Id Theft Alerts

October 15, 2009
The Key to the Privacy Castle

The beginning of the month brought news a phishing attack against two of the largest email providers, hotmail and gmail.  Many people don't grasp how important to keep your email secure.  They think the only real threat is someone reading emails from their Aunt Martha.

Email is really the key to your privacy castle.  If someone has access to it they can quickly gain access to all of your online accounts.  This is done using the password reset function of most websites.  Take for example your bank; once they have your email they simply click on the "reset password" button.  The new password is sent to the email account where the thief already has control. 

Make sure you have a very secure password on your email.  Pay attention if it seems there is strange activity or if passwords seem to change without your knowledge.
Tracking You Through the Toll Booth

Many people have an E-ZPass on their car to speed their way through toll booths.  But what most motorists don't think about is how pervasive this one company is.  They have contracts with many transit authorities across the country.

But it is not only toll roads that use the system.  It is easy to set up a system to grab the transponder data when cars pass by.  In California they track cars both on and off toll roads for traffic studies.  They now have the ability to track your everyday movements. 

The data has already been used in court cases.  To this point it is unclear how the company uses the information but it is reasonable to believe that if they can sell it they will. [full story]
DID HHS Neuter Data Breach Notification?

Many privacy advocates are angry with HHS for an interim final rule on the data breach notification in HIPAA.  (Yes, only the government could give you and interim final rule.)  The original law requires any HIPAA covered entity to publicly disclose if private information was breached.

The interim final rule introduces a "harm threshold."  An entity can now do a review of the breach and must only disclose it publicly if they determine the breach will cause financial or reputational harm to those whose data was compromised.

While the rule does introduce the possibility of companies failing to disclose important breaches it is silly to report every single breach.  We have long proposed that each breach is different.  Losing an encrypted disk is not the same as hackers accessing a system.  Too many breach notifications lead people to ignore the truly important ones.
Moving to electronic records?  Don't forget to redact your documents before posting them online.
Quick Links

Stay Alert Join Our Mailing List