Social Security Administration, 14,000 per year

[Adam Shostack <adam () homeport org>]

http://seattletimes.nwsource.com/html/nationworld/2016498264_socialsecurity14.html

By THOMAS HARGROVE
Scripps Howard News Service

The Social Security Administration has failed to inform tens of
thousands of Americans it accidentally released their names, dates of
birth and Social Security numbers in an electronic database widely
used by U.S. business groups.

The federal agency has kept silent about a potentially harmful
security breach of the personal data of about 14,000 people each year,
ignoring recommended reporting guidelines for such confidentiality
breaches and violating the intent, at least, of the U.S. Privacy Act,
which protects personal information of private citizens.

// Editorial: I love how the intent of the Privacy act has been
updated.

And the article comments on Federal exemption from state law, and
should perhaps inform our judgements on proposed federal law.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/