Anthem's stolen customer data not encrypted; But under federal law, health insurance companies don't have to encrypt user data. http://www.cnet.com/news/anthems-hacked-customer-data-was-not-encrypted/
In early part of century, I was co-author of financial industry privacy standard ... and we had some meetings with gov. employees that had drafted the original HIPAA legislation back in the 70s. They mentioned that special interests had kept it from being passed for decades ... and even once it was passed, there were no provisions for actually doing anything/security about it. we were also tangentially involved in the cal. state data breach legislation ... having been brought in to help wordsmith the cal. state electronic signature act. A lot of the participants were heavily involved in privacy issues and had done detailed, in-depth public surveys. The #1 issue was identity theft, primarily of the form of fraudulent financial transactions as the result of breaches and there was little or nothing being done about the breaches. An issue is typically an entity/institution takes security measures in self protection, In the case of the breaches, the institution wasn't at risk ... it was their customers. It was hoped that the publicity from the breach notifications would prompt breach countermeasures. -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
