Privacy and technology

From ‘Data breach notifications’:

“During 2011 my Office received 1167 data security breach notifications from 186 different organisations. This is a 300% increase in the numbers reported on in 2010 when we received 410 notifications. In 2009, before the introduction of the Code of Practice, the number of breach reports received by my Office was 119. As I stated in my Annual Report in 2010, I do not see this as an actual increase in the number of breaches occurring, rather a raised awareness of the need to notify my Office of a data security breach. […] 75% of reported breaches related to errors in postal mailing […]. In most cases, the breaches involved either multiple letters in the same envelope or a page relating to another individual incorrectly attached to a letter. These data security breaches are usually explained by human error. This shows that a large number of data security breaches could be prevented by simply taking a moment to examine documents prior to posting.”

(Source: privacylives.com)

From the executive summary:

“Negligent insiders and malicious attacks are the main causes of data breach. Thirtynine percent of organizations say that negligence was the root cause of the data breaches. For the first time, malicious or criminal attacks account for more than a third of the total breaches reported in this study. Since 2007, they also have been the most costly breaches. Accordingly, organizations need to focus on processes, policies and technologies that address threats from the malicious insider or hacker.”

(Source: insideprivacy.com)

Abstract:

“In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits from 2000 to 2010. We use binary outcome regressions to investigate two research questions: Which data breaches are being litigated in federal court? Which data breach lawsuits are settling? Our results suggest that the odds of a firm being sued in federal court are 3.5 times greater when individuals suffer financial harm, but over 6 times lower when the firm provides free credit monitoring following the breach. We also find that defendants settle 30% more often when plaintiffs allege financial loss from a data breach, or when faced with a certified class action suit. While the compromise of financial information appears to lead to more federal litigation, it does not seem to increase a plaintiff’s chance of a settlement. Instead, compromise of medical information is more strongly correlated with settlement. “

(Source: concurringopinions.com)

Uit ‘Doel van de regeling’:

“Met deze regeling wil Staatssecretaris Teeven […] bereiken dat bedrijven en overheid aan het College bescherming persoonsgegevens gaan melden dat zij zijn geconfronteerd met een lek in de beveiliging van hun geautomatiseerde verwerking van persoonsgegevens. Die melding moet alleen worden gedaan als aannemelijk is dat persoonsgegevens als gevolg van dat lek zijn blootgesteld aan een aanmerkelijke kans op verlies of onrechtmatige verwerking. “

(Source: bof.nl)

From the ‘Main findings’:

“We received at least partial responses to our Freedom of Information Act request from 350 Trusts, indicating that there have been no fewer than 806 breaches of data protection policy at 152 NHS Trusts in the UK. This is an average of just over 268 cases per year, significantly higher than the total number of breaches reported by the Information Commissioners Office. From these incidents, we have seen that the frequency, scale and scope of these breaches in data protection are of great concern. This report highlights how frequent breaches of data protection take place and the severity of the incidents disclosed, and the lack of public awareness about many of the breaches.”

(Source: out-law.com)