Logo
Rebecca Herold
 
The Privacy
Professor's
Tip of the Month 
It's a scary thought, but it's true:
 Breaches don't always involve hackers...
or "criminals" of any sort.
 

Locked disc

 

Mistakes happen. Some, more costly than others. Here are a few examples: 

Last year a young woman sitting next to me in the airport was on the phone telling someone her boyfriend's and her own Social Security numbers, birthdates, addresses, birth cities and phone numbers. I, and everyone within earshot, could have taken that information and used it for many different types of criminal activities! 

A defective hard drive owned by the U.S. Military Veterans organization was recently sent to its vendor for repair and recycling without first removing the data. The vendor actually RE-SOLD that hard drive to another organization, who in turn, sold it to yet another organization! The hard drive contained the personal information of 76 million veterans, including Social Security numbers and service numbers!

In December, a USB storage drive containing the personal health information of close to 85,000 people who received flu shots from October through December in the Durham, Ontario, Canada area was lost by one of the healthcare workers. The data was not encrypted!

 
  An employee at Colorado Tech University mistakenly sent an email to the wrong email addresses and exposed the names, phone numbers, email addresses, Social Security numbers and class schedules of 1,200 students!
 

 Last month, the Associated Press reported that a fax containing the personal information and credit card numbers of over 100 contributors to a conservative website showed up at a Democratic lawmaker's office!

DID YOU KNOW...
 
I've recently been named the privacy subject matter expert for SAI Global. 

For more on this exciting news, click here. 

 
 

THE PRIVACY PROFESSOR'S TIP OF THE MONTH

 

This month, my tip is actually six pointers you can apply today to help keep "mistakes" to a minimum.

1. Be wary of posting personal information on so-called "private" Internet social media sites. You can never truly gauge who's watching, or who is copying and reposting it, possibly to a location you do not want or in ways that could be damaging.

2. You might encrypt sensitive data on your computer, but be sure to do so on your portable storage devices, such as USB drives and DVDs, as well.

3. When doing business online, over the phone, or in person, don't give organizations any more personal information than they really need to complete the transaction.

4. Ensure that you aware of - and follow - your organization's guidelines to ensure information privacy. Be an advocate; encourage compliance to applicable laws, regulations and smart business practices.

5. Keep your portable electronic devices within visible control at all times when in public places - because of their size and nature, they have a way of running off quickly and easily.

6. Don't discuss private information in public locations, such as elevators, airports or restaurants. You can never know what strangers standing or sitting next to you will do with the personal information they hear.
 

Thanks for reading,
Rebecca Herold,

The Privacy Professor 

 
To view October's tip, click here.
 
To view September's tip, click here.
 
Content provided by: 
Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564, Business: 515.996.2199