Data Storage Blog, a discussion of practical records management.

Records Storage and Information Management News January 13, 2012

IN THE NEWS

RECORDS KEEPING VITAL TO TRANSPARENCY

The case of the deleted email state government accounts underscores the idea that open records begins with proper record keeping, and the importance of making sure those who handle the records understand it.

Link: http://www.burlingtonfreepress.com/article/20120105/OPINION01/201050301/Voice-Free-Press-Records-keeping-vital-transparency?odyssey=nav|head

ANAHEIM MAYOR CALLS RECORDS DESTRUCTION ORDER "A MISTAKE"

After remaining silent nearly a week on an Anaheim Planning Department manager's order that department employees purge their records, Mayor Tom Tait Thursday issued a statement acknowledging that the order was "a mistake."

Link: http://voiceofoc.org/countywide/this_just_in/article_8978f176-381b-11e1-9d7e-001871e3ce6c.html

PROTECT YOUR DATA FROM WEATHER-RELATED DISASTER

Charles Bernard, president of Criteria for Success, a midtown sales and training firm, thought he'd made adequate plans for backing up critical company data. His firm's servers were elevated slightly from the floor, and he was backing up files on a monthly basis. Then, one morning in 2007, he and his employees walked in to work to discover the firm's file server sitting in a puddle of water, brought on by a burst steam pipe in the dead of winter.

Link: http://www.crainsnewyork.com/article/20120106/SMALLBIZ/120109953/1072

7 HEALTH DATA PRIVACY AND SECURITY TRENDS TO TRACK IN 2012

Happy Leap Year! We're jumping into a challenging 12 months - lawsuits are up, budgets are down, and advances in technology have made protecting medical data a whole lot harder. Our list of top trends in 2012 reveals difficulties ahead; read and proceed with caution.

Link: http://www.govhealthit.com/news/7-health-data-privacy-and-security-trends-track-2012

 HUGE CLOUD COMPUTING DATA BREACH WAITING TO HAPPEN

This year promises to be one that will be remembered as the year that outsourcing to the cloud gained significant momentum. But it could also be the year that cyber-attackers target the cloud and send shockwaves through corporations by causing a huge cloud security breach.

Link: http://www.computerweekly.com/blogs/inside-outsourcing/2012/01/huge-cloud-computing-data-breach-waiting-to-happen.html

WELLS FARGO QUESTIONED ABOUT PRIVACY BREACH

Connecticut Attorney General George Jepsen has issued a letter to Wells Fargo & Co. asking the bank to explain why it released customers' Social Security numbers when it mailed copies of subpoenas issued by the state Department of Social Services.

Link: http://www.bankinfosecurity.com/articles.php?art_id=4383

HOW LONG DO WE NEED TO KEEP ALL THIS STUFF?

Every year at this time, our phones ring with questions such as "How long do I have to keep these personnel files?" or "Do we really need to hang on to these time cards?"

Link: http://www.ourcoloradonews.com/business/careers/how-long-do-we-need-to-keep-all-this-stuff/article_3e58ba58-381d-11e1-9063-001871e3ce6c.html

FOUR DATA PROTECTION AND STORAGE TRENDS FOR 2012

About a month ago I started to put some thought and research into what might emerge as the top trends of 2012 by keeping a notebook next to my keyboard so as ideas struck me I could jot them down. Now as I look at the four trends that made today's short list, they ended up being on the surface ones that I hear, write and talk about every day.

Link: http://www.echannelline.com/usa/story.cfm?item=27403

WHAT DO YOU DO WHEN YOUR BUSINESS PARTNER IS BREACHED?

A breach in your own organization is bad enough, but a breach at a third-party vendor or contractor that is tightly connected to your organization can be even more frustrating. The key to minimizing the chaos is to work closely with your vendors, contractors, and service providers so that you'll be able to respond quickly when a compromise happens.

Link: http://www.darkreading.com/security/antivirus/232301397/tech-insight-what-to-do-when-your-business-partner-is-breached.html

CATTLES' LOST BACKUP TAPES HIGHLIGHT RISK OF UNENCRYPTED DATA STORAGE

The Cattles Group, which specialises in personal loans and debt recovery, admitted losing two backup tapes containing information about 1.4 million customers. Although the loss took place at the end of November, the company has only recently written to customers informing them of the breach. It has also informed the Information Commission's Office and the Financial Services Authority.

Link: http://searchsecurity.techtarget.co.uk/news/2240113549/Cattles-lost-backup-tapes-highlight-risk-of-unencrypted-data-storage

CANADA: FORCE FIRMS TO DISCLOSE DATA BREACHES, REPORT URGES

Bill C-12, which went through first reading in the House of Commons three months ago, would change the Personal Information Protection and Electronic Documents Act (PIPEDA) to require Canadian companies to report incidents involving the theft or loss of personal information. Currently PIPEDA does not require disclosure of data breaches and Alberta is the only province to have mandated such a requirement.

Link: http://business.financialpost.com/2012/01/10/force-firms-to-disclose-data-breaches-report-urges-2/

2012 PONEMON REPORT ON TRENDS IN SECURITY OF DATA RECOVERY

DriveSavers Data Recovery, the worldwide leader in data recovery services, announced today that the Ponemon Institute, a privacy and information management research firm, identifies in its second annual study, Trends in Security of Data Recovery Operations, new potential threats to the security of confidential and sensitive data when it is outsourced to third-party data recovery vendors.

Link: http://www.darkreading.com/insider-threat/167801100/security/news/232400100/2012-ponemon-report-on-trends-in-security-of-data-recovery.html

HIPAA PRIVACY AND SECURITY IS AN ONGOING TASK

Many clinicians who have now completed their 2011 EHR Incentive Program attestation may now, feeling a sigh of relief, believe that keeping track of privacy and security is done - that it was a one-time effort needed in order to comply with one of the core Meaningful Use requirements.

Link: http://www.practicefusion.com/ehrbloggers/2012/01/hipaa-privacy-and-security-is-an-ongoing-task.html

US ORGS NEED TO RE-EVALUATE DATA PROTECTION IN ANTICIPATION OF EU

With the European Commission poised to announce sweeping data protection legislation, it's imperative that U.S.-based organizations take a closer look at putting reliable, robust systems in place for protecting data. It would be wise for U.S. organizations to commit resources now to protecting data in anticipation of the new EU laws that will soon be unveiled, even if they are not doing business abroad.

Link: http://www.gsnmagazine.com/node/25420?c=cyber_security

RARE LEGAL FIGHT TAKES ON CREDIT CARD COMPANIES SECURITY STANDARDS AND FINES

A small celebrity-friendly restaurant in Utah is finally doing what many merchants have only dreamed of doing for a long time - taking on a part of the payment card industry's powerful but flawed system for securing card data by fining merchants for failing to secure their data.

Link: http://www.wired.com/threatlevel/2012/01/pci-lawsuit/

 

HACK ATTACKS NOW LEADING CAUSE OF DATA BREACHES

The majority of data breaches stem from hack attacks, followed by data that's lost while physically in transit. That's according to a forthcoming study from the Identity Theft Resource Center (ITRC), which assessed all known information relating to the 419 breaches that were publicly disclosed in the United States in 2011. A copy of the report was provided to InformationWeek in advance of its release.

Link: http://www.informationweek.com/news/security/attacks/232400252