DOC

WEEKLY PRIVACY-SECURITY NEWS BRIEF

By Joseph Elliott,2014-05-17 16:13
11 views 0
WEEKLY PRIVACY-SECURITY NEWS BRIEF

    Privacy & Security News Brief

    September 7-13, 2008

    Vol. 1, No. 47

    TABLE OF CONTENTS

    BIOMETRICS .............................................................................................................................................................. 4

    UK city says no to biometrics ________________________________________________________________ 4

    ? Union warns council staff not to provide fingerprints ________________________________________ 4 DATA BREACH ........................................................................................................................................................... 4

    Forever 21 Provides Notice to Customers Regarding Security Breach Incident _________________________ 4

    ? Forever 21: Nearly 99,000 cards compromised in data thefts __________________________________ 4

    TSU says student Social Security numbers have gone missing ______________________________________ 4

    900 laptops go missing at London Heathrow airport every week _____________________________________ 4

    Former Texas Lottery employee investigated for storing personal information at home ___________________ 4

    Unencrypted data of 15,000 patients stolen from Winchester GP ____________________________________ 5

    Countrywide, Franklin Savings Security Breach _________________________________________________ 5

    Stolen laptop had personal data on Pitt business school grads _______________________________________ 5

    Another day, another data breach _____________________________________________________________ 5

    ? Strike threat by prison officers after data is lost ____________________________________________ 5 E-COMMERCE ............................................................................................................................................................ 6

    British Firm Phorm Trudges Through the Deep Packet Storm _______________________________________ 6 EDITORIALS & OPINION ......................................................................................................................................... 6

    Interview: Sandra Hughes - Global Ethics, Compliance and Privacy Executive at the Procter & Gamble

    Company ________________________________________________________________________________ 6

    As Google turns 10, advice for its next decade __________________________________________________ 6

    Bigger breach of Internet privacy _____________________________________________________________ 6 EDUCATION ................................................................................................................................................................ 6 EMPLOYEE ................................................................................................................................................................. 7

    One in five bosses screen applicants' Web lives: poll ______________________________________________ 7

    Leak fears could set bosses spying on staff _____________________________________________________ 7 GOVERNMENT U.S. FEDERAL ............................................................................................................................ 7

    Libertarian Barr, EPIC Outline Privacy Agenda _________________________________________________ 7 GOVERNMENT U.S. STATES ................................................................................................................................ 7

    INDIANA _______________________________________________________________________________ 7

    Indiana Begins Statewide Implementation of e-Subscription Management Service ______________________ 7 HEALTH & MEDICAL ............................................................................................................................................... 8

    Feds finally put teeth into HIPAA enforcement __________________________________________________ 8

    Consumer control over personal medical data is coming to Canada __________________________________ 8

    Panel weighs prescription database: Privacy issues raised __________________________________________ 8 IDENTITY THEFT ...................................................................................................................................................... 8

    Will new rules stem identity theft? ____________________________________________________________ 8

    Identity crisis ____________________________________________________________________________ 9

    ID protection can be do-it-yourself ____________________________________________________________ 9 INTERNATIONAL....................................................................................................................................................... 9

    U.N. agency eyes curbs on Internet anonymity __________________________________________________ 9

    Identity thieves: Thanks for the bypass ________________________________________________________ 8AFRICA .................................................................................................................................................................... 9 ASIA/PACIFIC ........................................................................................................................................................ 9

    Japan, U.S., China are leading sources of Web attack traffic ________________________________________ 9 EUROPE .................................................................................................................................................................. 9

    EU justice chief welcomes Google privacy move ________________________________________________ 9

    GERMANY ____________________________________________________________________________ 10

    German official wary of Google's Chrome browser ______________________________________________ 10 MIDDLE EAST ..................................................................................................................................................... 10 NORTH AMERICA .............................................................................................................................................. 10

    CANADA ______________________________________________________________________________ 10

    Grower wants privacy commissioner to investigate wheat board leak ________________________________ 10 SOUTH AMERICA ............................................................................................................................................... 10 LEGISLATION FEDERAL .................................................................................................................................... 10

    Bill establishes Cyber Security Pilot Program to provide money to bolster state government‘s cyber

    infrastructure ____________________________________________________________________________ 10 LEGISLATION STATE .......................................................................................................................................... 10

    CALIFORNIA __________________________________________________________________________ 10

    Schwarzenegger gets softened version of vetoed breach bill _______________________________________ 10 LITIGATION & ENFORCEMENT ACTIONS ........................................................................................................ 11 MOBILE/WIRELESS ................................................................................................................................................ 11

    Are open phones more vulnerable? __________________________________________________________ 11

    Critical Steps for Securing Wireless Networks and Devices _______________________________________ 11 ODDS & ENDS .......................................................................................................................................................... 11

    Obama sex video? Hardly. It's spyware spreading via e-mail ______________________________________ 11

    Symantec Unveils First Corporate Responsibility Report _________________________________________ 11

    Privacy dumped for better loan study _______________________________________________________ 12

    Brave New World of Digital Intimacy ________________________________________________________ 12

    FBI Warns of E-mail Relief Scams Following Hurricane Gustav ___________________________________ 12 ONLINE ...................................................................................................................................................................... 12

    Google bows to keystroke privacy concerns ___________________________________________________ 12

    Google to Retain IP Address Data for Only 9 Months ____________________________________________ 12

    ? Feeling The Heat, Google Pledges To Discard User Data After Nine Months ____________________ 12

    Dealing With I.S.P. Snooping _______________________________________________________________ 13

    A Privacy FAQ: What About You is Online? __________________________________________________ 13

    Corporations baffled by ‗network privacy‘_____________________________________________________ 13

    Privacy features let you erase your tracks online ________________________________________________ 13

    Number of Bot-Infected PCs Skyrockets ______________________________________________________ 13

    Data security now 10% of IT operating budgets, Forrester says ____________________________________ 14 RFID ........................................................................................................................................................................... 14

    RFID: From Fish to Flowerpots _____________________________________________________________ 14 SECURITY.................................................................................................................................................................. 14

    Securing the enterprise beyond the perimeter ___________________________________________________ 14

    Hackers hit Large Hadron Collider Web site ___________________________________________________ 14

     2

    Enterprises Struggle to Identify Sources of Risk ________________________________________________ 15 Credit Card Shaving: Scammers Go Low-Tech With Trick ________________________________________ 15 Group to release uniform metrics to measure IT security __________________________________________ 15 Data security can falter at the top ____________________________________________________________ 15 Companies Continue to Overlook Evolved Virus Attacks _________________________________________ 15 Keys to Locking Down Storage Security on a Database __________________________________________ 14New Software Equips Laptops with Remote Data Destruction Capability ____________________________ 16 Cyber-Attackers Target Web Applications, Study Says ___________________________________________ 16

    SEMINARS ................................................................................................................................................................. 17

    PAPERS ...................................................................................................................................................................... 17 Tips for Improving Security by Reducing Internet Abuse _________________________________________ 17 Global Best Practices in Email Security, Privacy and Compliance __________________________________ 17 The Botnet Threat: Successfully Defending Your Business ________________________________________ 17 Data Leakage Landscape: Where Data Leaks and How Next Generation Tools Apply ___________________ 17 Top 10 Things to Know about Data Protection _________________________________________________ 17

     3

    ARTICLE SUMMARIES AND LINKS

    BIOMETRICS

    UK city says no to biometrics

    Unison, a union for Westminster City Council workers, has told the council to boycott the use of biometric time

    clocks to replace standard punch card clocks due to a lack of consultation prior to their installation as well as union

    members being suspicious over the council‘s ability to properly safeguard the data, according to a Public Service

    article.

    http://www.thirdfactor.com/2008/09/11/uk-city-says-no-to-biometrics (ThirdFactor 9/11/08)

    Also see:

    ? Union warns council staff not to provide fingerprints

    http://www.computing.co.uk/computing/news/2226020/union-warns-council-staff (Computing UK -

    9/12/08)

DATA BREACH

    Forever 21 Provides Notice to Customers Regarding Security Breach Incident

    Forever 21 has posted a notice to its website, http://www.forever21.com, to alert customers who shopped at their

    stores on certain dates and periods about a security breach incident. Law enforcement recently informed Forever 21

    that their systems may have been illegally accessed to obtain customer payment card information.

    http://www.marketwatch.com/news/story/forever-21-provides-notice-customers/story.aspx?guid=%7BAB848540-

    2C15-4D2D-8D97-97B3DAF6513C%7D&dist=hppr (MarketWatch 9/12/08)

    Also see:

    ? Forever 21: Nearly 99,000 cards compromised in data thefts

    http://www.networkworld.com/news/2008/091608-forever-21-nearly-99000-cards.html?hpg1=bn (Network

    World 9/16/08)

TSU says student Social Security numbers have gone missing

    Tennessee State University this afternoon announced that a flash drive containing the financial information and

    Social Security numbers of more than 9,000 students was reported missing earlier this week. A financial aid

    counselor reported the flash drive missing after discovering that it was no longer in her possession, administrators

    said. The flash contained financial records of TSU students dating back to 2002. There have been no attempts to use

    the data.

    http://www.nashvillepost.com/news/2008/9/12/tsu_says_student_social_security_numbers_have_gone_missing

    (Nashville Post 9/12/08)

900 laptops go missing at London Heathrow airport every week

    Data loss is hitting the headlines all too often. Airports have become rich pickings for laptop and data thieves.

    Approximately 22.5 million business travellers pass through London Heathrow‘s terminals every year, and

    according to a recent survey by the Ponemon Institute, it is the worst offender for lost and stolen laptops with up to

    900 devices going missing per week. Despite most of these laptops having security precautions such as passwords

    and encryption in place, there is still a lot of fear that exists as to how the data can be used and what the

    consequences might be.

    http://www.securitypark.co.uk/security_article262043.html (SecurityPark.net 9/12/08)

Former Texas Lottery employee investigated for storing personal information at home

    Authorities are investigating a former employee of the Texas Lottery Commission who illegally had the personal

    information of some employees, lottery winners and retailers stored on a home computer. The criminal investigation,

     4

which started about three weeks ago, involves the Texas comptroller's office and the Travis County district Unencrypted data of 15,000 patients stolen from Winchester GP attorney's office, lottery spokesman Bobby Heith said. The data of 15,000 patients has been lost after a thief stole unencrypted computer tapes from a GP surgery. In the http://www.dallasnews.com/sharedcontent/dws/dn/latestnews/stories/091208dnmetlottery.1c677c0.html latest in string of patient data losses in the UK, a safe containing the back-up tapes was stolen from St Paul‘s surgery (Dallas Morning News 9/11/08) in Winchester at the weekend. The tapes contained personal health information on the patients. Hampshire Primary Care Trust, which manages NHS care in the county, said the tapes were not encrypted but instead had password

    protection. It said ―specialised computer equipment‖ was needed to run the tapes, and added: ―Anyone trying to read

    the information would ... need to have very advanced computer skills or access to a special computer programme to

    make any sense of it.‖

    http://www.computerworlduk.com/management/security/data-control/news/index.cfm?newsid=10962

    (ComputerWorld UK 9/11/08)

Countrywide, Franklin Savings Security Breach

    Letters are going out to customers of Franklin Savings and Loan, one of Cincinnati's oldest banks. A similar letter is

    going out to Countrywide mortgage customers. Franklin states that a hacker accessed files of 25,000 customers...but

    says there is no evidence of any ID theft.. Meantime, in an unrelated case, a renegade Countrywide employee

    allegedly stole as many as 2 million customer names, and sold them to other mortgage companies. Once again, there

    is no evidence the names were wrongly used for ID theft.

    http://www.wcpo.com/content/news/localshows/dontwasteyourmoney/story.aspx?content_id=af377e35-f032-4259-

    ae9b-4abe93233eef

    (WCPO 9/10/08)

Stolen laptop had personal data on Pitt business school grads

    College of Business Administration graduates at the University of Pittsburgh have been notified that a laptop

    containing their personal information including their names and Social Security numbers was stolen last month.

    Citing an ongoing police investigation, Pitt officials today would not say how many alumni of the undergraduate

    program were affected. The laptop, stolen from Mervis Hall on Aug. 11, was being used by an employee to conduct

    surveys of alumni that are used in college rankings.

    http://www.post-gazette.com/pg/08253/910715-100.stm

    (Pittsburg Post-Gazette 9/9/08)

Another day, another data breach

    Over the weekend, news broke in the UK of a data breach affecting up to 5,000 prison staff, whose details were on a

    hard disk lost by contractor EDS two months ago. The data compromise was only disclosed over the weekend.

    Prison staff are so unhappy about the loss of their sensitive data that they are now threatening strike action, and they

    seem particularly peeved that no-one let them know earlier that their details might have fallen into the wrong hands.

    http://news.zdnet.co.uk/leader/0,1000002982,39485540,00.htm

    (ZDNet 9/8/08)

    Also see:

    ? Strike threat by prison officers after data is lost

    http://www.guardian.co.uk/society/2008/sep/08/prisonsandprobation.justice?gusrc=rss&feed=society

    (Guardian 9/8/08)

     5

E-COMMERCE

    British Firm Phorm Trudges Through the Deep Packet Storm

    Deep packet inspection the secret harvesting of granular details about individual internet activity so companies can make better guesses about what to sell you has been facing a slow death in the U.S. NebuAd, the leader on

    these shores, has shed employees and lost its CEO amid public backlash and intense congressional scrutiny that led

    one legislator to question if what they were doing was even legal. But British firm Phorm, which provides a similar

    service abroad, has so far managed to steer through the death-inducing scrutiny and negative press that has

    enveloped NebuAd.

    http://blog.wired.com/business/2008/09/british-firm-ph.html

    (Wired 9/08/08)

EDITORIALS & OPINION

    Interview: Sandra Hughes - Global Ethics, Compliance and Privacy Executive at the

    Procter & Gamble Company

    Sandra R. (Sandy) Hughes is the Global Ethics, Compliance and Privacy Executive at the Procter & Gamble

    Company, headquartered in Cincinnati, Ohio, USA. Procter & Gamble's privacy program has been designed and

    implemented to promote trust among consumers, employees and other constituencies by protecting an individual's

    rights to privacy as they would expect. The purpose of the Ethics &Compliance organization is to put tools and

    processes in place to minimize the possibility of a breach that could negatively impact corporate reputation and

    shareholder value.

    http://www.kuci.org/privacypiracy/#09_03_08

    (KUCI 9/3/08)

As Google turns 10, advice for its next decade

    In the next decade, Google will continue to be the Dr. Jekyll and Mr. Hyde of digital free speech and privacy. On the

    one hand, Google's innovative tools for finding and publishing online content have been and will continue to be a

    boon to the Internet's billions of users, fostering free speech and open access to information on an unprecedented

    scale. On the other hand, Google will also continue to be the primary innovator when it comes to finding more

    powerful and invasive ways of tracking and monetizing Internet users' private online activities.

    http://latimesblogs.latimes.com/technology/2008/09/google-intervie.html

    (L.A. Times 9/8/08)

Bigger breach of Internet privacy

    A curious, slow-motion momentum is building for new rules on online privacy. The Federal Trade Commission,

    after three years of inquiries, sent a report to Congress in June with sobering findings about just how thoroughly

    Internet companies are tracking their customers' Web use so they can be targeted with advertising. Unlike the broad

    public outrage in 2003 over broadcasting ownership consolidation, online privacy, which especially in its DPI form

    is even more disturbing, has a thin and lonely constituency. That's too bad. History suggests that the window for

    adopting sensible and fair-minded rules on a new medium opens only early in its development and shuts quickly.

    http://www.kentucky.com/589/story/515903.html

    (Kentucky.com 9/7/08)

EDUCATION

     6

EMPLOYEE

    One in five bosses screen applicants' Web lives: poll

    Written references could become old hat for hiring managers with one in five saying they use social networking sites

    to research job candidates -- and a third of them dismissing the candidate after what they discover. A survey by

    online job site CareerBuilder.com of 3,169 hiring managers found 22 percent of them screened potential staff via

    social networking profiles, up from 11 percent in 2006. An additional nine percent said they don't currently use

    social networking sites like Facebook or MySpace to screen potential employees but they do plan to start.

    http://news.yahoo.com/s/nm/20080911/wr_nm/jobs_internet_tech_life_dc;_ylt=AlKhD6tidfj00mW8GDC_NWojtB

    AF

    (Yahoo 9/11/08)

Leak fears could set bosses spying on staff

    Big brother bosses will increasingly be tempted to turn to staff surveillance to stop insider leaks before they happen,

    says the head of a cyber security government body. Large companies are already exploring ways of monitoring

    employee behaviour on corporate systems to detect potential wrongdoing, according to Nigel Jones, director of the

    Cyber Security Knowledge Transfer Network (KTN), a government-funded body dedicated to promoting the UK

    cyber security business. Businesses are becoming more concerned about data security as the amount of information

    they handle and retain balloons - leading to a better understanding of of its value, Jones said.

    http://software.silicon.com/security/0,39024655,39284217,00.htm

    (silicon.com 9/4/08)

GOVERNMENT U.S. FEDERAL

    Libertarian Barr, EPIC Outline Privacy Agenda

    The Democratic and Republican candidates for U.S. president aren't giving enough emphasis to privacy and civil

    rights issues, the Electronic Privacy Information Center (EPIC) and Bob Barr, the Libertarian candidate for president,

    said. Privacy issues received no mention at the Democratic and Republican national conventions during the past two

    weeks, said Barr, a former Republican congressman from Georgia, speaking at an EPIC press conference. Debates

    about privacy and civil rights issues, including government surveillance of U.S. residents and routine searches of

    laptops at U.S. borders, were "nowhere to be seen" at the conventions, Barr said.

    http://www.pcworld.com/businesscenter/article/150754/libertarian_barr_epic_outline_privacy_agenda.html

    (PC World 9/5/08)

GOVERNMENT U.S. STATES

    INDIANA

    Indiana Begins Statewide Implementation of e-Subscription Management Service

    Indiana citizens, businesses and visitors can now find subscription options on more than 20 agency Web sites,

    including the Lieutenant Governor's Office, Bureau of Motor Vehicles, Indiana State Police and Department of

    Workforce Development. Indiana plans to roll out the e-subscription service to 75 executive branch agencies and

    will work with legislative and judicial branches and separately elected officials. "This communications tool allows

    us to quickly and efficiently deliver updates of user-selected information to the public," said Gerry Weaver,

    Indiana's chief information officer. "Real-time information sharing is critical to keeping the public informed, safe

    and healthy."

    http://www.govtech.com/gt/articles/399112?utm_source=newsletter&utm_medium=email&utm_campaign=Central

    %20Region%20News_2008_9_8

    (Government Technology 8/26/08)

     7

HEALTH & MEDICAL

    Feds finally put teeth into HIPAA enforcement

    A data security audit that the U.S. Department of Health and Human Services conducted at Piedmont Hospital in

    Atlanta last year was widely viewed within the health care industry as a harbinger of further actions by the federal government to enforce HIPAA's security and privacy rules. Eighteen months after HHS quietly began the Piedmont

    audit, there hasn't been much evidence of stepped-up enforcement. But now a stringent "resolution agreement"

    signed in July by the agency and Seattle-based Providence Health & Services is generating the same kind of buzz among health care providers that the Piedmont audit did.

    http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=325376&intsrc=news_ts_

    head

    (ComputerWorld 9/8/08)

Consumer control over personal medical data is coming to Canada

    Beta versions of Google Health and Microsoft HealthVault - both examples of new personal health record (PHR)

    technology - were launched last year. These free software products allow consumers to store and manage their

    personal medical data in structured repositories online. But there are privacy and security implications with these sorts of systems.

    http://www.intergovworld.com/article/42adc562c0a80006001d88f64bbf545d/pg1.htm

    (InterGovWorld 9/8/08)

Panel weighs prescription database: Privacy issues raised

    Cancer survivor Lois Fitzpatrick worries that a prescription drug database proposed for the upcoming session of the Montana Legislature would compromise her privacy and hinder patients' access to pain medications. Mark Long,

    chief of the narcotics bureau for Montana's Division of Criminal Investigations, fears that if the drug registry fails, addicts and criminals will continue diverting pain medications and Montanans will keep dying from opiate

    overdoses at an alarming rate. An average of 246 deaths related to prescription drugs have occurred in Montana

    every year since 2001, by Long's count.

    http://www.missoulian.com/articles/2008/09/08/news/mtregional/news07.txt

    (Missoulian 9/6/08)

IDENTITY THEFT

    Will new rules stem identity theft?

    Identity thieves face tough going this year if they think pilfering your personal information will be a stroll through the park. Or at least that's what regulators hope. This is because new "red-flag" rules aimed at impeding identity thieves are being phased in. The rules push financial institutions to make sure people are who they say they are. Authenticating identities will be the name of the game. Red-flag rules stipulate that financial institutions and creditors establish a written program to "detect, prevent and mitigate identity theft in connection with the opening of certain accounts or existing accounts."

    http://articles.moneycentral.msn.com/Banking/FinancialPrivacy/WillNewRulesStemIdentityTheft.aspx

    (MSN 9/9/08)

Identity thieves: Thanks for the bypass

    The latest twist in identity fraud involves stealing your identity in order to use your health insurance. Jennifer Barrett, global privacy officer at Acxiom, says the scam is the newest trend in identity fraud. That it's growing fast should come as no surprise, as health care costs - and the ranks of the uninsured - continue to rise. (Acxiom provides services to help insurers verify the validity of claims.). With this type of fraud it's typically your insurance company, not you, that takes the financial hit. But you still might want to keep an eye on your medical claims history. The reason: if medical scammers steal your identity you may suddenly have a medical history that isn't yours. Left

    undetected, that might put you at risk for misdiagnosis or improper treatment, Barrett says.

    http://blogs.computerworld.com/identity_thieves_thanks_for_the_bypass_surgery

    (ComputerWorld 9/8/08)

     8

Identity crisis

    Illegal immigrants buy Social Security numbers from shady brokers, borrow them with permission from people they know, steal them, invent them and share them. Some use numbers belonging to their U.S.-born children. Using another person's Social Security number is identity theft, even if it's used solely to gain employment. Yet federal privacy laws prevent the Social Security Administration, the Department of Homeland Security and the Internal Revenue Service from cross-checking their vast electronic databases to identify illegal workers. http://www.columbusdispatch.com/live/content/local_news/stories/2008/09/08/IMMIG_2.ART_ART_09-08-08_A1_80B7J7I.html?sid=101

    (Columbus Dispatch 9/8/08)

ID protection can be do-it-yourself

    Looking at a chronology of data breaches compiled by the Privacy Rights Clearinghouse, it seems you can't even go a week without significant numbers of people having their identifying information stolen. In fact, nearly 28 million people were victims of identity theft between 2005 and 2007, according to a nationwide survey by Javelin Strategy and Research, a consultancy firm for the financial services and payment industries. The constant news of data losses and the heightened awareness of victimization have fueled a growing industry built around monitoring individuals' credit.

    http://www.boston.com/business/articles/2008/09/07/id_protection_can_be_do_it_yourself/?p1=Well_MostPop_Emailed2

    (Boston Globe 9/8/08)

INTERNATIONAL

    U.N. agency eyes curbs on Internet anonymity

    A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous. The U.S. National Security Agency is also participating in the "IP Traceback" drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal.

    http://news.cnet.com/8301-13578_3-10040152-38.html?tag=newsLeadStoriesArea.0

    (CNet 9/12/08)

AFRICA

    ASIA/PACIFIC

    Japan, U.S., China are leading sources of Web attack traffic

    Japan, the United States and China topped the list of countries from which Internet attack traffic originates in a recent report by Akamai Technologies Inc. The three countries accounted for more than 60 percent of attack-oriented Internet traffic. Akamai's second-quarter State of the Internet report found attack traffic originating from 139 countries, up from 125 countries in the first quarter of 2008.

    http://www.gcn.com/online/vol1_no1/47109-1.html

    (GCN 9/10/08)

EUROPE

    EU justice chief welcomes Google privacy move

    The EU's top justice official on Thursday welcomed a recent move by Google Inc. to cut the time it keeps users' search details. Jacques Barrot, the EU's justice and home affairs commissioner said Google's announcement earlier this week was "a good step in the right direction." He said however, Google's move to cut its retention of data logs from 18 months to nine should be trimmed further to six months.

    http://news.yahoo.com/s/ap/20080911/ap_on_hi_te/eu_online_privacy

    (Yahoo 9/11/08)

     9

GERMANY

    German official wary of Google's Chrome browser

    Internet surfers should approach the preliminary version of Google Inc.'s new browser, Chrome, with caution

    because its security is untested, a spokesman for Germany's Federal Office for Information Security said. "People should be aware that this is a beta version and that we don't yet know much about its security," spokesman Matthias

    Gaertner told The Associated Press. "Beta" refers to a test release.

    http://ap.google.com/article/ALeqM5hMLOLQ3biBp2knQHt15Xn9FKKWIgD9338OT80

    (Associated Press 9/9/08)

MIDDLE EAST

    NORTH AMERICA

    CANADA

    Grower wants privacy commissioner to investigate wheat board leak

    A Lanark County wheat producer after learning personal producer information had been transferred from the

    province's wheat board to a non-government organization has filed a complaint with Ontario‘s privacy

    commissioner. ―It was done without our permission,‖ says John Vanderspank, Ontario Wheat Producers Marketing

    Board representative for district 10.

    http://www.betterfarming.com/online-news/grower-wants-privacy-commissioner-investigate-wheat-board-leak-824

    (BetterFarming.com 9/7/08)

SOUTH AMERICA

    LEGISLATION FEDERAL Bill establishes Cyber Security Pilot Program to provide money to bolster state

    government’s cyber infrastructure

    In an effort to protect state governments and their residents from the daily barrage of attacks that threatens their

    cyber infrastructure and sensitive personal information, Senator Norm Coleman today introduced the State Cyber

    Security Protection Act of 2008. This legislation establishes a State Cyber Security Pilot Program within the

    Department of Homeland Security to provide money to strengthen cyber security within state governments. The

    pilot program is authorized at $25 million a year for 2 years and the maximum a state can receive is $3 million.

    http://coleman.senate.gov/public/index.cfm?FuseAction=PressReleases.Detail&PressRelease_id=4d975873-0933-

    a3c0-368d-c6d8c6ba5b6b

    (Press Release 9/10/08)

    LEGISLATION STATE CALIFORNIA

    Schwarzenegger gets softened version of vetoed breach bill

    California's state legislature has sent Gov. Arnold Schwarzenegger an amended version of a closely watched data

    breach bill that he vetoed last October. The Consumer Data Protection Act, or AB 1656, would require retailers and

    other businesses operating in the state to take specific steps to prevent credit and debit card data from being

    compromised. For instance, it would prohibit the storage of PINs, magnetic-stripe data and other information, even

    in encrypted form. Retailers would also have to disclose more details about breaches to affected consumers.

    http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=3255

    74&taxonomyId=17&intsrc=kc_top (ComputerWorld 9/8/08)

     10

Report this document

For any questions or suggestions please email
cust-service@docsford.com