Category Archives: privacy

Last 4 digits of SSN as encryption password for tax returns or financial documents? Completely unsafe.

Does your accountant, financial advisor, or bank encrypt your tax return or other financial document with the “last four digits of your SSN”? Many professionals do so with great intentions of protecting their client’s information. So far in the first few months 2016 we’ve seen every accountant and several bank send we’ve dealt with send information encrypted with the last four of the social security number – or request that you send it to them with it encrypted with the last four of your SSN. However, it is not providing any security if Continue reading Last 4 digits of SSN as encryption password for tax returns or financial documents? Completely unsafe.

Potential Walgreens Privacy and HIPAA issues?

It appears that Walgreens has some potentially serious Privacy and HIPAA issues on their web site.

We have a report about a parent who was creating a Walgreens account for their child so they could print out the receipts. It appears that you can create an account for anyone as long as you know their birthday and name.

The steps are as follows. Continue reading Potential Walgreens Privacy and HIPAA issues?

Intuit Continues with terrible privacy practices

Intuit Continues with terrible privacy .  Three years later, Intuit again has associated other people’s email addresses with my account and my email address

Where is the verification of emails?  We wrote about this three years ago here:

http://rights.com/2012/03/20/intuit-turbotax-ignores-their-privacy-policy-too/

And Intuit is still unable to correctly verify email addresses.

Brian Krebs has written about it recently here.  Intuit has failed for years.

 

 

None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right.

“I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.” “None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn’t give it up. We shouldn’t give in to scare-mongering.”

Tim Cook, Apple CEO, September 2014 and 2015

My feeling is that as far as creativity is concerned, isolation is required. The creative person is, in any case, continually working at it. Isaac Asimov

“My feeling is that as far as creativity is concerned, isolation is required. The creative person is, in any case, continually working at it. His mind is shuffling his information at all times, even when he is not conscious of it. The presence of others can only inhibit this process, since creation is embarrassing. For every new good idea you have, there are a hundred, ten thousand foolish ones, which you naturally do not care to display.

Presumably, the process of creativity, whatever it is, is essentially the same in all its branches and varieties, so that the evolution of a new art form, a new gadget, a new scientific principle, all involve common factors. It is only afterward that a new idea seems reasonable. What is needed is not only people with a good background in a particular field, but also people capable of making a connection between item 1 and item 2 which might not ordinarily seem connected. To begin with, it usually seems unreasonable. It seems the height of unreason to suppose the earth was round instead of flat, or that it moved instead of the sun, or that objects required a force to stop them when in motion, instead of a force to keep them moving, and so on.”

Isaac Asimov, 1959

Clemson required students to submit sexual history or face disciplinary action. HIPAA Violation?

Clemson University required students to submit sexual history or face disciplinary action. One questions the HIPAA compliance for the survey when student names are linked to sexual history. What protections are in place to comply with HIPAA? How long have those protections been in place?

Requests for comments from Clemson about the HIPAA compliance for this program have not been answered.

You can read more about the potential penalties for HIPAA violations here.

Philadelphia PYT displays Eagles running back LeSean McCoy’s ’20cent tip’ online. Violates Visa merchant terms?

A copy of a receipt signed by Philadelphia Eagles running back LeSean McCoy with only a 20 cent tip went up on eBay Saturday morning. The bidding started at, you guessed it, 20 cents.

The real question here is, what kind of establishment decides they don’t like you, your attitude or your tip, they’ll out you online? Why would anyone patronize an establishment that does not respect the privacy and rights of their customers? Displaying your customers bill and credit card receipt online is despicable.

The real question here is an issue of the contracts between Visa/Mastercard/American Express and the establishment that is requiring you to hand over your credit card information?

Visa’s contract with the merchant seems to requiree that the receipt be deposited [1, page 12]

For example the Visa guidelines state:

Create two transaction receipts, one for the deposit and one for the balance . Write, print out, or stamp “Deposit” or “Balance,” as appropriate, on the receipt .

 

  • Keep all material containing account numbers—whether on paper or electronically—in a secure area accessible to only selected personnel . Merchants with paper receipts should be extremely careful during the storage or transfer of this sensitive information . Merchants should at all times:
    • –  Promptly provide the drafts to their acquirer .
    • –  Destroy all copies of the drafts that are not delivered to the acquirer .  [p 14]

 

It would appear that YPT Philadelphia is violating the terms of the Visa agreement.  Mastercard and American Express have similar terms.

 

In the end the Obama administration is not afraid of whistle blowers like me… Snowden

“In the end the Obama administration is not afraid of whistle blowers like me…We are stateless, imprisoned, and powerless…No, the Obama administration is afraid of you…an informed, angry public demanding the constitutional government it was promised – and it should be.”  ~ Edward Snowden

Malheur County Sheriffs – Brian Belnap and Brian Beck – illegal stop

Oregon’s Malheur County Sheriffs – Brian Belnap and Brian Beck – illegal stop and then they discuss it forgetting that they are still recording themselves. If anyone had any doubt, the large number of corrupt and dishonest police officers is frightening. Malheur County Sheriffs office actually raises money at the rodeo. In the video, SHARK president Steve Hindi had been ejected from the rodeo for no reason other than he had a camera. And then you see what happens here.