Welcome to a new feature of Privacy & Security Matters -- Privacy Monday.
We will start your week with a fresh collection of privacy tidbits, goofs and gaffes.
Tip: Make Sure Your Employee Files are Distinguishable from Customer Merchandise
A Cambridge, Massachusetts Banana Republic customer got a lot more than she ordered. When she opened the package containing her online order last week, she did not receive the expected tie and pocket square but rather an envelope containing personnel files for about 20 former Gap Inc. employees, replete with Social Security numbers and W-4s, handwritten resignation letters, doctors' notes --- everything. According to an Associated Press story, this is not the first time this has happened at the Gap (according to the story, both customer shipments and HR files are sent in the same, gray plastic envelopes) -- except that this time, the recipient was Emily Dreyfuss, an editor at CNET, the technology publication (she is also the daughter of actor Richard Dreyfuss).
Don't expect this to end quietly. Read Ms. Dreyfuss' first hand account (including the customer service response....) at The Atlantic Wire
Data Security and Breach Notification Act of 2013 Introduced in U.S. Senate
In yet another effort to reach a national data breach standard and eliminate the crazy quilt of state data breach notification laws, three U.S. Senators have introduced the Data Security and Breach Notification Act of 2013. Senators Pat Toomey (R-PA), Angus King (I-ME) and John Thune (R-SD) have reintroduced the bill in reportedly the same form as it was introduced in 2012 .... and in 2011....and in 2010. The 2013 bill is not yet available online, but last year's text can be found here. The 2012 version died at the end of the last session of Congress without making it out of the Senate, Commerce, Science and Transportation Committee. Stay tuned for further analysis once the actual text is released.
More Data Security Problems for Facebook
Facebook is once again admitting a data security glitch - - a year-long breach affecting nearly 6 million users. It is likely that most Facebook users missed the "disclosure," tagged as a "Message from Facebook's White Hat Program." See more in the Reuters story here.