Comments on: Pfizer: 17,000 Employees Suffer Privacy Breach

By: On Pharma

On Pharma — Thu, 03 Jan 2008 20:47:14 +0000

[...] Pharmalot reported that the personal data of 17,000 Pfizer employees (including social security numbers) was exposed, [...]

By: Lamparita

Lamparita — Mon, 01 Oct 2007 23:13:55 +0000

Did anyone receive a second letter dated September 19 with updated information?

By: Trustedtoolkit

Trustedtoolkit — Tue, 17 Jul 2007 20:57:12 +0000

Jim Kerr said:
“If they had our vault on the laptop this would not have occured. We have a product that safeguards sensitive information on any portable device. A fingerprint is required to access the data so even if the laptop was stolen the chances of getting at the data would be 7 to the tenth power.”

Tell me how your “Vault” encryption solution would protect against the unauthorized transfer of data via a P2P application?

By: Jim Kerr

Jim Kerr — Fri, 13 Jul 2007 20:09:17 +0000

If they had our vault on the laptop this would not have occured. We have a product that safeguards sensitive information on any portable device. A fingerprint is required to access the data so even if the laptop was stolen the chances of getting at the data would be 7 to the tenth power.

By: Jack E. Dunning

Jack E. Dunning — Wed, 20 Jun 2007 19:18:39 +0000

I would like to know what consumer personal medical data Pfizer has and from what sources they collected it. Especially after the recent breach, and the fact a laptop computer with employee sensitive data “…was provided to a Pfizer colleague for use in her home.” This is nuts! Not too long ago I was involved in a lawsuit by Privacy Rights Clearinghouse against Albertson’s/OSCO for selling my prescription information to drug companies. If the pharmaceutical industry is manipulating our private information for profit, the individual should at least have control, and be compensated when it is sold. You can read more in my blog, “The Dunning Letter” at: http://thedunningletter.blogspot.com/search?q=hipaa

Jack E. Dunning
Cave Creek, AZ

By: Jordan

Jordan — Tue, 19 Jun 2007 14:54:04 +0000

What can we do as individuals or corporations to keep personal information safe? We need to come up with some kind of solution or we may all become a victim some day. In our recent post we ask if anybody is truely safe from a data breach.

http://www.ecorablog.com/the_compliance_and_securi/2007/06/is_it_inevitabl.html

By: Craig Herberg

Craig Herberg — Mon, 18 Jun 2007 00:23:33 +0000

This problem is probably much more widespread than most people think. Employees have far too much confidential data on laptop computers. Regardless how tightly controlled internal systems are maintained by proactive IT units, compromised remote computers accessing any internal systems — such as email — can compromise the entire enterprise, including its employees and clients. Unfortunately, keyloggers and remote access trojans are commonplace on computers in the field. Organizations that allow employees to possess or access confidential or proprietary data need to have policies and practices to reduce the risk of breach. These P & Ps must include remote computers, including those not owned by the company.

By: me

me — Fri, 15 Jun 2007 14:43:11 +0000

Once the laptop is logged into, with or w/out encryption s/w, the data is available. Encryption is primarily for unauthorized access such as when the laptop/workstation is lost or stolen to prevent access.

The other comment is correct - why are employees allowed Administrative Access to install whatever they want? Pfizer should fire the IT Executive who allowed this.

By: jcr

jcr — Wed, 13 Jun 2007 13:17:36 +0000

So, why would a company allow employees to log into laptops/desktops with sufficient authority/credentials to install software (which could/would include mailware as well, BTW)? Why would a company not have hard drive encryption deployed on all laptops as a standard? Sounds like change management practices are lacking, not just data security!

By: Former_PNU_Geek

Former_PNU_Geek — Wed, 13 Jun 2007 13:08:14 +0000

Although I’m sure some improvements have been made, expect it to happen again. — I’ve spent years working for IT in and around its largest manufacturing base (in the US) and I’ve seen many areas where it’s needed to improve on data security.

I wonder Dorothy Jeter (mother to Derek Jeter) had her info in that mix.. - That alone would probably do well to rack up the sale rate on this batch of stolen data.