education new york online education new york online education new york online
Search
Today's Info Policy News
Weekly Archive
Information Policy
FERPA
Protecting your children's privacy: The Facts
Parents 4 Privacy
WHO'S WATCHING YOUR CHILDREN?
about
contact us
site map
Search
With the exact phrase
With all of the words
With at least one of the words
Without these words
 
Within these fields         
 
Date range limit

      Pick Date
 
Item(s) found: 37
What Information Do Data Brokers Have on Consumers, and How Do They Use It?
Date CapturedSaturday December 21 2013, 10:31 AM
Chairman John D. (Jay) Rockefeller IV today announced the U.S. Senate Committee on Commerce, Science, and Transportation will hold a hearing on Wednesday, December 18, 2013, at 2:30 p.m. to examine the data broker industry and how industry practices may impact consumers. The hearing comes after a yearlong Commerce Committee examination of how data brokers collect, compile, and sell consumer information for marketing purposes. In October 2012, Rockefeller launched an investigation into the data broker industry to give consumers a better understanding of how their personal information is handled, issuing information requests to nine representative data brokers. Rockefeller sent an additional set of inquiries in September 2013 to twelve popular personal finance, health, and family-focused websites to further explore data broker information collection practices, and further expanded the investigation in October 2013 by requesting that Experian provide specific information about the company’s customer vetting practices following news reports alleging that an Experian subsidiary sold data to an identity theft scheme.
ID THEFT RESOURCES
Date CapturedFriday February 01 2013, 8:50 PM
Identity Theft Reported by Households, 2005-2010
Date CapturedMonday December 05 2011, 11:06 AM
Lynn Langton - In 2010, 7.0% of households in the United States, or about 8.6 million households, had at least one member age 12 or older who experienced one or more types of identity theft victimization. Among households in which at least one member experienced one or more types of identity theft, 64.1% experienced the misuse or attempted misuse of an existing credit card account in 2010. From 2005 to 2010, the percentage of all households with one or more type of identity theft that suffered no direct financial loss increased from 18.5% to 23.7%.
A Better Start: Clearing Up Credit Records for California Foster Children
Date CapturedTuesday September 13 2011, 1:16 PM
This report summarizes the result of the project team’s work on behalf of over 2,110 foster children in Los Angeles County, and it also recommends new procedures for use in helping this vulnerable population statewide. Key Findings of the Pilot Project • The project team successfully cleared all negative items from the credit reports of 104 foster children. • These 104 children (5% of the pilot project sample) had 247 separate accounts reported in their names, as the result of errors or identity theft. • The average account balance was $1,811, with the largest being a home loan of over $200,000. • The accounts found were two to three years old, opened when the child was 14 years old on average. • 12% of the children had records loosely linked to them by Social Security number only, which while not affecting their credit ratings could nevertheless pose problems for them in the future.
FTC "STOLEN FUTURES" WEBCAST Session Two - FAMILIAL IDENTITY THEFT - July 12, 2011
Date CapturedSunday September 11 2011, 12:04 AM
WEBCAST ON CHILD IDENTITY THEFT. DISCUSSES MOST AT RISK STUDENTS. Session 2 Linda Foley is the founder of the Identity Theft Resource Center, a nationwide nonprofit, victim-services advocacy, and consumer-education program based in San Diego, California. Russell Butler is Executive Director of the Maryland Crime Victims Resource Center, which provides criminal justice information and education, support services, therapeutic individual, family, and group counseling, and legal information, referrals, and representation to victims of crime. Theresa Ronnebaum is the Identity Theft Program Specialist for the Florida Attorney General's office with over 15 years experience in victim advocacy.
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on CHILD IDENTITY THEFT
Date CapturedFriday September 02 2011, 9:38 PM
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION Before the SUBCOMMITTEE ON SOCIAL SECURITY of the HOUSE COMMITTEE ON WAYS AND MEANS on Child Identity Theft Field Hearing Plano, Texas September 1, 2011; EXCERPT: A. The Child Identity Theft Forum Discussions [They noted that identity thieves often steal children’s information from schools, businesses, and government agencies.]
FTC CONSUMER ALERT: Protecting Your Child's Personal Information at School
Date CapturedFriday September 02 2011, 6:10 PM
[Ask your child's school about its directory information policy. Student directory information can include your child's name, address, date of birth, telephone number, email address, and photo. FERPA requires schools to notify parents and guardians about their school directory policy, and give you the right to opt-out of the release of directory information to third parties. It's best to put your request in writing and keep a copy for your files. If you don't opt-out, directory information may be available not only to the people in your child's class and school, but also to the general public.]
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedMonday July 25 2011, 5:26 PM
Session 3 TRANSCRIPT - Securing Children’s Data in the Educational System: Steven Toporoff - Federal Trade Commission. PANELISTS: Kathleen Styles, U.S. Department of Education; Michael Borkoski, Howard County Maryland Public Schools; Larry Wong, Montgomery County Maryland Public Schools; Richard Boyle ECMC, Denny Shaw i-SAFE, Inc. [This panel will explore the Family Educational Rights and Privacy Act (FERPA) and initiatives to protect children’s personal information in school systems. We will also explore lessons learned from a high-profile data breach involving student information. Finally, the panel will discuss outreach efforts to teach children, teachers, youth counselors, and school administrators about privacy and securing children’s personal information.]
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedMonday July 25 2011, 5:16 PM
Session 2 TRANSCRIPT intro [Linda Foley is the founder and research director of the Identity Theft Resource Center, a nationwide nonprofit, victim-services advocacy, and consumer-education program based in San Diego, California. Russell Butler is Executive Director of the Maryland Crime Victims Resource Center, which provides criminal justice information and education, support services, therapeutic individual, family, and group counseling, and legal information, referrals, and representation to victims of crime. And then I have Theresa Ronnebaum. Theresa is the Identity Theft Program Specialist for the Florida Attorney General's office with over 15 years experience in victim advocacy.]
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedWednesday July 20 2011, 6:12 PM
TRANSCRIPT SESSION ONE: Stolen Futures: A Forum on Child Identity Theft July 12, 2011; The Federal Trade Commission (FTC) and the Office for Victims Rights (OVC), Office of Justice Programs, U.S. Department of Justice, will hold a forum to discuss child identity theft. Government, business, non-profit, legal service providers, and victim advocates will explore the nature of child identity theft, including foster care identity theft and identity theft within families, with the goal of advising parents and victims on how to prevent the crime and how to resolve child identity theft problems.
Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011
Date CapturedMonday May 23 2011, 9:22 PM
Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers and other commercial enterprises to capture, use, and re-sell student information. Even with privacy controls in place, it is also far too easy for individuals to get a hold of student information and use it for illegal purposes, including identity theft, child abduction in custody battles, and domestic violence. Few parents are aware, for example, that anyone can request -- and receive -- a student directory from a school. Data and information breaches occur every day in Pre-K-20 schools across the country, so that protecting student privacy has become a matter of plugging holes in a dyke rather than advancing a comprehensive policy that makes student privacy protection the priority.
U.S. Department of Education (USED) Safeguarding Student Privacy 
Date CapturedFriday April 08 2011, 6:38 PM
The use of data is vital to ensuring the best education for our children.  However, the benefits of using  student data must always be balanced with the need to protect students’ privacy rights.  Students and their  parents should expect that their personal information is safe, properly collected and maintained and that it is  used only for appropriate purposes and not improperly redisclosed.  It is imperative to protect students’  privacy to avoid discrimination, identity theft or other malicious and damaging criminal acts.  All education  data holders must act responsibly and be held accountable for safeguarding students’ personally identifiable  information – from practitioners of early learning to those developing systems across the education  continuum (P-20) and from schools to their contractors.  The need for articulated privacy protections and  data security continues to grow as Statewide Longitudinal Data Systems (SLDS) are built and more education  records are digitized and shared electronically.  As States develop and refine their information management  systems, it is critical that they ensure that student information continues to be protected and that students’  personally identifiable information is disclosed only for authorized purposes and under the circumstances  permitted by law.  All P-20 stakeholders should be involved in the development of these statewide systems  and protection policies.    
Kindergarten Through 12 Grade Schools’ Collection and Use of Social Security Numbers (A-08-10-11057)
Date CapturedThursday December 23 2010, 9:53 AM
OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION - Despite the potential risks associated with using SSNs as primary student identifiers, many K-12 schools continue this practice. While we recognize that SSA cannot prohibit States or K-12 schools from collecting and using SSNs as student identifiers or for other purposes, we believe SSA can help reduce the threat of identity theft and SSN misuse by encouraging States and K-12 schools to reduce unnecessary collection of SSNs and improve protections and safeguards when collected.
The Boundaries of Privacy Harm
Date CapturedSaturday July 17 2010, 7:00 PM
M. Ryan Calo -- Stanford Law School -- July 16, 2010 -- Abstract: [This Essay describes the outer boundaries and core properties of privacy harm. Properly understood, privacy harm falls into just two categories. The subjective category of privacy harm is the unwanted perception of observation. This category describes unwelcome mental states—anxiety, embarrassment, fear—that stem from the belief that one is being watched or monitored. Examples include everything from a landlord listening in on his tenants to generalized government surveillance. The objective category of privacy harm is the unanticipated or coerced use of information concerning a person against that person. These are negative, external actions justified by reference to personal information. Examples include identity theft, the leaking of classified information that reveals an undercover agent, and the use of a drunk-driving suspect’s blood as evidence against him. The subjective and objective categories of privacy harm are distinct but related. Just as assault is the apprehension of battery, so is the unwanted perception of observation largely an apprehension of information-driven injury. The categories represent, respectively, the anticipation and consequence of a loss of control over personal information. The approach offers several advantages. It uncouples privacy harm from privacy violations, demonstrating that no person need commit a privacy violation for privacy harm to occur (and vice versa). It creates a “limiting principle” capable of revealing when another value—autonomy or equality, for instance—is more directly at stake. It also creates a “rule of recognition” that permits the identification of a privacy harm when no other harm is apparent. Finally, the approach permits the sizing and redress of privacy harm in novel ways.]
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Date CapturedMonday May 03 2010, 11:04 AM
Recommendations of the National Institute of Standards and Technology - [The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and organizations. Individual harms may include identity theft, embarrassment, or blackmail. Organizational harms may include a loss of public trust, legal liability, or remediation costs. To appropriately protect the confidentiality of PII, organizations should use a risk-based approach; as McGeorge Bundy once stated, "If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds." This document provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommendations in this document are intended primarily for U.S. Federal government agencies and those who conduct business on behalf of the agencies, but other organizations may find portions of the publication useful. Each organization may be subject to a different combination of laws, regulations, and other mandates related to protecting PII, so an organization‘s legal counsel and privacy officer should be consulted to determine the current obligations for PII protection. For example, the Office of Management and Budget (OMB) has issued several memoranda with requirements for how Federal agencies must handle and protect PII. To effectively protect PII, organizations should implement the following recommendations.]
The Smart Grid and Privacy
Date CapturedWednesday December 16 2009, 9:01 PM
EPIC Concerning Privacy and Smart Grid Technology - [A list of potential privacy consequences of Smart Grid systems include: Identity Theft; Determine Personal Behavior Patterns; Determine Specific Appliances Used; Perform Real-Time Surveillance; Reveal Activities Through Residual Data; Targeted Home Invasions (latch key children, elderly, etc.); Provide Accidental Invasions; Activity Censorship; Decisions and Actions Based Upon Inaccurate Data; Profiling; Unwanted Publicity and Embarrassment; Tracking Behavior Of Renters/Leasers; Behavior Tracking (possible combination with Personal Behavior Patterns); Public Aggregated Searches Revealing Individual Behavior. Plans are underway to support smart grid system applications that will monitor any device transmitting a signal, which may include non-energy-consuming end use items that are only fitted with small radio frequency identification devices (RFID) tags may be possible. RFID tags are included in most retail purchases for clothing, household items, packaging for food, and retail items.
Federal data breach notification standard must pre-empt state laws
Date CapturedMonday November 16 2009, 8:33 PM
Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.] [Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.]
‘‘Personal Data Privacy and Security Act of 2009’’ S. 1490
Date CapturedWednesday November 04 2009, 2:19 PM
11TH CONGRESS - 1ST SESSION -- S. 1490: To prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.
Happy Birthday, Internet
Date CapturedFriday October 30 2009, 8:22 PM
NPR interview -- authentication and privacy concerns mentioned. October 30, 2009 [On Oct. 29, 1969, around 10:30 P.M., a message from one computer was sent over a modified phone line to another computer hundreds of miles away. Some say the Internet was born that day. UCLA computer scientist Leonard Kleinrock, who was there, gives his account.] IMPORTANT EXCERPT: [Dr. KLEINROCK: Yes. In fact, in those early days, the culture of the Internet was one of trust, openness, shared ideas. You know, I knew everybody on the Internet in those days and I trusted them all. And everybody behaved well, so we had a very easy, open access. We did not introduce any limitations nor did we introduce what we should have, which was the ability to do strong user authentication and strong file authentication. So I know that if you are communicating with me, it's you, Ira Flatow, and not someone else. And if you send me a file, I receive the file you intended me to receive. We should've installed that in the architecture in the early days. And the first thing we should've done with it is turn it off, because we needed this open, trusted, available, shared environment, which was the culture, the ethics of the early Internet. And then when we approach the late 1980s and the early 1990s and spam, and viruses, and pornography and eventually the identity theft and the fraud, and the botnets and the denial of service we see today, as that began to emerge, we should then slowly have turned on that authentication process, which is part of what your other caller referred to is this IPV6 is an attempt to bring on and patch on some of this authentication capability. But it's very hard now that it's not built deep into the architecture of the Internet.]
Commission Extension of Deferral of Enforcement of the Identity Theft Red Flags Rule Until August 1, 2009
Date CapturedMonday May 04 2009, 4:43 PM
[The Federal Trade Commission (the “FTC” or “Commission”) is extending its deferral of enforcement of the Identity Theft Red Flags Rule to August 1, 2009.2 This rule was promulgated pursuant to § 114 of the Fair and Accurate Credit Transactions Act (“FACTA”). Congress directed the Commission and other agencies to develop regulations requiring “creditors”3 and “financial institutions”4 to address the risk of identity theft. The resulting Identity Theft Red Flags Rule requires any of these entities that have “covered accounts” to develop and implement written identity theft prevention programs. The identity theft prevention programs must be designed to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft. This rule applies to all entities that regularly permit deferred payments for goods or services, including entities such as health care providers, attorneys, and other professionals, as well as retailers and a wide range of businesses that invoice their customers.]
FTC Will Grant Three-Month Delay of Enforcement of ‘Red Flags’ Rule Requiring Creditors and Financial Institutions to Adopt Identity Theft Prevention Programs
Date CapturedMonday May 04 2009, 4:38 PM
[The Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. Some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.]
Before the Federal Trade Commission Washington, DC 20580 In the Matter of Google, Inc. and Cloud Computing Services
Date CapturedTuesday March 17 2009, 6:48 PM
EPIC President Marc Rotenberg on Google and Cloud Computing [The recent growth of Cloud Computing Services signals an unprecedented shift of personal information from computers controlled by individuals to networks administered by corporations. Data breaches concerning Cloud Computing Services can result in great harm, which arises from the centralized nature of the services and large volume of information stored "in the cloud." Past data breaches have resulted in serious consumer injury, including identity theft. As a result of the popularity of Cloud Computing Services, data breaches on these services pose a heightened risk of identity theft. The FTC should hold accountable the purveyors of Cloud]
New York State Consumer Protection Board (CPB)
Date CapturedFriday December 26 2008, 5:07 PM
The Consumer Protection Board, established in 1970 by the New York State Legislature, is the State's top consumer watchdog and "think tank." The CPB's core mission is to protect New Yorkers by publicizing unscrupulous and questionable business practices and product recalls; conducting investigations and hearings; enforcing the "Do Not Call Law"; researching issues; developing legislation; creating consumer education programs and materials; responding to individual marketplace complaints by securing voluntary agreements; and, representing the interests of consumers before the Public Service Commission (PSC) and other State and federal agencies.
"Business Privacy Guide: How to Handle Personal Identifiable Information and Limit the Prospects of Identity Theft"
Date CapturedFriday December 26 2008, 5:04 PM
Rome Sentinel [The New York State Consumer Protection Board has issued its first "Business Privacy Guide: How to Handle Personal Identifiable Information and Limit the Prospects of Identity Theft." The Business Privacy Guide and additional information about privacy, data breach, security freeze and other identity theft related materials may be found on the CPB’s website at www.nysconsumer.gov along with other consumer and business tools, including training materials on Do Not Call compliance for business.]
Security In Numbers: Social Security Numbers and Identity Theft: A Federal Trade Commission Report Providing Recommendations On Social Security Number Use In the Private Sector
Date CapturedThursday December 18 2008, 5:57 PM
(December, 2008) Conclusion -- Since the creation of the SSN in 1936, the private sector increasingly has utilized it for various purposes – both as an identifier and an authenticator – because it is the only permanent, unique piece of information that most Americans have about themselves. The SSN’s use has expanded as organizations have adapted their business and record-keeping systems to utilize increasingly sophisticated automated data processing. The SSN has, over time, become an integral part of our financial system. As the private sector’s use of the SSN has grown, so too has its availability and value for identity thieves. The Commission believes that a number of actions could be taken to reduce the role of SSNs in identity theft, with emphasis on reducing the demand for SSNs by minimizing their value to identity thieves through improved authentication processes. Most importantly, the Commission recommends that Congress consider establishing national authentication standards for businesses that have consumer accounts and are not already subject to authentication requirements from other federal agencies. Because authentication can never be perfect, however, the Commission also recommends carefully targeted actions to limit the supply or availability of SSNs to identity thieves. Specifically, the Commission recommends that Congress consider prohibiting the display of SSNs on publicly-available documents, identification cards, and other materials that could potentially fall into the hands of identity thieves. The Commission also recommends that Congress set national safeguards and breach notification standards, because better-protected SSNs are less likely to fall into the hands of criminals. Finally, the Commission is committed to educating consumers on protecting their SSNs and businesses on reducing their use of SSNs, and recommends that the government and private sector entities explore information sharing and other cooperative efforts to achieve these goals. Together, these actions could substantially reduce the misuse of SSNs by identity thieves, while at the same time preserving the beneficial uses of SSNs in our economic system.
IDTheft.gov
Date CapturedThursday December 18 2008, 5:52 PM
IDTheft.gov is your one stop resource for government information about identity theft.
FTC Issues Report on Social Security Numbers and Identity Theft
Date CapturedThursday December 18 2008, 5:48 PM
The Federal Trade Commission issued a report today recommending five measures to help prevent Social Security numbers from being used for identity theft. Principal among the report’s recommendations is that Congress consider taking action to strengthen the procedures that private-sector organizations use to authenticate their customers’ identities. “Identity theft continues to be a major problem in this country, with victims numbering in the millions each year and out-of-pocket losses (primarily to businesses) in the billions of dollars,” the report states.
Federal Trade Commission Identity Theft Survery Report 2006
Date CapturedFriday June 27 2008, 7:43 PM
Executive Summary Identity theft (ID theft) is an issue that continues to plague consumers, businesses, and law enforcement. To provide greater insight into the prevalence and cost of ID theft, the Federal Trade Commission (FTC) has sponsored its second ID theft survey of US adults. The specific objectives of the survey were to: • Estimate the prevalence of ID theft victimization • Measure the impacts of ID theft on the victims • Identify actions taken by victims • Explore measures that may help victims of future cases of ID theft
Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown
Date CapturedThursday June 05 2008, 7:03 PM
GAO-07-737 -- There are two primary forms of identity theft. First, identity thieves can use financial account identifiers, such as credit card or bank account numbers, to take over an individual’s existing accounts to make unauthorized charges or withdraw money. Second, thieves can use identifying data, which can include such things as SSNs and driver’s license numbers, to open new financial accounts and incur charges and credit in an individual’s name, without that person’s knowledge. This second form of identity theft is potentially the most damaging because, among other things, it can take some time before a victim becomes aware of the problem, and it can cause substantial harm to the victim’s credit rating. While some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records.
Do Data Breach Disclosure Laws Reduce Identity Theft?
Date CapturedThursday June 05 2008, 6:07 PM
Identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with about 30% of known identity thefts caused by corporate data breaches. Many US states have responded by adopting data breach disclosure laws that require firms to notify consumers if their personal information has been lost or stolen. While the laws are expected to reduce losses, their full effects have yet to be empirically measured. We use panel from the US Federal Trade Commission with state and time fixed-effects regression to estimate the impact of data breach disclosure laws on identity theft over the years 2002 to 2006. We find no statistically significant effect that laws reduce identity theft, even after considering income, urbanization, strictness of law and interstate commerce. If the probability of becoming a victim conditional on a data breach is very small, then the law’s maximum effectiveness is inherently limited. Quality of data and the possibility of reporting bias also make proper identification difficult. However, we appreciate that these laws may have other benefits such as reducing a victim’s average losses and improving a firm’s security and operational practices.
N.Y. opts for hybrid driver’s licenses
Date CapturedTuesday June 03 2008, 2:03 PM
Washington Technology reports, "Some of the enhanced licenses have been controversial because of privacy concerns. Washington, which was the first state to begin producing the new licenses, includes a radio frequency identification microchip on the licenses. The RFID chips, which can be read wirelessly from 20 feet to 30 feet away, have been criticized for their potential to be scanned without authorization, risking identity theft and loss of privacy. It is not clear whether New York’s licenses will include the RFID chip. Information was not immediately available from a spokesman for the state Department of Motor Vehicles."
General Information Technology Access Account Records System (GITAARS) DHS/ALL-004, May 15, 2008, 73 FR 28139
Date CapturedTuesday June 03 2008, 12:51 PM
In accordance with the Privacy Act of 1974, the Department of Homeland Security is giving notice that it proposes to update a system of records in its inventory. The Department of Homeland Security is updating the General Information Technology Access Account Records System system of records notice to include four new routine uses and to add to the categories of records covered by the system. The first new routine use will allow for information sharing with federal agencies such as the Office of Personnel Management, the Merit Systems Protection Board, Office of Management and Budget, Federal Labor Relations Authority, Government Accountability Office, or the Equal Employment Opportunity Commission when information is requested in the performance of those agencies' official duties. The second routine use will allow for the routine sharing of business information outside of the Department for official purposes. This includes the sharing of business contact information to contacts outside of the Department. The third routine use allows for sharing for the purpose of investigating an alleged or proven act of identity fraud or theft. The fourth routine use allows sharing of information to regulatory and oversight bodies, including auditors, who are responsible for ensuring appropriate use of government resources.
The ID Divide -- Addressing the Challenges of Identification and Authentication in American Society
Date CapturedMonday June 02 2008, 3:03 PM
By Peter Swire, Cassandra Q. Butts. "Our report first explores the background of the issue, including the sharp rise in recent years in how often Americans are asked for proof of identity. We then examine the facts of the ID Divide in detail, identifying at least four important types of problems: A large population affected by identity theft and data breaches; The growing effects of watch lists; Specific groups that disproportionately lack IDs today; The effects of new and stricter ID and matching requirements.
2007 Identity Theft Resource Center (ITRC) Breach Report
Date CapturedTuesday June 12 2007, 8:58 AM
View breaches of records at education institutions in 2007.
A Blueprint for Handling Sensitive Data: Security, Privacy, and Other Considerations (ID: ESEM071)
Date CapturedMonday May 14 2007, 1:35 PM
Link to powerpoint presentation by H. Morrow Long and Krizi Trivisani -- Information security risks at colleges and universities present challenging legal, policy, technical, and operational issues. According to a recent study by the EDUCAUSE Center for Applied Research (ECAR), security incidents have resulted in compromises of personal information which have led to bad publicity and the potential for identity theft. Among the steps to protect sensitive data include an information security risk management program, data classification policies, clearly defined roles and responsibilities, awareness programs, and technology solutions among other interventions. This seminar presentation outlines a blueprint for protecting sensitive data according to the EDUCAUSE/Internet2 Security Task Force.
Cincinnati district withholding info out of privacy concerns
Date CapturedThursday March 01 2007, 9:35 AM
AP reports, "Distributing a list of student names, addresses and phone numbers would make the information a public record open to anyone, district spokeswoman Janet Walsh said. Concerns about identity theft, sexual predators and custody issues are changing which information parents want released, Walsh said."
Protect your passwords; University-level ID theft raises concerns at Arizona State U.
Date CapturedFriday July 07 2006, 12:25 AM
statepress.com reports, "A recent increase in computer security breaches at universities nationwide has led to concerns that computer hackers may be attempting to obtain personal information, such as social security numbers of students, faculty and alumni to be used for identity theft."



Back to Top of Page