Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Laptop Containing PII of 1 Million+ People Sold On eBay for $141 | Main | 5 Easy Things To Do for Global Security Week, September 8 - 12 »

The Power of Logs: IRS Examiner Sentenced & Fined For Accessing PII Without Authorization

Now, here's a great example of an organization actually following through on their procedures to review access logs, and then to apply sanctions and take necessary other actions in response to non-compliance with not only organizational policies, but also with applicable laws...

On August 20, John Snyder, a tax examiner in the Covington, Kentucky IRS office, was sentenced to three years probation, 60 hours of community service, and a $1,000 fine after he illegally obtained information on at least 202 taxpayers...most of whom are celebrities or sports figures...without authorization.

According the various news reports, all but five of the taxpayers were celebrities, their spouses, sports figures, or well-known Cincinnati-area individuals. The celebrities included Kevin Bacon, Alec Baldwin, Chevy Chase, John Cleese, Vanna White, Ethan and Joel Cohen, and former Cincinnati Reds and Chicago Cubs baseball players. Snyder also accessed at least one of his neighbor's tax information.

Snyder's manager indicated Snyder had no business reason to access the tax files for these individuals.

The complaint filed against Snyder indicated the Treasury Inspector General for Tax Administration routinely reviews the audit trails to look for unusual or suspicious accesses by IRS employees.

It is rare to see such reports as this, but with the increasing concerns over privacy and identity theft, along with increasing incidents occurring as a result of insider lack of knowledge or malicious/deliberate intent such as this, you will start seeing more.

Do you review the access activities to your confidential files and information?

Tags:                          
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on September 1, 2008 2:51 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/799

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.