VA still seeks cloud solutions after canceling contract

Frank Konkel, Federal Computer Week,  Tuesday, July 30, 2013

The Department of Veterans Affairs canceled its five-year, $36 million cloud-based enterprise email contract with HP Enterprise Services earlier this month, but the agency isn't giving up on its plans to harness the cloud.

Fourth big HIPAA breach for OHSU

Erin McCann. Healthcare IT News,  Monday, July 29, 2013

The Oregon Health & Science University has notified 3,044 patients that their protected health information has been compromised after several residents and physicians-in-training inappropriately used Google cloud services to maintain a spreadsheet of patient data.

Vendors Flock to $450 Million DISA Commercial Cloud Buy

Bob Brewin, Nextgov,  Monday, July 29, 2013

The $450 commercial cloud procurement planned by the Defense Information Systems Agency has attracted interest from a wide swath of defense contractors, cloud service vendors, storage vendors, telecommunications firms and top-line computer companies, according to DISA’s list of attendees at a July 12 presolicitation conference.

NASA falls short on its cloud computing security

Dara Kerr, CNET,  Monday, July 29, 2013

In its move to cloud computing, NASA has experienced some difficulties meeting security guidelines. A new report by the agency's Office of the Inspector General says that NASA needs to work on strengthening its information technology security practices.

Protecting privacy hinges on reining in companies

Chris Jay Hoofnagle, San Francisco Chronicle Opinion,  Sunday, July 28, 2013

Details of the National Security Agency and its science-fiction-like technological prowess have occupied the news headlines in recent weeks, leading to new calls for restrictions on government activities. But in order to check these activities meaningfully, we need to focus upon the activities of the private sector as well.

The Stunning Need for Improvement on Mobile and Cloud Risks

Daniel J. Solove by Daniel Solove, TeachPrivacy
Friday, July 26, 2013

A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud (June 2013) (sponsored by WatchDox), reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including finance, retail, technology, communications, education, healthcare, and public sector, among others. The results are quite startling.

Google's Privacy Policy Violates EU Law According To UK, German, And Italian Data Protection Authorities

Bradley Shear by Bradley Shear, Law Office of Bradley S. Shear
Thursday, July 25, 2013

On July 4th, 2013, European data protection authorities continued to take a stand to protect the digital privacy and personal safety of its citizens. Regulators in the United Kingdom, Germany, and Italy each announced that they are in the process of taking legal action against Google because its March 1, 2012 privacy policy change violates European data protection laws. According to The Guardian, multiple European data protection authorities have notified Google that it must revise its privacy policy or it will face sanctions.

CIO council outlines privacy implications of social media use for situational awareness, operations

Molly Bernhart Walker, FierceGovernmentIT,  Thursday, July 25, 2013

Beyond simply broadcasting information or promoting their mission, agencies can use social media for situational awareness and for mission operations, but there are privacy issues agencies must consider, says the Federal Chief Information Officers Council.

Federal data center consolidation still a futile effort

Colby Hochmuth, FedScoop,  Thursday, July 25, 2013

Witnesses called to testify before the House Committee on Oversight and Government Reform on July 25 were grasping at straws in an effort to defend their agencies, after relentless berating by committee members.

NIST updates digital signature standard

Reid Davenport, Federal Computer Week,  Wednesday, July 24, 2013

The National Institute for Standards and Technology has released a revised version of its digital signature standard intended to keep it consistent with other cryptographic guidelines. The standard, established in 1994, lays out three approved techniques – the digital signature algorithm, the RSA digital signature and the elliptic curve digital signature algorithm – to verify and validate digital signatures.