Peter A Clarke

Another loss of health records in the UK.  In Patient record probe is underway at GP surgery the Nuneaton News reports on a bag of patient records being found Read the rest of this entry »

Today thePrivacy Commissioenr released a video, the first in a series, on privacy.

It is found here:

https://www.youtube.com/watch?v=wmCE_CkV58I

The transcript provides:

What is privacy?

In Australia, personal information is protected by the Commonwealth Privacy Act. Personal information is information that could identify you, like your name or a photo. Read the rest of this entry »

In the new world of privacy regulation and enforcement in Australia the issue of cyber security, or APP 11 under the Privacy Act 1988 goes further than maintaining adequate firewalls, passwords and anti virus software.  How data is stored, how personal information is secured behind the outer defences of an organisations internet interface can be as important as those defences themselves.  The law of averages suggests that at some stage an organisation which is a tempting target to cyber criminals will find its defences breached by either a hack or social engineering.  The issue then is whether data is encrypted, whether personal information is stored in such a way as to be difficult to match by an opportunistic thief and whether there are systems in place to detect unauthorised access.  In many organisations those issues are rarely considered let alone properly implemented. In Australia there is no mandatory data breach notification regime. That assists organisations in avoiding making potentially embarrassing disclosures and gives a false sense of the problem with data security that, if overseas experience is any judge, is quite significant.  It also contributes to a laxity by organisations in properly protecting themselves and, more particularly, the personal information of clients they hold. Read the rest of this entry »

Ad hocracy is the watch word when it comes to regulation of drones.  The LA Time story LAPD seeks to limit civilian drone flights over police stations bears this out.  An operator guides a drone over a police station, takes videos of police cars coming and going, posts what must be interminably boring footage on you tube.  Not surprisingly the Read the rest of this entry »

The roll out of the multi path TCP highlights the dilema with new technology, benefits of a new and far more effective means of keeping internet sessions operating but security and privacy weaknesses.  According to Multipath TCP Introduces Security Blind Spot there are real dangers of TCP outpacing security programs and protocols.  That poses significant problems for organisations using TCP and those purporting to providing security for organisers.

The article provides:

If multipath TCP is the next big thing to bring resilience and efficiency to networking, then there are some serious security issues to address before it goes mainstream.

MPTCP is an extension to the Internet’s primary communication protocol. It allows a TCP session to move over multiple connections and network providers to the same destination. Should one drop, the session seamlessly moves to its second, backup connection, keeping phone calls or Internet sessions alive. Read the rest of this entry »

Many organisations believe that good data security begins and ends with the firewall and anti maleware software.  A rather brittle defence.  The reality is that data breaches come from a range of sources.  Hacking through digital defences is but one way.  Social engineering and phishing especially is a common means of entreport.  Organisations need to have protections within their systems to deal with those who have breached their outer security infrastructure.  One effective means of thwarting a hacker is encrypting personal information. It is both practical and affordable to do it.  But very few organisations bother as Read the rest of this entry »

That malware can find its way into a computer via a USB stick is not news.  Anti virus scans and reformatting can and do address these problems.  A more significant problem has been highlighted by Wired in Why the Security of USB Is Fundamentally Broken regarding malware being inplanted in the firmware of USB sticks which can remain hidden. That is a real concern both for those designing anti virus defences including programs but for organisations who have responsibility to maintain data security.  Some organisations have very strict controls on the use of USB sticks and other portable devices, with some removing USB ports on most computers or restricting access to their use.  But many organisations don’t have adequate policies on the use of portable devices and put their faith in anti virus software programs. The question now is Read the rest of this entry »

The UK Information Commissioner has issued a guide Safer smartphones – a guide to keeping your device secure.

The main tips are Read the rest of this entry »

It would seem that the FAA is on a collision course with academia over the use of drones, specifically journalistic drones.  The Chronicle of Higher Education in  Feds’ Drone Regs Draw Profs’ Fire reports on 30 professors doing what they do best, write stiff letters of protest, against the FAA’s decision to ground the use of drones for Read the rest of this entry »

Privacy protection in the USA is fragmented and sectoral.  There is no one overarching data protection/privacy regulation Act.  Where there is protection it tends to be quite strong, such as in the health and finance sector.  Its just that there are many gaps.  Including for students.  That may be changing soon.

Senators Senators Markey and Hatch have introduced a new student privacy bill, the Protecting Student Privacy Act.  The press release provides:

Focuses on need to protect students, provide tools to parents when information is shared with third parties

Washington (July 30, 2014) – Senators Edward J. Markey (D-Mass.) and Orrin Hatch (R-Utah) today introduced the “Protecting Student Privacy Act”, legislation that would help safeguard the educational records of students. The PreK-12 educational software and digital content market currently is worth $7.9 billion, with nearly all school districts relying on cloud services for a diverse range of functions that include data collection and analysis related to student performance and data hosting. However, one survey found only 25 percent of districts inform parents of their use of cloud services and 20 percent of districts fail to have policies governing the use of online services. Recent changes to the Family Educational Rights and Privacy Act (FERPA) have allowed for this increased sharing and use of student data in the private sector. The new legislation from Senators Markey and Hatch takes steps to ensure that students are better protected in an interconnected world. The legislation is co-sponsored by Senators Mark Kirk (R-Ill.) and John Walsh (D-Mont.).

“With the business of storing and sifting through records of students growing as fast as students are, Congress must act to ensure that safeguards are in place for data that is shared with outside companies,” said Senator Markey, a member of the Commerce, Science and Transportation Committee. “This legislation ensures the parents, not private companies, control personal information about their children and that it won’t be sold as a product on the open market. I thank Senator Hatch for his bipartisanship and attention to this issue, and I look forward working with all of my colleagues to pass this important legislation.”  Read the rest of this entry »