I think the most amazing thing about the recent bigfoot hoax is not that people fell for it, or even that two researchers paid “an undisclosed sum”.

The most amazing thing to me is that the men who cooked up the scam were in law enforcement.

The BBC declares ‘Bigfoot’ is monkey suit:

Matt Whitton, a police officer, and Rick Dyer, a former prison officer, told a news conference in California last week that they had made the find while hiking.

This does not reflect favorably upon the reputation of American law enforcement officers.

The Associated Press reports that the state of California has levied fines for unhealthy practices:

Eighteen hospitals in California were fined for state health code violations in which patients received shoddy care that in some cases led to deaths.

Violations included an improperly inserted catheter, a ventilator that wasn’t turned on and surgical tools left inside patients after operations.

The fines made public Monday stem from investigations by the California Department of Public Health.

The hospitals were fined $25,000 for each violation — the latest of dozens of penalties the state has issued in recent years to more than 40 hospitals.

The state keeps a list of penalties by county.

In related news, California also recently negotiated huge fines from health plan providers:

Anthem Blue Cross and Blue Shield — two of the state’s biggest health plans — agreed Thursday to pay a total of $13 million in fines and to offer new health coverage to more than 2,200 Californians the companies dropped after they became ill.

Speaking of the state of California health care, I have been trying to figure out why the governor was in favor of stronger state-led privacy restrictions for hospitals, yet he vetoed a bill that shadowed PCI. I took him at his word at first, that PCI was doing a fine job of self-regulation and private industry would not benefit from more laws regulating payment card data. If nothing else, PCI is good at creating charts and graphs showing that it is doing something about the problem and should be left alone. Who does that for health care providers?

I then noticed an article in the LA Times that suggests Schwarzenegger has been a victim of the medical records exposure at UCLA:

The governor says unauthorized people have looked at his hospital files, just as someone at UCLA examined the records of his wife, Maria Shriver. He calls for stronger privacy protections.

[…]

Schwarzenegger reiterated that his administration will push hospitals to implement new safeguards to stop such snooping.

That certainly suggests that he feels the pain of identity loss more personally from health care (especially privacy), rather than from any financial loss. On the other hand, the governor has recently moved to ban transfats state-wide.

The California legislature pushed the bill through last week, and Schwarzenegger signed it into law Friday, July 25.

The ban will require food providers to begin phasing out trans fat oils by July 1, 2009. Thereafter, noncompliance with the ban will result in fines of up to $1,000.

Perhaps he is just more concerned with health-related public policy issues than financial services, or he recognizes that while financial services are suffering the current state of state health-care is even worse.

The NYT reported this morning on an interesting breach situation:

The Princeton Review, the test-preparatory firm, accidentally published the personal data and standardized test scores of tens of thousands of Florida students on its Web site, where they were available for seven weeks.
[…]
Another test-preparatory company said it stumbled on the files while doing competitive research. This company provided The New York Times with the Web address of the internal files on the condition that it not be named. The Times informed the Princeton Review of the problem on Monday, and the company promptly shut off access to that portion of its site.

Strangely there is no mention of logs or security monitoring at all in this article.

In terms of compliance, the exposed information included names, birth dates, ethnicities and learning disabilities, along with test performance. This is not generally considered personally identifiable information (multiple people may share the same value). And FERPA does not apply because the Princeton Review is not considered a school that receives funds from the DoE.

Nonetheless, it made the NYT because a competitor disclosed it and I suspect there will be increased scrutiny of how regulations can protect children from identity breaches.