disclosure

PHIPrivacy asks “do the HHS breach reports offer any surprises?” It’s now been a full year since the new breach reporting requirements went into effect for HIPAA-covered entities. Although I’ve regularly updated this blog with new incidents revealed on HHS’s web site, it might be useful to look at some statistics for the first year’s…

Read More Lessons from HHS Breach Data

Over at the Office of Inadequate Security, Dissent does excellent work digging into several perspectives on Discover Card breaches: Discover’s reports, and the (apparent) silence of breached entities. I’m concerned that for many of the breaches they report, we have never seen breach reports filed by the entities themselves nor media reports on the incidents.…

Read More Fines or Reporting?

The UK’s Financial Services Authority has imposed a £2.28 million fine for losing a disk containing the information about 46,000 customers. (Who was fined is besides the point here.) I agree heartily with John Dunn’s “Data breach fines will not stop the rot,” but I’d like to go further: Data breach fines will prolong the…

Read More Data breach fines will prolong the rot

Ireland has proposed a new Data Breach Code of Practice, and Brian Honan provides useful analysis: The proposed code strives to reach a balance whereby organisations that have taken appropriate measures to protect sensitive data, e.g. encryption etc., need not notify anybody about the breach, nor if the breach affects non-sensitive personal data or small…

Read More Breach Laws & Norms in the UK & Ireland

In “White House Cyber Czar: ‘There Is No Cyberwar’,” Ryan Singel writes: As for his priorities, Schmidt says education, information sharing and better defense systems rank high. That includes efforts to train more security professionals and have the government share more information with the private sector — including the NSA’s defensive side. “One thing we…

Read More I look forward to merging your unique visibility into my own

The excellent ‘Notes from the Technology Underground’ has some personal recollections of “when planes fell from the sky:” In the 1950s, planes crashed with alarming frequency into city neighborhoods near the Minneapolis-St. Paul airport. At least one devoured a house nearl where I now live, in Southwest Minneapolis. I heard from older neighbors about the…

Read More When Planes Fell From the Sky

Reading Arthur’s “What Me Data Share?” and Chris’ “CSI/FBI Survey considered harmful,” I realized that what they’re discussing may not be common knowledge. I also realized that my posts about how valuable disclosure laws are assumed that everyone knows what Chris and Arthur said, and that ain’t so. The lack of information sharing that plagues…

Read More A Few More Thoughts on Disclosure