A first attempt at proposing an amendment at the federal level to add a breach notification obligation to PIPEDA privacy legislation was initially introduced through Bill C-29 in May 2010. It died when the election was called in spring 2011. Bill C-12, identical to C-29, was introduced in September 2011 but has not been moved forward.
A new proposal which has received the support of key industry players was introduced in February. The private member’s Bill C-475 adds clear and mandatory security breach disclosure requirements to the PIPEDA federal law along with significant penalties for compliance failures.
Under Bill C-475, an organization having personal information under its control would have to notify the Commissioner of any incident involving the loss or disclosure of, or unauthorized access, where a reasonable person would conclude that there exists a possible risk of harm to an individual as a result of the security breach.
I woke up this morning feeling the ravages of the common flu. Pushing back the viral fog, I looked out my bedroom window, expecting to see the streets flooded with zombies, the skies dark with winged bodies of alien invaders, a maelstrom of clouds swirling and the blaring of trumpets. December 21st, 2012 has passed, and still, the world spins upon its axis. Hmmm, what about all this talk about he Mayan calendar, and the prophesied apocalypse?
Well, hold on tight, earthlings. Our best and brightest may have mis-calculated by just a few days. Apparently, the calculation should have pointed to the 23rd ’round midnight! I’m hedging my bets, and shopping light this Christmas. Ya never know, it might not happen at all.
The Mayans used calendars kind of like we do, and what happens when we run out of days on our calendar? We get a new calendar! That’s all. That’s it. The Mayans observed the cycles of nature and the universe. The key to cycles is that they repeat.
I am truly blessed, as I got to see the shenanigans as the second hand swept across twelve in 1999, ushering in a new era where technology would fail us all, elevators would rocket through the roof, and nuclear plants would melt down. And now I have seen (or will soon see) the end of time as we know it.
Interesting write up about all of this at the link provided in the image above, if you are interested in all this. For me, it simply shines the light on what people will believe. If a story is repeated long enough, if no better explanation can be quickly presented, rumors and myths will rule.
Doomsday in my opinion, will come, and far too soon I’m afraid. However, it will be either by our own hand as a species, or by the laws of nature and luck. I will be as prepared as I can be, as aware as I’m able, and as accepting as possible of the outcome. Until then, I wish you all peace on earth, and goodwill to all mankind. Happy 1st BaKtun, and stay secure!!
Some folks have noticed that the old curmudgeon that used to update this blog hasn’t been around much and has kind of left this blog alone for a while. Well, MadMark’s back, and you can expect to see more content here again starting in 2013. I may not be as prolific, but I will try and post at least something interesting each month.
I started a new job back in March, and it really has been dominating my time. When creating a brand new department, it is imperative to focus on defining the many tasks that need to be fleshed out; creating strategy, governance, services, processes, and of course staffing appropriately.
So the second year is all about building it out according to plan. I expect that the build will actually take more time, but less focus, as I have good people to rely on, above, under, and around me who can help.
I fall back to one of my favorite movie quotes: “What doesn’t kill me makes me stronger. Pissed off, but stronger.” Well, maybe that’s not an exact quote. I am now glad that I have had the painful experience of having done this exercise before, and know much of what to expect.
Happy holidays to all, and see you in 2013. You can find me in person at the Toronto Area Security Klatch (TASK) meetings, or at Federation of Security Professionals events.
Oh, for crying out loud. Why don’t these guys just go away? According to Wired, Anonymous is giving itself a weekly deadline now, a new attack every Friday. How entertaining. Following the Tuesday compromise of tear gas maker Combined Systems’ website, Antisec attacked a Federal Trade Commission webserver which hosts 3 FTC websites. They claim this hack was in opposition of the controversial international ACTA copyright treaty, widely protested around the world for its potential impact on freedom of expression.
Those responsible for this week’s attacks spoke with Wired, and claimed that the attacks renewed a promise, previously noted in the defacement of CSI, and reiterated on the FTC websites, “every Friday will bring a new attack against government and corporate sites under the theme of #FFF” (‘F’ the Feds Friday).
They’ve decided try to balance between protest defacements like these two most recent ones, and posting material that can damage firms and agencies. Jerry Irvine of the National Cyber Security Task Force told the New York Times last week that attacks would become more frequent, describing the collective as “unstoppable,” because of the poor state of online security.
On the other side of the pond, a record $6 trillion of fake US Treasury bonds were seized by Italian anti-mafia prosecutors. The bonds were uncovered in hidden compartments in three safety deposit boxes in Zurich. Bloomberg reports that Italian authorities arrested eight people in connection with the probe, dubbed Operation Vulcanica.
The Italian authorities also uncovered fraudulent checks issued through HSBC Holdings in London, and another $2 billion of fake bonds in Rome. Those involved in the financial fraud case were apparently planning to buy plutonium from Nigeria, according to police monitored phone conversations.
Good work guys. I hope they round up all involved, especially those with the plutonium. You know that stuff isn’t going to be used to power wind up toys.
While you are sitting patiently during your typical 5-6 hour emergency room visit, ever wonder just how safe your records are at the doctor’s office? Are ya ready to puke?
91% of small healthcare practices (less than 250 employees) in North America say they have suffered a data breach in the past 12 months.
The Ponemon Institute recently conducted a survey, commissioned by MegaPath, asking more than 700 healthcare organizations’ IT and administrative staff about breaches. Among the findings:
- 70% say their organizations either don’t have or are unsure if they have, sufficient budget to meet governance, risk, and compliance requirements.
- 55% of respondents had to notify patients of a data breach in the previous 12 months.
- 52% of respondents rated their security technology plans as “ineffective”.
- 43% of respondents had experienced medical identity theft in their organizations.
- 31% say management considers data security and privacy a top priority. (69% not so much?)
- 29% say breaches have resulted in medical identity theft.
- More than a third have not assigned responsibility for patient data protection to anyone in particular.
- Approximately half say less than 10% of IT’s budget goes to data security tools.
Data breaches of patient information cost healthcare organizations nearly $6 billion annually, and many breaches go undetected. Protecting patient data appears to remain a low priority for hospitals and doctors’ offices, and these organizations have little confidence in their ability to secure patient records. They are putting individuals at increased risk for medical identity theft, financial theft, and exposure of private information.
Are ya feeling warm and fuzzy yet? Read the whole report.