Log in

Posts Tagged ‘Personally identifiable information’

Univ. of Hawaii settles data breach lawsuit

January 29th, 2012

Companies cannot just get away with data breaches. They are answerable to customers and have to compensate. Customers generally file lawsuits when their demands are not met and where private data is stolen.

The following news report is making headlines

The University of Hawaii has agreed to provide two years of credit protection services to settle a class-action lawsuit that involved data breaches that took place between 2009 and 2011

Seal of the University of Hawai i System

UOH settles data breach lawsuit

wherein 100,000 students, faculty, alumni and staff between 2009 and 2011, officials and attorneys were involved. This was announced last Thursday.

Apparently the university has denied liability for the breaches. Its spokesperson said it will settle the case by providing two years of credit monitoring and credit restoration services to members who request it. According to the university spokesperson it will continue to “work diligently so that the chance of future data breaches is significantly reduced.”

Data breach details

There were five data breaches in all. It also included the one that took place in 2009 where Social Security numbers, grades and other personal data were posted online for almost a year before being removed from the website. According to University officials a faculty member uploaded files containing the information to an unprotected server, exposing the names, academic performance, disabilities and other information of more than 40,000 students who attended the flagship Manoa campus from 1990 to 1998 and in 2001, by mistake.

Breaches also took place at the West Oahu campus, Kapiolani Community College and Honolulu Community College.

The University’s statement ”We are pleased to settle this case by providing two years of credit monitoring and credit restoration services to those class members who request it. The University continues to work diligently so that the chance of future data breaches is significantly reduced. Given the uncertainties and expense of litigation, the University believes this settlement is in the best interests of the University and its entire ‘ohana.”

The attorneys, Bruce Sherman and Thomas Grande who are representing the class, said

“We have researched more than forty (40) data breaches at colleges and universities across the country. In almost every instance, two years of credit monitoring and fraud restoration were offered to data breach victims,” said Bruce Sherman, one of the attorneys representing the class. “Offering two years of credit monitoring and fraud restoration services to breach victims should be the standard response by any breaching entity in Hawai’i, including government agencies,” Sherman noted.

“The settlement is significant for several reasons,” said Thomas Grande, who also represents the class. “This settlement is the first data breach settlement in Hawai’i and affects almost 100,000 persons,” Grande noted.

“Credit monitoring provides for continuous checking by a credit agency of a class member’s credit file. If there is suspicious activity, the class member is notified immediately and is given assistance to resolve the problem,” Sherman said.

“Credit monitoring services may cost as much as $5 to $15 per month if purchased individually. We are extremely pleased that the University has negotiated a settlement package that provides these services to every class member who wants them,” Grande said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Credit report monitoring data breach Honolulu Community College Information privacy Kapiolani Community College Manoa Personally identifiable information Social Security number University of Hawaii

The European Union to revamp data-protection rules that will control information flow

January 24th, 2012

Europe has been struggling for stricter data breach laws for a long time. The recent data thefts have pushed the EU to make tough rules as regards data breaches and data security. This certainly is the need of the hour, not only in Europe but all over the world as data breaches are on the rise and hackers are taking advantage of the loopholes in the system.

EU Justice Commissioner Viviane Reding talks about introducing new data protection regulations

The European Union is in the process of proposing new regulations regarding how companies use the personal information of Internet users this week. The new regulations are going to have a major impact on companies like Google and Facebook. This is going to put stricter limits on how they use the information of the people that use their services. According to Viciane Reading, vice president of the European Commission, a branch of the EU, these new regulations are absolutely required to protect personal data of the users and rebuild a sense of confidence in them.

The current state of security laws in Europe:

At present there are conflicting laws from various countries that form the Union. These laws force the companies to collect data on consumers from the Internet. Companies who do not follow any regulations are becoming a victiom of data breach and are always at loggerheads with the governments. For e.g. Facebook, has been in the limelight as it was targeted by both U.S. and European regulators for the wayt they use user data. The company underwent 20 years of independent audits after the U.S. Federal Trade Commission proved that the company’s use of customer information was illegal.

What data privacy means for consumers?

Privacy is a major concern for today’s insurance industry. The more transactions we carry out online, the more we stand to risk of becoming a target of cyber crime. Data Breaches puts information of millions of consumers at risk and that means monetary losses for companies and insurance groups.

What will the new rules exactly do?

The new rules will make it compulsory for financial services firms and credit card processors to report incidents of lost or stolen data within 24 hours of a breach. These rules are set to come into effect today. The companies must, as per new rules, appoint a data protection officer to preside over the protection of personal data stored and processed by individual businesses.

EU Justice Commissioner Viviane Reding’s comment

“I want to explicitly clarify that people shall have the right – and not only the ‘possibility’ – to withdraw their consent to the processing of the personal data they have given out themselves,” says Reding. “If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.” ”Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay,” adds Reding. “As a general rule, without undue delay means for me ‘within 24 hours’.”

Data security with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security. There are no short cuts to Data security in any organization. Alertsec offers ervice that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: AlertSec Xpress Cryptography data breach data security Encryption European Union Facebook Federal Trade Commission Information privacy Internaut laptop Personal computer Personally identifiable information Theft Viviane Reding

Data breach at ICBC, employee accessed data of crime targets

December 18th, 2011

Data breach at ICBC

Data breach incidents are getting bizarre day by day and one never knows what comes up next. These incidents are not limited to accessing information of people alone but harming these individual’s lives as well.

The following incident details account of victims of data breach whose homes and cars were set on fire or their vehicles were shot at!

The series of fires started in September in Vancouver and continued throughout the province. When the RCMP started investigating these incidents, they realized that people who were associated with the Justice Institute of British Columbia were the targets of this crime.

Police work laid to arresting the perpetrator last week who apparently is an ICBC employee. This alleged employee accessed personal data of 65 individuals out of which 13 became a victim of arson and shooting. The victims were employees and past students.

According to the Chief Supt. Janice Armstrong of the Lower Mainland District Regional Police Service ”We can now state the investigation revealed a link to an ICBC employee, who allegedly accessed personal information of 65 individuals, including the 13 identified victims,” . “That employee, along with other individuals, is under continued police investigation.” She also added further “Additionally, police continue to pursue significant investigative avenues to determine if others could be at risk,”. “We recognize this is very disturbing for the victims and the individuals we warned.”

ICBC president CEO Jon Schubert’s statement: “We are appalled that one of our employees inappropriately accessed the information of so many customers without any apparent business reason to do so. Our main concern is for the customers who have suffered as a result of this privacy breach.”

The employee in question has been fired with no severance. The data breach victims are being informed about the breach and measures are being taken at the ICBC to prevent from such incidents happening in the future. ICBC CEO Jon Schubert said “We have conducted a thorough internal and an independent external review of our systems as a result of the privacy breach and have taken steps to better guard against this type of incident from happening again,”.

RCMP Sgt. Peter Thiessen is looking at another angle which might explain these crimes “Whether there’s organized crime links or whether it’s a disgruntled employee or someone who had a negative interaction at the Justice Institute, none of those have been eliminated at this particular time”.

Fortunately no one has been physically injured in these incidents.

More about Justice Institute of British Columbia

JIBC is a public post-secondary institution based out of New Westminster. It is into training people into a variety of disciplines related to justice. Professionals such as police officers, paramedics, social workers and correctional staff are trained at this Institution.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Check Point data breach Employment Justice Institute of British Columbia Lower Mainland New Westminster Personally identifiable information Police RCMP Royal Canadian Mounted Police Vancouver

North Somerset Council and Worcestershire County Council pay penalties for data breach

November 29th, 2011

In the post dated Nov 27 we talked about local authorities under ICO’s radar. This is further to that post.

The Information Commissioner’s Office (ICO) has fined the North Somerset Council and Worcestershire County Council for ‘serious email errors’. According to the ICO in both the cases, the staff members sent highly sensitive personal data to the wrong email addresses. The first took place at North Somerset Council in November 2010 when a council employee sent five emails to the wrong NHS employee. Two of these emails had highly sensitive and confidential information related to a child’s serious case review.

Strangely enough, data was emailed to the same NHS employee three times again! And this was after the council employee was communicated about the error. The incidents took place in Nov and Dec last year.

The Worcestershire County Council – The Worcestershire County Council employee emailed highly sensitive personal data belonging to a large number of people to 23 wrong email addresses. The employee got in touch with the receipients immediately notifying them about deleting the email. These recipients worked for registered organisations and followed the council’s protocols about handling sensitive data.

Information Commissioner Christopher Graham, said: “Personal information in cases involving vulnerable people is about the most sensitive personal information imaginable.

“It is of great concern that this sort of information was simply sent to the wrong recipients by staff at two separate councils.

“It was fortunate that in both cases at least the e-mail recipients worked in a similar sector and so were used to handling sensitive information.

“This mitigating factor has been taken into account in assessing the amount of the penalties.”

The Worcestershire County Council was fined £80,000 penalty for a March 2011 breach and the North Somerset Council was fined £60,000 fine for a serious breach of the Data Protection Act that took place in Dec 2010.

The ICO has the power to fine organisations up to £500,000 for serious data breaches. It is now following up with the Ministry of Justice for more powers that can audit local councils’ data protection compliance.

It is the local authorities responsibility to protect highly sensitive information related to patients, kids, etc. The common man must sleep well at night thinking its information is safe with the local authorities. But realities shows that is not the case. UK citizens are getting sleepless nights after reading data breach cases. In order to prevent such data thefts, every council must revamp its security policies and train its staff members.

These cases are a wake-up call to all public sector organisations. The ICO has started penalizing councils who have breached the data protection act. If local authorities want to avoid this penalty, they better get back on their toes and act fast. After all sensitive data of vulnerable people is at stake here and such incidents cannot be taken lightly.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

• Fully managed service for your convenience.

• Very cost effective service.

• Market leading laptop protection service.

• Quick and easy implementation.

• Easy to use protection.

• Transparent solution.

• Global 24/7 helpdesk.

• 100% secure and reliable encryption

Worcestershire County Council fined for data breach

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: AlertSec Xpress Check Point Christopher Graham Confidentiality data breach Data Protection Act 1998 ICO Information Commissioners Office National Health Service NHS North Somerset North Somerset Council Personally identifiable information Worcestershire Worcestershire County Council

Southwark Council faces heat from ICO for data breach

November 23rd, 2011

If you remember, last blog post talked about a laptop theft incident that occurred years ago but was reported only recently. This post is based on the same lines.

Details from the Information Commissioner’s Office (ICO)

The Southwark council failed to manage its paperwork and a computer that contained data of 7,200 individuals when it moved from its site at the Spa Road Complex in December 2009. When the new company moved in, it found this data that contained addresses, names and information relating to medical history, criminal convictions and ethnicity.

Sally Anne Poole, Acting Head of Enforcement at the ICO, said “The fact that thousands of residents’ personal details went missing for over two years clearly shows that Southwark Council’s policies for handling personal information are below standard. As this information was lost before the ICO received the power to issue financial penalties we are unable to consider taking more formal action in this case,”.

Investigation report

The investigation revealed that this data was unencrypted and that the protocol supposed to be followed while moving was not up to the mark. Had this incident taken place recently, Southwark would have been fined by the ICO. Thus Southwark Council had breached the Data Protection Act.

According to an Information Commissioner’s Office (ICO) spokesman”The computer was an old Apple iMac,”. “It had some security features, like password protection, but no encryption. The vast majority of details were on the computer.”

More details emerge

It appears that the unencrypted iMac and other papers were left in the vacant building for two years. The new tenants discovered these documents in June and threw them into a skip.

What is Southwark doing post incident?

The Council is in the process of revamping its data security procedures and ready to be audited in 2012. It plans to join the other 105 councils, schools, trusts and businesses that have signed undertakings with the Commission since January 2010. The ICO has in addition, issued three enforcement notices, conducted two prosecutions, and has issued fines to six organisations ranging from £1,000.

A Southwark Council spokesman said: “As soon as this incident was reported to us, we instantly launched an internal investigation and worked closely with all other relevant authorities to ascertain exactly what had happened.

“We treat any reporting of a possible breach of data very seriously indeed. Throughout this issue the council advised and co-operated with the Information Commissioner’s Office and has now put in place a number of measures to improve its handling and storage of personal data.”

Southwark council in trouble for data breach

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.