Category Archives: Privacy

Australian Notifiable Data Breach Scheme, Explained

Australian Notifiable Data Breach Scheme, Explained

A third time is a charm, in life and in data breach notifications laws. On February 13, 2017, the Australian government, in its third attempt, passed the Notifiable Data Breaches scheme, which finally came into effect on February 22nd of this year. While we all have a conceptual idea of what a data breach notification means, but when it comes to required action, we have to look at the nitty gritty details. Let’s start with…

Social Media Security: How Safe is Your Information?

Comparing social media privacy

In 2012 a massive cyber attack by a hacker named “Peace” exploited over 117 million LinkedIn users’ passwords. After the dust settled from the initial attack, new protocols were put in place and the breach was all but forgotten in the public eye, the same hacker reared their head again. Nearly five years later, “Peace” began releasing the stolen password information of the same LinkedIn users from the earlier hack. With millions of users’ data…

What is the CIA Triad?

What is the CIA Triad?

The CIA Triad is a security model that highlights core data security objectives and serves as a guide for organizations to keep their sensitive data protected from unauthorized access and data exfiltration. Despite the name, the CIA Triad is not connected with the Central Intelligence Agency – but is an acronym for: Confidentiality ensures that information is accessible only by authorized individuals; Integrity ensures that information is reliable; and Availability ensures that data is available and…

[Podcast] Dr. Zinaida Benenson and Secondary Defenses

[Podcast] Dr. Zinaida Benenson and Secondary Defenses

Dr. Zinaida Benenson is a researcher at the University of Erlangen-Nuremberg, where she heads the “Human Factors in Security and Privacy” group. She and her colleagues conducted a fascinating study into our spam clicking habits. Those of you who attended Black Hat last year may have heard her presentation on How to Make People Click on a Dangerous Link Despite their Security Awareness. In the second part of our interview, Benenson tells us that phishing…

[Podcast] Adam Tanner on the Dark Market in Medical Data, Transcript

[Podcast] Adam Tanner on the Dark Market in Medical Data, Transcript

Adam Tanner, author of Our Bodies, Our Data, has shed light on the dark market in medical data. In my interview with Adam, I learned that our medical records, principally drug transactions, are sold to medical data brokers who then resell this information to drug companies. How can this be legal under HIPAA without patient consent? Adam explains that if the data is anonymized then it no longer falls under HIPAA’s rules. However, the prescribing…

[Podcast] Adam Tanner on the Dark Market in Medical Data, Part II

[Podcast] Adam Tanner on the Dark Market in Medical Data, Part II

More Adam Tanner! In this second part of my interview with the author of Our Bodies, Our Data, we start exploring the implications of having massive amounts of online medical  data. There’s much to worry about. With hackers already good at stealing health insurance records, is it only a matter of time before they get into the databases of the drug prescription data brokers? My data privacy paranoia about all this came out in full…

[Podcast] Adam Tanner on the Dark Market in Medical Data, Part I

[Podcast] Adam Tanner on the Dark Market in Medical Data, Part I

In our writing about HIPAA and medical data, we’ve also covered a few of the gray areas of medical privacy, including  wearables, Facebook, and hospital discharge records. I thought both Cindy and I knew all the loopholes. And then I talked to writer Adam Tanner about his new book Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records. In the first part of my interview with Tanner, I learned how pharmacies sell our prescription drug…

[Podcast] More Dr. Ann Cavoukian: GDPR and Access Control

[Podcast] More Dr. Ann Cavoukian: GDPR and Access Control

We continue our discussion with Dr. Ann Cavoukian. She is currently Executive Director of Ryerson University’s Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design (PbD). In this segment, Cavoukian tells us that once you’ve involved your customers in the decision making process, “You won’t believe the buy-in you will get under those conditions because then you’ve established trust and that you’re serious about their privacy.” We also…

[Podcast] Dr. Ann Cavoukian on Privacy By Design

[Podcast] Dr. Ann Cavoukian on Privacy By Design

I recently had the chance to speak with former Ontario Information and Privacy Commissioner Dr. Ann Cavoukian about big data and privacy. Dr. Cavoukian is currently Executive Director of Ryerson University’s Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design (PbD). What’s more, she came up with PbD language that made its way into the GDPR, which will go into effect in 2018. First developed in the 1990s,…

[Podcast] Data Privacy Attorney Sheila FitzPatrick on GDPR

[Podcast] Data Privacy Attorney Sheila FitzPatrick on GDPR

We had a unique opportunity in talking with data privacy attorney Sheila FitzPatrick. She lives and breathes data security and is a recognized expert on EU and other international data protection laws. FitzPatrick has direct experience in representing companies in front of EU data protection authorities (DPAs). She also sits on various governmental data privacy advisory boards. During this first part of the interview with her, we focused on the new General Data Protection Regulation…

Are Wikileaks and ransomware the precursors to mass extortion?

Are Wikileaks and ransomware the precursors to mass extortion?

Despite Julian Assange’s promise not to let Wikileaks’ “radical transparency” hurt innocent people, an investigation found that the whistleblowing site has published hundreds of sensitive records belonging to ordinary citizens, including medical files of rape victims and sick children. The idea of having all your secrets exposed, as an individual or a business, can be terrifying. Whether you agree with Wikileaks or not, the world will be a very different place when nothing is safe.…