Archive for July, 2007

Insider Threat and Cowboys: The Wall Street Journal Tells Your Personnel How To Get Around Your Security

Tuesday, July 31st, 2007

Oh, boy, reading this Wall Street Journal story, “Ten Things Your IT Department Won’t Tell You” brought back some memories of personnel who went to great lengths to get around security requirements!


International PII Data Transfers: New Requirements from Spain

Monday, July 30th, 2007

In this global economy it is important for you to know, understand and follow the data protection laws in all the countries where you have offices, have customers, store personally identifiable information (PII) and from where PII is accessed. Each country has nuances within their laws that could create quite a big obstacle if you are doing business there and find you must suddenly stop because you are out of compliance with their data protection laws.


Do You Think Privacy Is Really Dead?

Saturday, July 28th, 2007

I occasionally post to the Cutter Consortium blog, and the recent topics there have involved privacy.


Retail Locations Have Unique Challenges With PCI DSS Compliance

Friday, July 27th, 2007

I’ve been intrigued lately with PCI DSS compliance. It has all retailers on edge, has multiple vendors drooling, and has spawned new laws and bills, such as in Minnesota and Texas. I’ve had interesting discussions about it with those who process credit card payments, and I’ve been doing some research into the various issues.


Compliance and Information Security: Common Sense Confirmed

Thursday, July 26th, 2007

So many times I’ve heard business leaders complain that the data protection requirements within the multiple laws and regulations only hurt business; that they are not necessary and have no true impact on really protecting data…they are just bureaucratic hoops forced upon businesses to placate the politicians’ constituents by lawmakers who know nothing about the nuts and bolts of implementing information security…and that the cost of compliance is only hurts the business’ bottom line.


Confusing Folks: PHR, PHI, PII, NPPI, and Dozens of Other Acronyms…It’s Still All Personal Information

Wednesday, July 25th, 2007

I really enjoy reading survey results. I can’t help myself. Whether the surveys are well-done, sloppy, long, short, statistically accurate or obviously statistically invalid, I still find them interesting. Especially when they cover what the general public and non-IT/non-infosec person thinks or knows about information security and privacy, or some industry-specific issue.


Privacy Initiatives Sincere Or Marketing Ploy?

Tuesday, July 24th, 2007

Yesterday San Jose Mercury News printed a story about how Yahoo, Microsoft and Ask are going to “limit” the personally identifiable information (PII) they collect online.


Reminder: Your “Privacy in the 21st Century” Submissions Need to Be in by July 27th…This Friday!

Tuesday, July 24th, 2007

Last week I posted about this year’s Global Security Week.


Insider Threat Example: Payroll Employee Threatens To Illegally Use Other Employees’ PII If Not Given a Good Review

Sunday, July 22nd, 2007

Here’s another example of the insider threat similar to situations that I’ve heard of happening many times throughout the years through conversations with folks at conferences and other professional meetings.