us tremendously, particularly in terms of efficiency in conducting investigations." Troy said that widespread reporting would help <span id="SPELLING_ERROR_5" class="blsp-spelling-error">cyber</span> cops discover links and potentially prevent similar attacks. Senator <span id="SPELLING_ERROR_6" class="blsp-spelling-error">Leahy's</span> Personal Data Privacy and Security Act, introduced in July, and a Senate <span id="SPELLING_ERROR_7" class="blsp-spelling-error">cybersecurity</span> bill to be introduced this year includes or will include breach-notification rules.</em><br /><a href="http://rs6.net/tn.jsp?et=1102793840482&s=40570&e=001r-0x3bdIolnhPg__HOSW0slL-0Fo167BzY6o-3zm7czNbQejkVmsG944kX9127xKZFFIhfWF4Gubwz5lXFzqmcnviaVjcAstMrg1ZrYW2KAdDpRnJZMNHVk1H66SvBm5Pb1BdngTX3vxLsEktPPBti6ENI79kiw_6mHX-DNzOK4d1PLRg42pTw==" shape="rect" target="_blank" track="on" linktype="link">Full Story</a><br /><br />I've long said that unless the states can get together and pass comprehensive legislation to enforce data breach notification then the Federal government will.<br /><br />Then there is this from Javelin Research,<br /><br /> <strong><em>Breach Notifications Fall Flat on Consumers</em></strong><br /><br /><em>The Credit Union Times reports on study findings that suggest consumers do not understand the importance of data breach notifications and, as a result, fail to protect themselves from fraud. Javelin Strategy and Research says that consumers who have been notified of a breach of their data were four times more likely than the public at large to experience fraud, the report states. The firm said that 19 percent of consumers who received a data breach notification over the past year have become the victims of fraud within a year of the notification. </em><a style="FONT-FAMILY: Verdana,Geneva,Arial,Helvetica,sans-serif; FONT-WEIGHT: bold" href="http://rs6.net/tn.jsp?et=1102793840482&s=40570&e=001r-0x3bdIolmvEQngosq42oH8wzRGoLRmeH96grWWoUmF2HXS31qhL-sAbjRnxUK8ygSW-tONs-qWH0FHKDl4gID5tI6TBQO0S8dMA9q2V9toy2BW580uvNfesOQVshrzr3SakEdtNeSoc9hLJc__0gkPuE9-zi6vniaaAw4ywLmgHxGIagga8R9qtnfxMvb9wH9NMzPOJg4YW8Xfmd9ZHfj07u-n6a9-IROl6cuiRNyRRJrx4RHfNQ==" shape="rect" target="_blank" track="on" linktype="link"><em>Full Story</em></a><br /><br />Perhaps federal regulations will also help to improve public awareness. In my experience almost no one is aware of the breadth of identity theft and its various <span id="SPELLING_ERROR_8" class="blsp-spelling-corrected">permutations</span> until they get some honest education on the subject. Then almost to a person they see the beauty of notifications and what than can mean as an early warning. They also usually see the great benefit of having a good service in place ahead of time.<br /><br />When you are a victim of identity theft what do you really want in a service? Do you want an "Insurance Policy" , or do you want comprehensive restoration? Since insurance can <em>ONLY</em> replace out of pocket expenses incurred when trying to perform your own restoration what is the point of underwritten insurance?<br /><br />How about credit monitoring? Is that of any real help if there isn't any follow up to work with the victim to clear the erroneous notations and record entries? Again, without restoration no monitoring service is of any substantial value.John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-46289693424463886672009-10-28T07:45:00.000-07:002009-10-28T07:46:36.327-07:00Red Flags Exemptions for Small BusinessesThis is very important for all business owners to read.<br /><br />The U.S. House of Representatives this week unanimously passed legislation that would exempt certain small organizations from complying with the Red Flags Rules.<br /><br /><a href="http://rs6.net/tn.jsp?et=1102790157710&s=3567&e=001wHFuv0AyXoBPLbhDddQuvNT8H5yDP51AaMc_Xme-lzLmgHitVbCi8CMSTC5RT5p07LlpJJRBF6VqnOJmFrAow9cDgM7LlphElSB9fDxK2s9PLEgAuRUMddBhSOgIPjAfyOU1sVXU1Wz5J2mDaW9isGYFLNoLretj" shape="rect" target="_blank" linktype="link" track="on">H.R. 3763</a> unanimously passed the U.S. House of Representatives this week, and would amend FACTA and the component Identity Theft Red Flags Rule to exclude health care, accounting, and legal practices with 20 or fewer employees from having to comply with the regulations, set to be enforced starting next month. <br /><br />Also, the bill would create a provision to enable other businesses to apply for exemption. To be exempt from complying with the regulation, the bill stipulates that a business would have to meet at least one of the following guidelines:<br />It must know all of its customers or clients individually;<br />It must only perform services in or around the residences of its customers; or<br />It must not have experienced incidents of identity theft, and identity theft must be rare for businesses of its type.<br />The bill now will move to the U.S. Senate Committee on Banking, Housing, and Urban Affairs for a vote.<br /><br />It is not yet known at this time if this pending bill will further delay the FTC's enforcement of the Red Flags Rule, which is still currently set to begin on 1 November, 2009. Read more: <br /><a href="http://rs6.net/tn.jsp?et=1102790157710&s=3567&e=001wHFuv0AyXoDjASsAx6LnLh-goBC5lZN2KARyV85wVQtYVi0dh0jFCQoelFuita9rPAZujlowf8ZM0OlUlk2DTLg-S2Vi4v0xNPlIH6aiU14wmt-iyyMIWGnWaa9G35fDnfR1Ak3zQvloKRvWgv9j_f4J1lpk8Y0z1Ge0RwhZdw-qIzTmzkKeTjnoR3ebOFjNYnL2Tav-_n_ZXMt5oTtHCaDDZDqIwiRW" shape="rect" target="_blank" linktype="link" track="on">New ID theft rules may not pertain to small businesses</a><br />by: Angela Moscaritolo, SCMagazine.comJohn Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0tag:blogger.com,1999:blog-2630186760095824791.post-35276003975943880822009-10-16T10:34:00.000-07:002009-10-16T10:49:55.596-07:00Which Story to Post? Payroll company loses PII, and Underreporting lossesIt isn't often I am faced with a decision as to which story to post here. I <span id="SPELLING_ERROR_0" class="blsp-spelling-corrected">generally</span> shy away from reporting specific breaches unless the particular story reinforces a point I am trying to stress regarding employee training perhaps or simple gross negligence in the face of what should be common knowledge amongst the business community.<br />In this case however, I found two such stories on the same day and have them here for you.<br /><br /><em>The Washington Post reports that, for the </em><a style="FONT-FAMILY: Verdana,Geneva,Arial,Helvetica,sans-serif" href="http://rs6.net/tn.jsp?et=1102768779676&s=40570&e=001lvaEayiVrBgnV9b68lPKDYG_HlygGRWTqyhTJJMJhA31-DF5MlZVXXRYDqQ3MSnPIyyh-0C9tio19Y-TzINFY1OCbdlqXwGdaCvzREOXRqM_5SjnGN0VaA5XCGF1knaj7ajFgSsMwefUu4oWku5wq9_9KHiV3GPKP7FQF3vjlM0BWTcuu58kiqdlZ1XwqLLcIySYm1p5t4d_YF8q9CAU0Cjm7W6Q5CBuC75P8AW1puw=" target="_blank" track="on" linktype="link"><em>second time</em></a><em> in a month, hackers have gained the <span id="SPELLING_ERROR_1" class="blsp-spelling-error">login</span> credentials of <span id="SPELLING_ERROR_2" class="blsp-spelling-error">PayChoice</span> clients. The company sent a notice to customers yesterday to let them know that thieves had exploited a weakness in the password-change component of the company's online payroll portal, the report states. <span id="SPELLING_ERROR_3" class="blsp-spelling-error">PayChoice</span> has since disabled the site and modified <span id="SPELLING_ERROR_4" class="blsp-spelling-error">logins</span>. In its e-mail alert to clients, <span id="SPELLING_ERROR_5" class="blsp-spelling-error">PayChoice</span> said "...we determined that valid user credentials...were used in an unauthorized manner to...have payments made to fraudulent bank accounts."</em> <a href="http://rs6.net/tn.jsp?et=1102768779676&s=40570&e=001lvaEayiVrBjg5kLYq82s83k4mxsF87Vkn4kG0AH4VP6NzgH70lx_O5vI55Hp5zlz8cIlIv9P-MBV_i1K3sdVjqz1rskxQD80ZQk-Weg7Qg7p5kpF78sDu9q0b4UNtf_2OmKo20LLo2aW_-tmSnCwokMNwn6cvWHKecY7SQQpiQcGipMET9Rc1im8bSY8GDRihHUnJY_xCDN-HD-6qq-sfJdleeJx3gZU-qro04FVTLY=" target="_blank" track="on" linktype="link">Full Story </a><br /><br />There is simply no excuse for a payroll company to have such an incident in light of the laws in effect (<span id="SPELLING_ERROR_6" class="blsp-spelling-error">FACTA</span> Red Flags Rules specifically), that require them to take specific precautions to prevent just such a breach.<br /><br />This next item shows clearly that giving discretion to breached entities as to whether and when to report breaches serves no one. People who have had their information mishandled or lost while it is in the trust of an organization have the right to know about their increased risk so that <span id="SPELLING_ERROR_7" class="blsp-spelling-corrected">they</span> might take appropriate steps to protect themselves. That is the problem that I and others have issues with the reporting laws that give wide discretion to not report or delay reporting information losses.<br /><br /><em>The results of an audit involving the loss of Connecticut taxpayers' data show the state took too long to determine whether confidential information was compromised, reports The Day. The names and Social Security numbers of 106,000 Connecticut taxpayers were exposed when a Department of Revenue Services (<span id="SPELLING_ERROR_8" class="blsp-spelling-error">DRS</span>) employee's laptop was stolen from a parked car. "<span id="SPELLING_ERROR_9" class="blsp-spelling-error">DRS</span> botched its initial response to the theft," said AG Richard <span id="SPELLING_ERROR_10" class="blsp-spelling-error">Blumenthal</span> who took part in the audit. "Inexcusably, our tax agency exposed more than 100,000 taxpayers for nearly a week to possible plundering of personal assets." But <span id="SPELLING_ERROR_11" class="blsp-spelling-error">Blumenthal</span> hailed <span id="SPELLING_ERROR_12" class="blsp-spelling-error">DRS</span> for tightening access controls, encrypting data and developing data breach procedures since then. </em><a href="http://rs6.net/tn.jsp?et=1102768779676&s=40570&e=001lvaEayiVrBh5Aj6aVQELD5vTLusBOXGK6gVm9EbwHB5tAqtdTfD03GbPE3NUtG-9HUbuCI8DbLH9DYnjMUyJEvqLlIQFAyob0fBBB-mYU73VPhqvYyIxeEYgXKwQlXwDi7c6748iGcK2-y2AVNYgQn_42vYOmHSlweGR8RVpGuC_gJIRRra-gw==" target="_blank" track="on" linktype="link"><em>Full Story</em> </a>John Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com2tag:blogger.com,1999:blog-2630186760095824791.post-7489807852090152352009-10-15T08:48:00.000-07:002009-10-15T08:50:27.321-07:00Extroadinary Quote<em> "The more people who have your data, the greater likelihood that either they're going to lose it or a rogue employee will abuse it," said Fred Cate, director of the Center for Applied Cybersecurity Research at Indiana University.</em><br /><br />We could use more people like Fred CateJohn Taylorhttp://www.blogger.com/profile/15220821369172645158noreply@blogger.com0