2. Article 1: Privacy breach exposes Social Security numbers of FSCJ students, employees Five other state colleges impacted by security breakdown at automated library services provider. Posted: August 10, 2010 - 2:02pm Advertisement By Matt Coleman Social Security numbers and other private information belonging to students and employees at Florida State College at Jacksonville and five other state colleges might have been accessible this year because of a privacy breach at an automated library service. The College Center for Library Automation in Tallahassee, which provides electronic resources to Florida’s public colleges, advised almost 30,000 FSCJ students and employees Tuesday that a software upgrade left their personal data vulnerable from May 29 to June 2. The breach was identified in late June, when a student reported finding his own personal information embedded in a set of Google search results, according to a news release from the center. Names and driver’s license numbers also might have been accessible during the five-day window. The exposed data did not include any personal financial information such as credit card or bank account numbers or library usage records, center spokeswoman Lauren Sproull said. She declined to identity the type of software that was being upgraded when the security breach occurred. No incidents of identity theft have been reported, but that hasn’t stopped the center from cautioning students to place a fraud alert on their credit files by contacting a credit bureaus. The privacy breach included only data from students and employees who were active during the summer term, FSCJ spokesman Michael Corby said. Corby said the college is moving away from using sensitive personal data for library services and other on-campus resources. The school will debut a new student identification card system next week in preparation for the 2010-11 academic year. Social Security numbers won’t be part of that identification system. Another 100,000 students and employees from Broward College, Northwest Florida State College, Pensacola State College, South Florida Community College and Tallahassee Community College also could have been affected in the security lapse.
3. Summary & comments This article was identifying the recent identity leak that had occurred in a college. Although there was no record of anything being stolen it was still very dangerous. It was identified when one of the students found personal information about himself through a Google search. This could have resulted in many things. Including theft or even the college getting into legal issues and causing them to change their system or pay compensations to the victims.
4. Article 2: 15 August 2010 18:20 Web trackers breach the privacy barrier Article tools Print articleSend to friend The fastest growing businesses on the Internet is the business of spying on consumers. A Wall Street Journal investigation finds that one of the "fastest growing businesses on the Internet is the business of spying on consumers". It notes that while Web tracking software is nothing new, it has grown "far more pervasive and far more intrusive than is realised by all but a handful of people in the vanguard of the industry". The 50 top websites on average installed 64 pieces of tracking technology onto the computers of visitors, usually with no warning. A dozen sites each installed more than a 100. Tracking technology is getting smarter and more intrusive. New tools scan in real time what people are doing on a Web page, then instantly assess location, income, shopping interests and even medical conditions. "Some tools surreptitiously re-spawn themselves even after users try to delete them," reports The Wall Street Journal. The growing use and power of tracking technology has begun to raise regulatory concerns. It quotes Senator George LeMieux in a hearing on Internet privacy: "If you were in the Gap, and the sales associate said to you, ‘OK, from now on, since you shopped here today, we are going to follow you around the mall and view your consumer transactions,' no person would ever agree to that." Usefully, the newspaper provides a full guide on how "to avoid prying eyes", including simple browser setting changes that users can implement on their computers, privacy ‘plug-ins' that can be installed to combat actively attempts to spy and ways of ‘opting out' of certain Web advertising networks.
5. Summary & comments This article was about the web tracking software that can be used to track others on computers. It also identified many concerns that could occur with this system. This can have many issues with this system. Some being: Theft and invasion of privacy.
6. Article 3:Analysis: Healthcare Breach Costs May Reach $800 Million Posted by George Hulme, Aug 15, 2010 05:26 PMAccording to an analysis by the Health Information Trust Alliance (HITRUST), regulated health care organizations that have reported health information breaches of 500 or more people could cumulatively spend upwards of $1 billion in related costs. Since the Health Information Technology for Economic and Clinical Health Act or HITECH Act of 2009 came to being, a number of new privacy, security and reporting and non-compliance penalty provisions went into effect. And as summarized by this report from HITRSUT, there have been 108 entities who have reported security breaches since September of last year. Those breaches comprise about 4 million people and records. In the analysis, Chris Hourihan Manager, CSF Development and Operations, HITRUST used the 2009 Ponemon Institute Cost of a Data Breach Study [.pdf], which found the average cost for each record within a data breach to be $204. That's $144 of indirect costs and $60 of direct costs. An overview of the Ponemon study is available here. By doing the math on the HITECH related breaches, Hourihan estimates that the total cost for all organizations could reach $834 million: $245 million in direct costs for everyone and $2.3 million to $7.7 million in indirect costs. While the trigger for breach notification is risk based, Hourihan estimates that health care organizations are being extremely cautious, and erring on the side of publicly reporting breaches, rather than being more conservative: It is important to note that what constitutes a breach and is subsequently reported to the [Health and Human Services] Secretary: an organization believes the incident “poses a significant risk of financial, reputational, or other harm to the individual;” this does not mean some form of harm has been enacted upon everyone or even anyone affected. While this provides the possibility for an organization to not notify individuals—if the organization performs a risk assessment and determines the risk of harm is significantly low—organizations appear to be erring on the side of caution and providing notice to the individuals and Secretary regardless. In one specific instance with Rainbow Hospice and Palliative Care, the laptop that was stolen was in fact encrypted, yet notice was still provided. In breaking down the data breaches by how they occurred, Hourihan also found the majority of breaches to be by loss and theft: Looking at the cross-section of these categories and focusing first on simply the number of breaches experienced, the theft of laptops was the number one cause resulting in a total of 32 breaches reported. The next closest leading causes are theft of desktop computers and theft of removable media resulting in 10 and 12 breaches respectively. The total number of thefts reported is an astonishing 68 or 63% of all breaches. With those costs in mind, and the hassles associated with breach notification, it would seem more health care organizations would turn to encrypting of data at rest - and banning the use of notebooks and removable media for protected patient medical information.
7. Summary & comments This article was identifying the major privacy breach that occurred in the heath care system. It including records of patients being breached and insecure. It identifies that massive effects of the organisations financial and reputational status and also having affects to the patient individuals. It wasn't good enough that the breaches included 4million people and their details. The good thing about this article is that it identifies the steps that will help ensure that the information is being protected, including the loss of notebooks with data on them as they are easily portable.
8. Why should personal information be protected? Personal information should be protected. As it is personal, no one else unless given permission should be allowed to access your information. If it is not protected the risk of theft increases significantly. Your information when not being protected can be stolen or used in many different ways. Not only can the victim be penalised but the organisation who is responsible for the protection of your information can also be.