Verified Identity Pass (Clear), a firm that specializes in keeping fliers sensitive personal information secure, doesn't encrypt data and had a laptop stolen. Do you think your sensitive health information is any safer in the healthcare system? ….Remember the stolen NIH laptop that had unencrypted data? What about your local hospital? Will your local hospital do a better job than UCLA Medical Center in keeping snoops out of your records?
Here's what Verified Identity Pass says about security and privacy. They had an audit by Ernst and Young, but apparently it didn’t mean much:
Clear's Commitment to Privacy
"Since our founding in 2003, we have been committed to the privacy and security rights of our members. We have created an exhaustive privacy and data security program and we will always clearly communicate any changes to that program with members.
We are committed to the transparency of our privacy practices and that's why we have instituted open, independent checks on our privacy promises, including an independent and public security and privacy audit, the appointment of an independent privacy ombudsman, and an unprecedented Clear Identity Theft Warranty.
In June, 2007, Ernst & Young LLP concluded a comprehensive, independent audit of our privacy policies and practices. This was the first ever independent privacy audit conducted for a national registered traveler program."
View Full Article
Wednesday, August 6, 2008
Equipment losses still plague VA: GAO report -- by Joseph Conn
This is powerful story because the expert quoted points out that most organizations do not bother to account for lost or stolen equipment that costs less than $2,000. That means laptops and PDAs. Worse---these organizations have NO IDEA whose data was even on the mobile devices, so they cannot notify anyone! Makes you feel REALLY safe.
This should be highly relevant to Congress--as it drafts requirements for encrypting data and breach notification.
View Full Article
This should be highly relevant to Congress--as it drafts requirements for encrypting data and breach notification.
View Full Article
Labels:
data breach,
GAO,
government,
VA,
violation
Subscribe to:
Posts (Atom)