Blog Posts: Data Privacy & Security
Identity theft was the most common crime reported to the Federal Trade Commission last year, comprising 18% of all complaints. Among those who routinely gather large quantities of personal information are all levels of governmental authorities. Unfortunately, government agencies face the same security threats as private businesses, as proven by a string of significant government data breaches in recent years:
Cloud computing and the proliferation of online courses are effecting profound changes in the way we learn. These changes, in turn, have significant implications for ongoing compliance with FERPA (the Family Educational Rights and Privacy Act), which generally prohibits schools from disclosing students’ personally identifiable information (PII) without proper consent.
FERPA (The Family Educational Rights and Privacy Act) is a federal law that is intended to protect the privacy of student education records. The law applies to all schools that receive funds from an applicable program of the U.S. Department of Education. One of its key provisions requires that schools have written permission from the parent or eligible student in order to release any information from the student's education record.
The term “big data” refers to sets of information so large that they are difficult to process using traditional database techniques. The healthcare industry has recently started using big data to solve many issues affecting patient care. Big data is able to increase the quality of healthcare — while simultaneously lowering the cost — by revealing certain patterns and trends that would otherwise be unavailable to healthcare providers.
According to a recent study published by the Ponemon Institute, combating insider fraud and the growing threat it poses to intellectual property and corporate security should be a higher priority for employers. "Insider fraud" includes malicious or criminal attacks on business or governmental organizations — by employees and contractors — that result in the theft of financial or information assets. Even employees' casual misuse or mishandling of data may have severe consequences for companies.
Earlier this month, several resident deans at Harvard University expressed concern over the University’s search of their e-mail accounts in connection with a cheating-scandal investigation. In response, Harvard University officials defended the searches as necessary to protect student rights to privacy and due process in the proceedings.
A United States security firm, Mandiant Corp., recently released a report linking China’s military to a hacking ring that stole massive amounts of information from roughly 141 U.S. and foreign entities, including military contractors, government agencies, law firms and corporations. Mandiant traced the attacks to a building in Shanghai run by a Chinese military unit, but China has vehemently denied the report’s findings.
Technology increases efficiency and productivity by allowing instant access and transfer of electronic data. And yet, unlike its physical counterpart, electronic data is vulnerable to attack from anywhere in the world. As the use of social media, cloud computing and mobile-device technology increases, so does the level of related security threats. Consequently, businesses are constantly threatened with cybercrime, privacy breaches, theft of intellectual property and business interruption, all of which compromise competitiveness and productivity.
Recent cases of corporate fraud highlight the need for employers to train their employees in fraud detection.
In today’s work environment, organizations face three types of data-security risks: internal, external and human error. According to a recent study by Rapid7, a security intelligence company, human error is the most common cause of data breaches. From January 2009 to May 2012, organizations reported a total of 268 data breaches, which affected approximately 94 million people. Negligence and clerical errors were responsible for 78 of the incidents, and loss of data storage devices resulted in another 51 incidents. Surprisingly, hacking was the least frequent cause of data breaches, contributing to only 15% of the reported incidents.