Much like the X files, “Your Information Is Out There”. Identity theft relies on the fact that your information is out there, and that most people don’t bother to check on their identity information regularly. There are lots of avenues for an identity thief to grab your private information.

The most common variety, and the lowest tech, and thus, the hardest one to crack, is physical theft. Someone can lift your purse or wallet, or go through your garbage can for old credit card offers, or even intercept your mortgage booklet, and get enough information to establish credit cards in your name.

An employee should never assume that they’re emails that are sent and received, are kept in complete privacy from their employers. Under the Electronic Communications Privacy Act (ECPA) it provides for implied authorization to review employee emails, and that a company should state their policy of monitoring e-mails in the company handbook. However, pursuant to Title III of the ECPA, it unlawful for anyone to intentionally intercept any email communication while it is en route. ECPA 18 USC 2701.

As you may have heard, the FTC recently reached a significant settlement with an adware firm by the name of Zango. So, what are the lessons learned from the settlement?

The FTC and Zango Settlement Regarding Adware

According to FTC filings, Zango was a rather prolific adware firm. From 2002 to 2005, Zango distributed its adware product to the huge number of Internet users without their knowledge according to the FTC. The product was placed on the computers of individuals when they went to download free games, screensavers and such. On top of this, the FTC alleged that Zango and its affiliates placed the programs on computers in such a way that it was difficult to both find and remove them.

Granny comes to visit from out of town. While enjoying some delicious iced tea on your porch, she has chest pains and asks you to call 911. The ambulance driver / EMT asks you whether Granny is on any heart medication. You search her purse, and find only a business card for her local pharmacy. So you call – “Hello, I am Mrs. Jones’ granddaughter, it’s an emergency, and I need to know whether Granny is on any heart medicatiion.”

Response: “We can’t disclose that to you Ma’am. We are sorry.”

Over the course of humanity, every discovery has yielded more questions as we continue to explore new territory. As we continue to explore the frontier known as cyberspace, and discover new ways to use the medium, we are opened up to more ethical dilemmas and questions. Intellectual property has always been a thorny issue. The internet however raises new problems for businesses and individuals seeking to protect their intellectual property. With the easy access to information, protecting your IP is a virtual minefield.

Many sites put up privacy policies without giving them much thought. Once up, they are often forgotten about even if the policy is later changed. This can lead to disaster as one recent case showed.

You probably are not surprised to learn that lying in your privacy policy can get you into trouble. You will definitely be surprised to learn, however, that your competitors could be the parties suing you. Even worse, they could sue you for millions and win! How could this be? It all boils down to competition. In this case, claims of unfair competition.

Most sites on the web are at least faintly familiar with the implementation of legal regulations related to their sites. Most, however, have never heard of the California Catch-22.

Most sites tend to view complying with legal regulations as a somewhat amorphous subject. You know you are supposed to do something, but are not particularly sure why or what to do. This leads to the rather humorous situation where many sites have terms and conditions that are completely inapplicable the what they are doing and also look startlingly similar to terms and conditions found on other sites. One might even imagine a bit of “cut and paste” was going on, but who am I to say!

HIPAA in a “nutshell”

There are two HIPAA rules requirements; privacy (2003) and security (2005). Both rules require:

-Identifying possible threats,
-Assessing specific vulnerabilities,
-Determining appropriate and reasonable safeguards and
-Implementing the necessary defense mechanisms and policies.

Using an EMR (electronic medical record) has no absolute right and wrongs in either computer equipment or software for HIPAA compliance. Usually there are four areas to examine:

-Physical Security – can your computers with patient data be stolen?
-User Security - can anybody log on to the patient database?
-System Security – what happens on a hard drive crash?
-Network Security – can unauthorized persons outside your facility access patient data?