The December 2022 issue of IEEE Spectrum is here!

Close bar

The Boston Globe had a sobering story over the weekend where it estimated that 1 in 6 Massachusetts residents were affected by some type of data breach over the past two years.

According to the Globe, its review of state recorded data breaches showed that at least 1 million state residents had their data compromised through credit card theft, unauthorized medical information disclosures, or other types of confidential data breaches. The Globe story also provides a list of some of the more prominent data breaches reported to the state from June to November 2009 - there were 13 of them affecting over 88,000 residents.

In 2007, Massachusetts passed a law requiring institutions such as banks, stores, universities, etc., must inform consumers and state regulators about security breaches that might result in identity theft. Since then, some 807 data breaches have been reported to state officials by the end of November 2009 the Globe says.

The Globe said that 60% of the disclosed data breaches were caused by criminal acts, while 40% were due to negligence.

However, the Massachusetts disclosure law has some loopholes that were exposed by the Hannaford episode in 2008 which may result in an under reporting of unauthorized data disclosures.

In addition, according to this paper by Sasha Romanosky et al. at the Heinz School of Public Policy and Management at Carnegie Mellon University, disclosure laws such as the one in Massachusetts don't do much in the way of reducing identify theft.

Given the number of data breaches, it is almost a certainty that someone in Massachusetts has had their personal data disclosed more than once. If anyone has had this happen to them, I would be very interested in hearing about it.

The Globe also writes that, "On March 1, new state regulations will require organizations to take stronger measures to ensure data security. Institutions that hold such personal data will have to write an official security program and train employees to follow it. In addition, organizations will have to encrypt all personal data stored on laptops, flash drives, or other portable devices, or that is transmitted over the public Internet or wireless networks."

It will be interesting to see how long after the 1st of March it will be before a data breach is disclosed to state officials that violates these new rules. I would be surprised if it takes more than 3 months.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less