FTC warns nearly 100 firms of P2P data leaks

Other companies investigated for possible violations of data privacy laws over similar leaks

1 2 Page 2
Page 2 of 2

Before that, Tiversa had announced that it had unearthed details about the president's Marine One helicopter on a server based in Iran.

Others have highlighted similar data leaks. Johnson alone has found numerous health care documents on P2P networks. One was a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes and other health care data belonging to about 9,000 patients of a medical testing laboratory.

In 2007, personal data belonging to about 17,000 Pfizer employees was inadvertently leaked by an employee who installed unauthorized file-sharing software on a company laptop.

In most cases, the leaks have resulted from improperly configured P2P software exposing the entire contents of the computer on which it was installed. Such leaks have prompted considerable concern from lawmakers and have resulted in at least two bills being introduced in Congress over the past year.

"The FTC has been following this for a long time," Johnson said. "They have been under a reasonable amount of pressure to do something to go after companies" that have exposed sensitive data on file-sharing networks.

The part that remains unclear is what happens next, he said. "It's a little murky. If you look at what they are saying, they are sending these notification letters to firms, but it doesn't seem like they are taking any direct action."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon