How to Avoid Common Privacy Notices Mistakes

March 23rd, 2016

Most organizations have posted privacy notices on their websites. Great, right? Well consider that a 2012 study showed that the average reader would need 25 days simply to read the privacy policies for all websites accessed in a year. Website privacy notices are often very poorly written. And that’s not the only problem, as I’ve discovered over the past couple of decades reviewing privacy notices. In the past year in the privacy impact assessments (PIAs) I’ve done, I’ve found two consistent problems with them all. Read the rest of this entry »

Are Smart Homes Security Dumb?

March 8th, 2016

There are fascinating and potentially very helpful smart gadgets being introduced every day into the consumer market. Particularly to create “smart homes” that will make refrigerators, lights, doors, and anything else that can be connected online (so basically anything) Wi-Fi enabled so that you can control, check on, record, and lock them, just to name just a few of the possibilities, from anywhere with a handy dandy app or mobile device. Read the rest of this entry »

The Internet of Medical Things: Health Data Privacy

March 3rd, 2016

Note: This was written in early January for part of International Data Privacy Day and Iowa Data Privacy Day activities. It is just now being published due to some unforeseen delays.

Do you have any type of wearable health device, like a fitness tracker? Or maybe an implanted or attached medical device, like an insulin pump or pacemaker? If they connect with apps or other computers through wireless connections, they are most likely collecting and sending huge amounts of data. Have you considered all that data, and how it is secured and who is getting it? Read the rest of this entry »

Data Predictions: Looking Ahead to 2016

January 13th, 2016

In November, some of my friends contacted me, saying they thought I did a pretty good job with my 2015 predictions, and wanted to know what I am predicting for 2016. So here are some good possibilities for the year to come, along with a rewind to see how close I hit the 2015 predictions. Read the rest of this entry »

Tech Support Call Scams Becoming More Aggressive

January 13th, 2016

Have you ever gotten an unsolicited call from someone claiming to be a tech support pro who wants to help you with an urgent problem with your computer? Chances are you have. It is estimated that just one type of these many scams have cost U.S. victims $1.5 billion so far in 2015. It is not known how many of these scams are currently active, but with new ones popping up almost every day, I would estimate there are at least hundreds, if not over one thousand, different groups of these crooks launching their own tech support phone scam. Read the rest of this entry »

People care about the security of their patient data

December 12th, 2015

How well do you think your patient data, wherever it is located, is being secured? How well do you think your healthcare providers (doctors, nurses, hospitals, clinics, etc.) and health insurance companies are securing your patient information?

The fact is, with the increasing occurrences of patient data breaches, and more use of patient data for purposes beyond the provision of healthcare, most people are worried about patient data security. Read the rest of this entry »

Women in STEM: Take the lead to secure a path for the future

November 20th, 2015

How do we get more women involved in STEM careers, information security and tech?

I took on this topic when I attended the ISACA EuroCACS conference in Copenhagen, Denmark earlier this month and gave two sessions. One was, “Women in IT, Information Security & Privacy.” When researching for this session I found some interesting history, along with some of the current state of inclusion of women within various IT, information security and privacy events. Let’s dive in: Read the rest of this entry »

No Those Messages Will Not Completely Self-Delete

October 30th, 2015

A childhood friend of mine, who does not have a technology or information security background, recently asked me whether or not apps that promise messages, photos, videos, and anything else sent through them will completely disappear were to be trusted. She referenced several different proclaimed “disappearing messages” apps that are currently available and asked, “So what do you think of these disappearing apps?  The messages are not really gone?” She is responsible for the care of an adult relative, and wanted to be able to communicate with his healthcare providers securely, and to not have any of the communications to linger and had been using one of these apps. Read the rest of this entry »

Four Things to Do for National Cyber Security Awareness Month

October 16th, 2015

Since this is National Cyber Security Awareness Month (NCSAM) it seems appropriate to give some examples and tips for how everyone can improve upon security, and better protect their privacy, this month. Read the rest of this entry »

Be Aware of Risks with Outsourcing to Other Countries

October 3rd, 2015

Businesses must be aware of risks with outsourcing to other countries activities involving personal information. Over the past couple of months I’ve heard over a dozen organizations express their opinion that if they hire organizations outside the U.S. to do work for them, then those organizations are not bound by U.S. laws. Most were from small to midsized organizations and startups. But it was somewhat surprising to hear also hear this sentiment from an organization with multiple locations and thousands of employees. This has been an incorrect belief of far too many organizations for decades.

I’ve also had clients in other countries ask about the need to comply with U.S. laws, such as for HIPAA compliance, when they provide services for U.S individuals and/or businesses.  Many believe they do not need to. Read the rest of this entry »