RadioShack’s bankruptcy could have had terrible and lasting impacts on consumers.  RadioShack had been proposing to include consumers’  personally identifiable information as part of its trademark and intellectual property.  However, as reported by Truman Lewis, a coalition of State Attorneys General from 38 States fought the inclusion of the consumer data as part of the bankruptcy sale (www.consumeraffairs.com/news_index/privacy.html; “Bankruptcy court agrees to protect RadioShack customer data”; May 21st).

As Mr. Lewis reported,  the State Attorneys General reached a settlement under which the vast majority of the consumer data will be destroyed.  Equally important, he wrote that “…no credit or debit card account numbers, social security numbers, dates of birth or even phone numbers will be transferred.”  The Bankruptcy Court approved there settlement terms — all of which is an important result for RadioShack customers.  RadioShack had in its files, as Mr. Lewis noted, 8.5 million customer email addresses.  The new owners of all of RadioShack’s assets will only be able to keep a limited percentage of those email addresses. Whose email addresses will be included in the sale?  Mr. Lewis reports that those will only be for customers who had asked for product information within the last 2 years — and General Wireless, the new owner, will be contacting those customers and provided the chance to opt out of future General Wireless communications.

General Wireless also has agreed not to sell or share of the RadioShack customer information it is obtaining with any other entity.

This settlement is an important victory for consumers thanks to the strong actions by these 38 State Attorneys General.

I’ve written previously about the growing use of electronic health records (EHRs).  Some of this growth is driven by Administration mandates while some can be attributed to the enhanced patient care perceived by medical and health professionals.

Using EHRs does allow patients and their medical professionals faster access to personal patient health information.  However, this type of patient information is among the most sensitive that exists.  So making sure that the EHRs are protected optimally is, and should be, a key consideration for their creation and usage.

As Marianne Kolbasuk McGee recently reported, these issues are receiving increased congressional attention (www.healthcareinfosecurity.com; “Senate Scrutinizes EHR Interoperability”; May 5th).  The Senate Committee on Health, Education, Labor and Pensions has created a working group that will be examining multiple EHRs related issues.  These topics include improving the ways in which EHRs operate; looking at ways in which to improve more secure health information exchange between and among vendors, healthcare providers and the EHR systems; and making EHRs easier to use by health and medical professionals.

The working group has set an ambitious target goal of making legislative and administrative recommendations by the end of 2015.

Any improvements to the security, privacy and operation of EHRs would be important advancements.

I’ve previously alerted consumers to check the ATM machines at their financial institutions to see if criminals have inserted “skimmers” into them.  In fact, I’ve gone into my financial institutions and asked the managers if they had heard about these types of “skimmers” and whether they periodically check for them.  These “skimmers” will read and steal the credit and debit card information on cards inserted into ATM “skimmers.”

Now Brian Krebs has written about another version of this scam — “skimmers” that are attached to gas pumps.  These “skimming” devices are stealing customers’ debit card information (www.krebsonsecurity; “Foiling Pump Skimmers With GPS”; May 4th).

Mr. Krebs advises that consumers don’t need to be as worried about the gas pump “skimmers” as they should be about those inserted into ATM machines.  However, he does say that consumers who use debit cards to pay for their gas could have their card information compromised; using a credit card is a better practice when paying for gas.

Also, he has an excellent resource for consumers who want to learn more about skimmers and protecting their personal financial information.  It’s titled “All About Skimmers” and can be found on his website.

As I noted in last week’s blog (“Timely Travel Tips”), the vacation season brings out scammers with increasingly sophisticated scams.  Hugo Martin wrote about another type of scam that is snaring unsuspecting victims.  This one has to do with bogus hotel websites — and it’s a scam that takes advantage, as Mr. Martin notes, of the small smartphone screens (“Hotel booking scams cost Americans up to $220 million per year”; http://www.latimes.com/business/la-fi-hotel-booking-scam-costing-americans-up-to-220-million-per-year-20150430-story.html; May 3rd).

How does this scam work?  Like many website scams, this one starts with a hotel website that looks very legitimate.  Mr. Martin spoke with Ms. Maryam Cope, Vice President for Government Affairs for the the American Hotel and Lodging Association; she provided Mr. Martin with much of the background information.  Additionally, she told Mr. Martin that many of the sites use the same logos, symbols and emblems as a legitimate hotel.  The unsuspecting vacation planner goes onto one of these sites, enters his personal and financial information and then thinks he’s booked a room.

Has the individual booked a room?  No, and it’s a reality that might only be evident when he shows up at the hotel.  Moreover, As Mr. Martin writes, some of these scam websites will sometimes take a commission or a deposit.

How can someone tell if one of these websites is a scam or legitimate?  A key tipoff Mr. Martin notes is the following: the bogus hotel website doesn’t give individuals the option of making special requests, such as for a cot for the room or a room to accommodate someone with physical limitation.

Ms. Cope says the American Hotel and Lodging Association has asked Congress and the Attorney General to look into this problem.  The Association estimates that there could be as many as 2 1/2 million travelers scammed each year.

It is very easy to miss something when reading a website on a smartphone.  People planning vacations should carefully review a hotel website  before booking a reservation.  Taking the time to do so can help avoid having a vacation ruined before it’s even started.

Most individuals recognize the need for taking steps to enhance the security and privacy of certain types of online transactions.  Maybe it’s when they shop online or conduct financial transactions (e.g., banking, paying credit cards).

But what about emails?  Are individuals even thinking about the same security and privacy issues when sending or responding to emails? We’ve gotten so accustomed to the ease of emails that these same issues might not even be considered.

That’s the point of a very helpful April 17th article by Ross McKerchar.  His article talks about the fact that individuals might assume that their emails are protected or can’t be read by others or are not susceptible to being spoofed (nakedsecurity.sophos.com; “Practical IT: What you need to know about email encryption”).  As he writes, those are incorrect assumptions.  Mr. McKerchar writes about three options for encrypting emails.  As he notes, however, these options are not equally easy to use and individuals might need assistance in using any one of them.

His article is worth reading to learn about the three available options; understand their respective advantages; and then decide if one of them might be worth implementing.

Another excellent resource is a Federal Trade Commission (FTC) video.  It’s called “Hacked Email: What to do” and can be found on the FTC’s website.

Vacation season has started and that often means rushing to get everything done before heading out.  It also means remembering that the vacation season gives criminals even more opportunities to steal personal information. I’ve written several blogs over the years about the ways in which this can happen and the precautions individuals should take before and during vacations.

Rather than re-posting my prior blogs, I’m recommending an excellent article by John Zorabedian that pulls together several of the key steps that travelers should take.  For example, he reminds travelers to use caution when using public Wi-Fi spots and to turn off geo-tagging and geolocation on phones and other devices.  His April 20th article is titled “5 online privacy and security tips for travelers” and can be found at: http://www.nakedsecurity.sophos.com.

The tips in Mr. Zorabedian’s article are important, should be followed and are easy to do.  Don’t let criminals ruin your vacation by helping them know where you are, what you’re doing and gaining access to other personal and sensitive information.

Graham Cluley reports on a multi-national, multi-agency takedown of the Simda botnet that is thought to have infected around 770,000 PCs around the world (www.grahamcluley.com; “A quick way to tell if your PC was infected by the Simda botnet”; April 14th).

Mr. Cluley’s article reports that Kaspersky has created an online test allowing individuals to see if their PC had been infected; the test checks the individual’s IP address against the database of infected IP addresses that the security experts had found.  How did these PCs get infected?  Mr. Cluley cites a Kaspersky blog that reports the Simda botnet initially got into the PCs through vulnerabilities that individuals hadn’t patched.  It could also have been inserted via fraud malware that got installed.

Just another reminder, Mr. Cluley urges, that individuals need to update operating systems and third-party software (e.g., Flash, Adobe Reader) with the most current security fixes.  He notes that doing so “…is an essential part of protecting your computer from attack and should be done alongside running up-to-date anti-virus software.”

More often these days, patients find their doctors entering information into laptops during their exams.  Why is this happening?   Electronic health records (EHR) are being mandated.  There are many who believe EHRs will lead to faster and more efficient medical care.  Doctors will be able to more quickly exchange medical information about patients, resulting in better diagnoses.  Patients, it is argued, can access their records via portals thus giving them more information on a “real time” basis.

While many patients may value the positive aspects of exchanging EHRs between and among doctors, they still have privacy and security concerns.  As Marianne Kolbasuk McGee recently wrote, patients do worry about with whom their medical data is being shared and whether their data will still be kept private once the EHRs are shared (www.govinfosecurity.com; “Records Exchange Raises Privacy Worries”; April 4th).

Ms. McGee’s article reported on the findings of a new survey done in California of 800 consumers with the results published in the April edition of the Journal of the American Medical Informatics Association. That survey “…found that more than half of California consumers believe that EHRs worsen information privacy and nearly 43 percent believe they worsen security.”

What can be done? Ms. McGee includes ideas from medical and health experts.  For example, Devore Culver, Executive Director and CEO of HealthInfoNet, Maine’s statewide health information exchange (HIE) said that HIEs and healthcare providers should tell patients very clearly and openly about such key issues as who will get their data and how it will be used.

EHRs aren’t going away.  They contain highly sensitive information so patients should be told exactly how this information will be shared; with whom; and how it will be protected once exchanged between and among providers.

While privacy laws and lawsuits vary around the world, there’s a lawsuit in the United Kingdom that is both very interesting and potentially instructive for consumers in the United States.  As reported by Lisa Vaas, a Court of Appeals in the United Kingdom rejected Google’s appeal of a lower court decision allowing United Kingdom consumers to sue Google (www.nakedsophos.com; “Safari users win right to sue Google over secret cookies”; March 30th).

Per Ms. Vaas, the lawsuit’s being brought by a group of consumers called “Safari Users Against Google’s Secret Tracking.”  The group alleges that Google is tracking Safari users in the United Kingdom by bypassing the consumers’ privacy settings and, by doing so, is tracking them online and sending targeted advertisements to them.  The suit alleges that Google was able to get around Safari’s default privacy setting.  When it did, Ms. Vaas reports that the lawsuit alleges that Google found and collected information about the consumers’ online activities including such personal data as their “…social class, race, and ethnicity, all without users’ knowledge.”

In her article, Ms. Vaas wrote about prior fines Google has paid to the Federal Trade Commission (FTC) in response to FTC’s allegations about this very issue in the United States.  While Google has paid fines, facing a consumers’ lawsuit could result in potentially more lawsuits with even larger potential fines.

The potential outcome from this lawsuit will make it an important one to follow.

People hope, and want to believe, that searching for health and medical information online is private and protected.  That likely is a false and dangerous hope.

Pam Baker wrote an article highlighting recent research into this very issue (www.nuviun.com; “The gaping privacy hole in healthcare data is not where you think”; March 16th).  Her article discusses the companies and entities that are tracking and analyzing online and mobile applications used by individuals for researching medical and health issues.  She reports that this information is often mined by 3rd parties.

What is especially important is the research by Mr. Timothy Libert about which Ms. Baker wrote.  Mr. Libert is a doctoral student at the University of Pennsylvania.  He analyzed over 80,000 webpages on healthcare websites and found that “nine out of ten visits result in personal health information being leaked to third parties, including online advertisers and data brokers.”  Mr. Libert’s research results were shared with Brian Merchant on Mr. Merchant’s Motherboard blog.

But it’s not just data miners who use this healthcare information.  As reported, it’s also such reputable groups as governments, non-profits and universities.

Mr. Libert’s wrote about his research results in an article titled “Privacy Implications of Health Information Seeking on the Web”.  It can be found in the March 15th issue of “Communication of the ACM.”   There was a February 15th press release about Mr. Libert’s research and article.  That press release is titled “Your Privacy Online: Health Information at Serious Risk of Abuse” and can be found at http://www.asc.upenn.edu.

Mr. Libert’s research underscores the dangers for individuals by leaked health information. There can be embarrassment, job and/or credit discrimination and identity theft.

His findings remind all of us to be especially careful about our online research into such a sensitive area as health.

Follow

Get every new post delivered to your Inbox.

Join 74 other followers