Watch out for leaks

(Image is in the Public Domain)

According to an Associate Press article, it's quite common for employees to snoop through customers' personal data.

Vast computer databases give curious employees the ability to look up sensitive information on people with the click of a mouse. The WE Energies database includes credit and banking information, payment histories, Social Security numbers, addresses, phone numbers, and energy usage. In some cases, it even includes income and medical information. Experts say some companies do little to stop such abuses even though they could lead to identity theft, stalking and other privacy invasions. And companies that uncover violations can keep them quiet because in many cases it is not illegal to snoop, only to use the data for crimes.

But of course, if they didn't store all that necessary data, this would be far less of an issue.

(Image is in the Public Domain)

Data breaches are common, but shouldn't be. They could easily stem the flow by putting better security in place, taking personal data offline, stop sending employees home with laptops that have personal data on them, and, above all stop storing our data once you no longer have need of it (you can't lose my credit card number if you don't have it).

Anyway, class action suits don't often work so one man decided to take a company to small claims court instead (and won!). A $700 settlement might not seem like much, but as he says:

...it was likely more than most consumers who filed class-action lawsuits ever received (after attorney fees are paid) and it would be received much more quickly.

(Image is in the Public Domain)

Another data breach, blah, blah, blah. Remember to freeze your credit and never have to worry about this stuff again.

(Image used under: Creative Commons 2.0 [SRC])

Embarrassed that they got caught, Facebook is now offering a worthless Opt-out policy that will help only the users who know about the problem and manage to find out about the policy and then take the trouble to do it.

AT&T

(Image used under: Creative Commons 2.0 [SRC])

AT&T is a company who needs to be watched having been recently discovered that they built a custom algorithm to: "crunch through tens of millions of long distance phone records a night to draw up what AT&T calls "communities of interest" — i.e., calling circles that show who is talking to whom".

(Image used under: Creative Commons 2.0 [SRC][Mod])

If you've been following this breach, the key problem here is two part:

1) TJX is the parent company of several other companies including TJ Maxx. Each of those companies shared data with TJX creating a massive database (and a single target for the hackers).

2) TJX (and others) shouldn't have stored the credit card data in the first place and when they did, they should have used better security.

Though they'll blame "clever hackers" for the breach, the fault instead lies squarely with TJX who's business practice of storing credit cards against people's will along with negligent use of outdated wireless encryption (WEP) first created a giant target and then then left a gaping hole for the bad guys to be able to go and get it.

Data brokering needs to be curbed, and fast.

(Image used under: Creative Commons 3.0 [SRC][Mod])

According to Computer World, we could be getting some strong privacy protections similar to what the European Union has now.

From the EU's privacy directive:

Only the minimum personal data needed should be collected, and it should be retained for the minimum time necessary. ... The subject has the right to know whom is keeping and accessing their personal data, and the right to examine the data and to have the data removed or changed.

Those would go a long way towards ending data brokering issues.

Golly. I wonder if posting private information online could be a problem

(Image used under: Creative Commons 2.0 [SRC])

This lady found Social Security Numbers on a state website. She's threatened to publicly release detailed instructions on how to find them like she did and to expose the SSNs of several important people in the state if they don't fix the problem.

A spokesman for the office responsible said:

The bulk of the "hundreds of thousands" of documents on the Web site are business filings, and only 5 percent or so are believed to include Social Security numbers

Why can't states realize that putting records online makes them available to the world instead of just local people? There's public information and global public information.

That aside, this lady is my hero and I hope she does post the data. I've often wondered how long it would take to solve some of our privacy woes if a few dozen members of congress had all their personal data posted on a website.

Tech isn't good or bad.

(Image is in the Public Domain)

I found this news on Slashdot today. Basically, a university professor used a powerful free tool that lets him browse the Internet completely anonymously (Tor). Because the utility bypasses university security, they came to him and demanded he stop using it.

From his own description of the event, I found this especially nice, condensed description of why someone would want to use Tor:

Tor can also be useful in e-commerce. For example, Amazon.com knows more about my shopping habits and tastes than my wife does. I appreciate Amazon's ability to make recommendations based on my previous purchases. But in 2000, Amazon admitted experimenting with so-called dynamic pricing, charging different people different prices for the same MP3 player; the prices were presumably based on estimates of what each user would be willing to pay, considering prior purchases. Online merchants could all do that, thanks to traffic analysis. They know who I am when I log on — unless I delete their cookies or use Tor.

Better late than never...">

Many

(Image is in the Public Domain)

Not a bad start at all. Granted, I think we should be able to block data brokers from having our information, but we have to begin somewhere.

(article found at Slashdot.)