When I was sixteen, the rule was that I could not drive a car until I knew how to change a tire. My dad always reminded me that it is dangerous just to drive, but not knowing how you plan to fix a flat could cause you a lot of unnecessary stress. Uber Technologies, the popular transportation app, is currently learning that while driving on the information super highway, companies should likewise know how they plan to address a data breach.
Uber disclosed on Friday, February 27, 2015 that it suffered a data breach nine months earlier on May 13, 2014 affecting approximately 50,000 of its current and former drivers. Many are criticizing Uber because although it discovered the breach on September 17, 2014, Uber waited 163 days to inform drivers whose identities and personal information are at risk. In other words, over five months passed before any of these drivers learned that their names and drivers licenses may be available to identity thieves.
March 24, 2015
Last week, indeed Friday the 13th, President Obama convened a “Cyber Summit” of business, technology and government leaders to address mounting digital security concerns. While data breaches, hackers and national security interests were top-of-mind for the White House and many in attendance at the Stanford University conclave, Apple CEO Tim Cook took the occasion to reinforce his view (and Apple’s) that security at the expense of privacy is an unacceptable tradeoff: “So much of our information now is digital: photos, medical information, financial transactions, our most private conversations. It comes with great benefits; it makes our lives better, easier and healthier.” Cook further stated, importantly:
“People have trusted us [Apple, and other tech giants, presumably] with their most personal and private information and we must give them the best technology we can to secure it. . . . Sacrificing our right to privacy can have dire consequences. We live in a world where people are not treated equally. There are people who don’t feel free to practice their religion, express their opinion, to love who they choose.”
February 20, 2015
I’ve been working in privacy for about 12 years now, and it truly is a profession where nothing can really surprise you. You would think in 2015, in the throws of the greatest information privacy and security storms we have seen in years (Sony, Snowden, Target, celebrity hacks, etc.) that companies have worked to get their information privacy and security plans together, to include a data governance program that keeps up with changes to state and federal law. Of course, if new legislation comes out or if one state implements a law with some uncertainty as to its impact or enforceability, a company would not be wise to jump and rearrange it programs prematurely. But when a law has been on the books for years, even the biggest ships can make the turn. Yet, there is news that another company is being sued for one of the lowest of lowly hanging fruits in data protection: printing credit card numbers on consumer receipts. Seriously? This is still a thing?
February 3, 2015