The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Leave a comment

FTC issues consent orders in TJX, Lexis-Nexis cases

Retailer TJX and data brokers Reed Elsevier/Seisint have both agreed to consent orders with the FTC for their individual data breach cases. While no fines were levied in either case, both companies are required to build and audit comprehensive data security programs.

Leave a comment

Hannaford’s malware update

In a letter to Massachusetts regulators, Hannaford identified malware installed on servers at each of their stores as the culprit in their massive data breach (CNET reports). The malware intercepted credit card information at the point of sale (a first in security breach annals, where most have resulted from hacks into databases) and sent it to fraudsters overseas.

Leave a comment

Canadian University Faculty Decline to Use Google In Fear of Patriot Act

This Canadian news story relates objections by faculty at a Canadian university to the use of Google services, because of fear of surveillance by the U.S. government, under the Patriot Act.

Leave a comment

Anonymous Blogging Banned by Cisco

As related on the Patently-O blog, Cisco is being sued for comments made anonymously on a blog by a Cisco employee who was criticizing "patent trolls." Not just any Cisco employee, it was their IP Director. Cisco has now decided to prohibit anonymous blogging by employees on issues related to their employment.


Leave a comment

CDT issues compendium of “sensitive data” categories for BT

Just in time to hash over at the privacy or consumer protection conference of your choice, the CDT has issued a document outlining what it suggests a compendium of proposed approaches for determining what should be classified as "sensitive data" for the FTC’s proposed self-regulatory guidelines for behavioral targeting.

The document gathers together relevant definitions and their contexts from an array of privacy-related laws, guidelines and policy proposals, including HIPAA, COPPA and the EU directive. The CDT’s own proposal to the FTC town hall meeting last year comes first, with it’s controversial definition of PII (including both IP address and profiling data unconnected to any additional identifiers).

Leave a comment

Hannaford Hit With 4 Class Actions in Days Following Breach Announcement

Since the supermarket chain’s public announcement last week that its network was breached compromising the security of 4.2M payment cards, Hannaford Bros. Co. has been sued in four different consumer class action law suits.  The suits allege negligence, breach of implied contract to safeguard customer payment card information, and violation of state unfair trade practices laws.  The suits also allege that Hannaford failed to notify customers of the breach in a timely fashion. 

Leave a comment

Medical Identity Theft Is Nothing To Sneeze At

According to the World Privacy Forum, medical identity theft is on the rise, and the problem will only get worse before it gets better.  This article from msnbc illustrates the issue and how it can impact individuals in a worse way than financial identity theft.