page 11 Security and Privacy

Security and Privacy

See if you can find an example of a privacy breach that was reported in the Australian or international news in the last 6 months. What were the consequences? i.e. legal, political, financial, personal etc. What action was taken in response to the privacy breach?

Risk Solutions International LLC, Loudoun County Public Schools
Ashburn, Virginia

January 7, 2014-Loudoun County school officials have responded to a data breach that made publicly available personal information about students and staff members, along with detailed emergency response plans for each school.

More than 1,300 links Question 1
Find aould be accessed through a Google search, thought to be password protected, unveiled thousands of detailed documents as to how each school in the district will respond to a long list of emergencies, which included the staging areas for response teams as well as where the students and staff would be located during an emergency.

Additional documents that could be accessed included students' courrse schedules, locker combinations, home addresses, phone numbers and birthdates along with the address and cell phone numbers for many school administrators.

The contractor Risk Solution International acknowledged that the breach was caused by "human error" on their part, which is said to be the cause of the data breach.

UPDATE: Loudoun County Public Schools administrators released a more detailed statement about the information made publicly available on the Internet due to errors committed by the contractor Risk Solutions International (RSI).

According to school officials, the investigation is continuing as to how the webpage, which was made accessible through online search engines without any password protection happened. The page included 1,286 links detailing information on 84 Loudoun schools. It is unknown how long the information was exposed or how many links were opened by unauthorized individuals.

Locker combinations were revealed for one school and only one parent contact information was revealed for fewer than 10 schools according to the spokesperson for the district. The statement also made clear that RSI's website was not hacked and that it never lost its password security. Instead, the breach occurred when RSI employees were doing technical testing on November 4th , December 19th and December 24th 2013. (1/9/2014)

Complete a comprehensive analysis of the facts and issues in the case. Some questions to consider -

What AmI technologies are identified in the case?

-Based on my knowledge, in this case AMI technology is the information of thousands of individuals were then sold back to them.

What drives DMC’s officers to take the actions they took?

-In my opinion, the officer will conceal violations of security known to keep company.

DMC is the clear market leader in the aggregation of AmI data. Are there any comparisons you can make to technology companies today?

-In my opinion, the company can be attributed to Google. Almost everyone these days use Google search to find what they want to search because Google has a lot of programs that can be used.

How realistic is the description of governments using the technology and prohibiting immigration from states with no AmI data aggregation information?

-In my view, it does not realistically use the technology and to prohibit immigration from countries without data aggregation Ami information. Because it can come from anywhere not only come from immigration.

What would be the impact of this digital divide?

-I think there may be a difference in the gap of trust between a company with customers and the general public.

List some of the ‘unintended consequences’ described in the case.

Do members of the class all agree on the issues raised by this case? What were the main points of difference (if any) in discussions?

-In my opinion, the unintended consequences they are regarded negatively on the case of a security breach. They will try to hide the case from the public.

References:

http://www.privacyrights.org/data-breach