Sharon Phillips reports:
A burglary in south Tulsa has detectives on high alert.
The personal information of more than 400 people is now in the hands of crooks.
It happened at Preferred Skin Solutions near 55th and Lewis, and now officers are concerned about identity theft.
The owners believe the thieves broke in sometime between Tuesday night and Wednesday, and they believe a key may have been used to get in.
[...]
The thieves got away with a laptop holding client’s medical records and a CD player.However, no financial records were taken.
“We’ve always made a point that we don’t store anything like that on our laptop, and what we do is take their information one time and then we shred their information,” she says.
“Each time they come in they have to do it all over again and some people may think it’s a pain to do that, but this is obviously a good reason to do it,” says Mkalech.
Read more on Fox23.
It is encouraging to see that a relatively small company made smart security decisions to not store credit card or financial data and that they promptly reached out to their customers. Encrypting the hard drive would also have been a smart move to protect the existing data, particularly if there were any dermatological diagnoses or issues recorded in the files.
A number of regular readers have e-mailed to ask why the blog is not being updated as frequently as it usually is.
The answer is simple, but sad: my mother is dying.
Updates will continue to be sporadic for a while as I am at the hospice every day to spend time with her as she slowly fades from this life.
Thank you all for your support and understanding during this difficult time for my family.
Dionne Cordell-Whitney reports:
Minnesota collects DNA samples from newborn children, then illegally keeps the genetic information and shares it with third parties without informed consent of the parents, parents say in a class action.
Lead plaintiffs Nathan and Katrina Anderson sued the state, the Minnesota Department of Health, and its commissioner, in Hennepin County Court.
They claim that state violated its own Genetic Privacy Act by collecting, storing and disseminating their children’s genetic information without informed consent.
Read more about the lawsuit on Courthouse News.
Bob Palmer reports:
A privacy breach by a “curious” nurse at Titus Regional Medial Center has resulted in letters to 108 former patients warning of a slight risk of identity theft.
Hospital Administrator Ron Davis relayed Tuesday that internal auditing procedures uncovered the misconduct.
“The nurse said she was just ‘curious’ and looked at records she was not authorized to view,” Davis said. “She has sworn that she did not do anything with that information.”
The nurse in question was immediately suspended when the violation was uncovered in November during an audit and has since been terminated. Her case was referred to the Texas Board of Nursing.
Read more on The Daily Tribune.
A care provider has lost a memory stick that held sensitive personal information about 53 people from Northern Ireland.
Praxis Care Limited lost the unencrypted material last August but the details have just emerged.
The company has been found to be in breach of the Data Protection Act and has been ordered by the Information Commissioner to improve its procedures.
All of those whose information was on the memory stick have been informed.
It was lost on the Isle of Man and also contained information about 107 people who live on the island.
Read more on BBC. I’m not sure why they say details have just emerged as this breach was reported in the media months ago and covered on this blog.
From the undertaking signed by Praxis Care:
The Isle of Man Data Protection Supervisor (the ‘Supervisor’) and the UK Information Commissioner (the ‘Commissioner’) were both provided with reports about a single incident in August 2011, in which an unencrypted USB stick used as a backup and transfer device by one of the data controller’s employees was lost on the Isle of Man. The device contained some sensitive personal data about 107 data subjects on the Isle of Man, but also contained similar data about 53 data subjects in N Ireland dating from two or more years previously when the employee had worked there.
Comments (0) 
Themocracy