Posted in Privacy Training

From the Wire

Tuning the Privacy/Customer Service Dial

By Jedidiah Bracy, CIPP/US, CIPP/E

Twitter handles can be valuable commodities, and no story better demonstrates that than one described by web developer Naoki Hiroshima. Originally published on his personal blog and then republished with permission by TheNextWeb, “How I lost my $50,000 Twitter username” describes the ordeal he went through when a hacker decided he wanted Hiroshima’s Twitter handle @N—registered to Hiroshima since 2007.

In a nutshell, a hacker decided he wanted @N and was going to do just about anything to get it—without paying any money, of course. To do so, according to the hacker himself (someone call “Ripley’s Believe It or Not”), he socially engineered his way into Hiroshima’s GoDaddy account, which controlled several of his website domains, in order to wrest control of @N from Hiroshima. Give up the Twitter handle and the hacker would take his hands off the throat of Hiroshima’s websites.

Extortion at its finest.

More from Jedidiah Bracy

From the Toolbelt

What Should You Do If You Receive an Investigatory Letter From the OCR?


Opening mail still carries the potential of discovering a treasure. Unfortunately for many organizations, the envelope may contain unpleasant information, namely an investigatory letter from the Office for Civil Rights (OCR), the entity that enforces the Health Insurance Portability and Accountability Act (HIPAA).

More from K Royal



In early January, 2013, over half a million young Canada professionals awoke to discover—via online newspaper or blog most likely—that the personal information they handed over to the government as part of their university student loan application had been compromised.  Human Resources and Skills Development Canada (HRSDC) admitted that anyone who was a client of the Canada Student Loans programs from 2000 to 2006 was at risk. More recently, in April 2013, the Investment Industry Regulatory Organization (IIROC) admitted that the personal information of 52,000 clients from dozens of investment firms had equally been compromised. In both cases massive reputational damage and high-profile lawsuits has ensued.

How did this happen, you might wonder? 

More from Daniel Horovitz


Putting Privacy In Your Organization’s DNA

By Allen Brandt, CIPP/US, CIPP/E, CIPM

“Ethics cannot be taught in a business school. It has to be a part of the DNA.”

The above quote came from David Wilson, president and CEO of the Graduate Management Admission Council (GMAC), the organization that owns and administers the GMAT exam that is used globally for entry into graduate business schools. (Disclosure: I’m the CPO of this organization).

Now, let’s take the statement above and exchange the word ‘ethics’ for ‘privacy’, so it now reads ‘Privacy cannot be taught in a business. It has to be part of your organization’s DNA (OK, I tweaked it a bit to make my point). How much time, effort and resources do we all spend on staff training, and yet, we still see many of the same mistakes get repeated.

More from Allen Brandt