Thursday, November 16, 2006

Personally Identifiable Information

As the federal government grapples to deal with the need to protect personally identifiable information and/or sensitive information, the concern among federal contractors and government employees is that the reaction will be too fast to be fully thought out. For example, for the government to be able to do business the solution is not the easy approach of not allowing any removable items, such as key fobs, which enables the government to be able to do such basic business processes, such as scanning a document that needs to be uploaded. Hopefully as the OMB strives to provide guidance to all federal agencies, they will provide adequate time for both government employees and contractors to understand the implications of the guidance as well as fully analyzing the need to protect PII and sensitive information without preventing all federal agency components from effectively and without undue interference carrying out their mission and fulfilling their business needs.

Monday, November 13, 2006

Business Identity Theft Is Real

As a business owner or employee, do you really understand the serious consequences of identity theft to your business? Are you aware that federal and state laws for identity theft and privacy are written to protect the consumer, not your business?

These laws (with hefty fines and potential civil and criminal penalties) apply to any business (large, small, or sole proprietor) that collects personal information about customers or employees (including names, credit card numbers, birthdates, home addresses, and more). Any company that accidentally discloses data protected by privacy laws runs a risk of litigation.

Business owners, employees (and consumers) who learn about and take necessary precautions now for . . .
1. personal and business Identity theft differences and best security practices;
2. privacy and identity theft laws and how to meet compliance regulations;
3. your business risk for identity theft; and
4. the affirmative defense that will help mitigate risk during litigation

. . .will likely survive the ramifications, should they fall prey to a security breach or identity theft.

By the way, don’t think that it is just individuals who become victims of identity thieves. The business entity itself can be a thief’s favorite victim! Thieves love the holidays, too!

A good place to begin learning about best security and privacy practices is the Better Business Bureau’s Toolkit. It will give you a non-technical roadmap to securing your customer and employees' data. You can download this helpful and educational document at www.bbb.org. It will NOT give you, however, a complete affirmative defense solution.

If learning and implementing data security and privacy management programs seems overwhelming and costly, get over it!

Would your business survive losing 20-60 percent of your client base due to a security breach caused by non-compliance to federal security requirements or negligence? A breach costs 15 times more than preventive security measures, such as encryption of data. Cleaning up after a breach or identity theft would be overwhelming and costly, wouldn’t it? Your clients and their trust would disappear . . . and that’s a fact!

Remember, security wins!


Submitted by Lois Hale, MS Reno, NV
ICFE Certified Identity Theft Risk Management Specialist
ADRS Certified Group Security Specialist


Saturday, November 04, 2006

Los Alamos Confidential (Or NOt!)

Not a good thing.

“It's devastating." If a nuclear weapon were stolen, the information "would tell the terrorists everything they need to do to get a weapon to fire." (This is a quote from a federal official recently briefed on the issue).

Too bad this information was on three thumb drives found in a trailer park during a drug raid.

Too bad the person who took this and other highly classified information on nuclear weapons was a 22-year-old employee Jessica Quintana, of the Los Alamos National Laboratory, the nation’s premier nuclear research and development facility.

Too bad this 22-year-old “contractor” had Sigma-15 clearance allowing her to access to documents explaining how to deactivate locks on a nuclear weapon. (Yup, that’s right! Nuclear weapons have locking systems so they cannot be blown up or won’t blow up when you transport them and she had the data on how to unlock them!).

Too bad that she had top-secret "Q-clearance" with access to all the U.S. underground nuclear test data and to vaults with sensitive intelligence information.

Too bad that according to her lawyer she just she “took the material home to work and then forgot about it” in the trailer park! Is this Los Alamos normal best practice – “Yeah Jessica, go ahead and drag that top secret stuff on some thumb drives and take them back to your trailer home and work on them over the week end!”

Too bad that “if a terrorist steals an American nuclear weapon, he could not detonate it due to the special access controls. Ms Quintana is authorized to read the reports that tell how to get around those safety controls

Too bad British security officials are worried that design plans for Trident nuclear weapons are among the stolen documents and they are freaked out that this information may now be out in the public somewhere.

Too bad out government is a bunch of idiot incompetent moron’s who cannot be trusted with anything having to do with security.

Good for CBS News correspondent Sharyl Attkisson who was the first to report this story and has now followed up on it. You get our "Atta Girl" prize!

Too bad that when you Google this story most of the other media has ignored it preferring to run massive print and video on the alleged gay and meth tastes of an evangelical minister.

Maybe we have our priorities all turned around.

Oh yes, this story is not from the 1960s and the cold war! It's from Nov. 3, 2006.

Oh yes. This week the fedral government also took down a web site on Saddam Hussein's nuclear program that apparently had information in Arabic on how to make a nuclear bomb!

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft