Language Selection

English French German Italian Portuguese Spanish

Burden is on us to protect our data

Filed under
Security

If you had to guess, how many companies would you say have enough of your personal data stored in various databases to make even a rookie crook ready for prime-time conning?

Ten, perhaps? What about 50, 100 or 1,000?

You probably don't know the answer, and that is exactly the problem.

In the past six months, the personal data of millions of consumers have been lost, stolen or sold to identity thieves. The most recent case involved a financial unit of Citigroup Inc. CitiFinancial, which provides a wide variety of consumer loan products, disclosed that personal information (Social Security numbers, loan account data and addresses) of 3.9 million of its customers was lost by UPS in transit to a credit bureau. So far CitiFinancial said it had no reason to believe that the information has been used inappropriately.

So far.

Every time we hear of one of these cases, the companies involved tell their customers not to worry. Trust us, they say. They pledge to enhance their security procedures.

The promises don't make me feel any safer about my personal data. How about you?

It's time for the federal government and the states to step in and make sure the companies fulfill those promises.

There have been some efforts to protect people's financial information. On June 1, a new federal rule took effect that requires businesses and individuals to destroy sensitive information derived from consumer credit reports.

I was initially encouraged when I heard about this rule. It seems to cover all the bases -- individuals, and both large and small organizations that use consumer reports, including consumer reporting companies, lenders, insurers, employers, landlords, government agencies, mortgage brokers, car dealers, attorneys, private investigators, debt collectors and people who pull consumer reports on prospective home employees, such as nannies or contractors.

There's just one little problem with this "Disposal Rule." There is no standard for how the documents have to be destroyed. Here's the direction the Federal Trade Commission is giving to businesses and individuals: "The proper disposal of information derived from a consumer report is flexible and allows the organizations and individuals covered by the rule to determine what measures are reasonable based on the sensitivity of the information, the costs and benefits of different disposal methods, and changes in technology."

How strong is a standard if it has no standard? Basically, those who have our information get to decide how and when it is to be destroyed.

"The burden is completely on the consumer to protect what is important," said Evan Hendricks, editor and publisher of the newsletter, Privacy Times.

Full Article.

More in Tux Machines

Leftovers: OSS

  • Why Open-Source Pros Are in Great Demand
    The majority of hiring managers predict that the demand for open-source IT professionals will rise more than other recruitment-based areas of interest over the next six months, according to a recent survey from the Linux Foundation and Dice. The resulting report, "Moving Toward Professionalization: Rising Need for Open-Source Skills in 2016," indicates that these managers struggle to fill open-source positions, especially when trying to find candidates with needed cloud, networking and/or security experience. Meanwhile, when considering an offer, open-source professionals said they're most interested in working on appealing projects with cutting-edge technology challenges. Money and perks are of secondary interest, even though, given the hot market, many open-source specialists are able to negotiate a great compensation package. According to the report, "In the last decade, open-source development has experienced a massive shift: Once a mostly community and volunteer-based concern, the model has since become a mainstay of the IT industry. Flexibility in accommodating new technologies and speed at adapting to a changing market have made open source vital to modern companies, which are now investing zealously in open source and open-source talent. More and better code is the way forward, and the skilled professionals who can make it happen are highly in demand." More than 400 hiring managers and 4,500 open-source professionals took part in the research.
  • Open Source Realm Mobile Database Hits Version 1.0
    Citing advantages over the SQLite and Core Data databases commonly used in iOS and Android apps, Realm today launched version 1.0 of its namesake "mobile-first database."
  • Realm has hit the version 1.0 milestone, and now reaches over 1 billion users
    As mobile databases go, Realm was already a fan favorite. Now we get an idea of just how popular it really is, as the company notes it now reaches one billion iOS and Android users via 100,000 active developers.
  • Rackspace Adopts OX's Dovecot Pro Open Source IMAP Email Platform
    Dovecot, the open source email platform from Open-Xchange, received a significant endorsement this week from Rackspace, which announced that it will use the company's Dovecot Pro product for email hosting.
  • An Apparent Exodus Continues At OwnCloud
    This week we've now seen the announcements by Jos Poortvliet, Lukas Reschke, Björn Schießle, and Arthur Schiwon are among those leaving ownCloud Inc. Each of their blog posts confirm they are leaving but don't shed much light on the underlying situation at the company.
  • Upcoming governance workshop for the European Catalogue of ICT Standards for Public Procurement
    On the 15th June, 2016, DG Connect and DG Growth wil be co-hosting an interactive workshop for the European Catalogue of ICT Standards for Public Procurement. This catalogue of standards is being developed to assist public procurers implement interoperable ICT solutions across Member States, as well as reducing incidence of vender lock-in, and ultimately to assist in the continued development of the Digital Single Market.
  • American schools are teaching our kids how to code all wrong
    To truly impact an children’s cognitive development, and prepare them for future computing jobs that may not even exist yet, we must move beyond pop computing. I strongly believe that learning computing should become mandatory in all schools, and should be viewed in the same context as reading and writing. Students must be challenged and encouraged to think differently in each grade level, subject matter, and read/write various computing projects every day in their academic life. With this mindset and approach we’ll help this generation of students fill those one million jobs, all of which require so much more than dragging and clicking.
  • Google Inbox Notifications
    I made a Firefox addon that brings that functionality to Google Inbox. It gives you a notification when new mail arrives and updates the pages title with the unread mail count. You can get it here!
  • Upcoming Webinar on Getting Linux Certified - Tips, Tactics, and Practical Advice

Security Leftovers

  • Security updates for Thursday
  • Paul Vixie on IPv6 NAT, IPv6 security and Internet of Things
    Internet pioneer Paul Vixie spoke with SearchSecurity about IPv6 NAT, IPv6 and the Internet of Things, and the long, thankless path to deploying IPv6.
  • PHP 7.0.7 Released Fixing 28 Bugs
    As is the case with a .xy update, this is mostly a bug fix update, with at least 28 different issues being fixed in an effort to make PHP 7.x more stable. Though the PHP project hasn't identified any specific security vulnerabilities that are fixed in the update, I see at least one with bug #72162.
  • Skimmers Found at Walmart: A Closer Look
    Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals.

Android Leftovers

Leftovers: BSD

  • Faces of FreeBSD 2016: Michael Lucas
    Back by popular demand, we’re again sharing a story from someone involved in FreeBSD with our Faces of FreeBSD series. It may be a story from someone who’s received funding from us to work on development projects, run conferences, travel to conferences, or advocate for FreeBSD. Or, it may be from someone who gives back to FreeBSD financially or in another way. Regardless, it is always from someone who is making a positive difference in the FreeBSD world.
  • pfSense 2.3.1 FreeBSD Firewall Update Patches Web GUI Security Issue, Seven Bugs
    Released a week ago as the first maintenance build in the 2.3 stable series, pfSense 2.3.1 received its first update, bringing a patch for a major security issue in the Web GUI, as well as seven other bug fixes. pfSense 2.3.1 was a major point release of the FreeBSD-based network firewall distribution that introduced over 100 changes, but pfSense 2.3 brought a new pkg system that lets the project's maintainers update only individual parts of the system.