Welcome to the SecAware blog

I spy with my beady eye ...

11 Oct 2006

Litany of privacy breach incidents

In similar fashion to the chronology of privacy breaches maintained by the Privacy Rights Clearinghouse, a table of privacy breaches in 2006 tells several stories. For a start, it's already 19 pages long after three quarters of a year. Secondly, the breaches reflect a variety of security threats (e.g. accidental disclosure, hacks, Trojans, theft of equipment/media from offices/homes/cars or in transit), vulnerabilities (e.g. no encryption, inadequate logical or physical access controls, careless disposal of information) and impacts (e.g. public disclosure of the breaches, thefts, around 50 million victims' personal details compromised/exposed to fraud) at all sorts of organization. Thirdly, virtually all of the incidents have had to be publicly disclosed under California State Bill 1386 (presumably a similar level of privacy incidents occur elsewhere outside the remit of SB1386). Finally, the authors of the table have identified the ISO 27001 controls that appear to have been missing or inadequate in each case (sections 7 through 11 feature prominently).
More incident management and privacy links

No comments:

Post a Comment