Archive for September, 2007

Trends In Allowing MP3 Downloads to Corporate Networks

Thursday, September 20th, 2007

I love my iPod and my iTunes. I have always liked to pick and choose the tunes I wanted to hear and not have to listen to the entire album/CD if there were some songs that I didn’t care for. Plus, I like to listen to a variety of singers, all mixed together. I’ve created dozens of playlists for various events and activites I do. I have an eclectic taste in music which I am broadening all the time while listening to what I think is one of the top radio stations in the entire country, located right here in the Des Moines, Iowa area. Add to this the many great podcasts that continue to be churned out, and you can imagine how many weeks of total play time are stored on my computer within my MP3s.

(more…)

Deloitte Survey Shows the Need for Effective Training

Wednesday, September 19th, 2007

Deloitte Touche Tohmatsu just released their “2007 Global Security Survey” report.

(more…)

New FTC Report Provides Organizations Good Guidance For Protecting PII

Tuesday, September 18th, 2007

Today the U.S. Federal Trade Commission (FTC) released a report, “Combating Identity Theft: Implementing a Coordinated Plan.”

(more…)

Would You Be More Inclined To Work For A Company That Gave You Identity Theft Insurance As A Benefit?

Monday, September 17th, 2007

Last year I had a couple of different identity theft insurance vendors contact me wanting me to endorse their products as they were trying to sell the packages to employers to offer to their employees as part of their total benefits packages.

(more…)

TJX Breach Sentence: Man Gets 5 Years in Prison and Must Pay $600,000 Restitution; Is It Enough?

Sunday, September 16th, 2007

On September 13, Florida Attorney General Bill McCollum announced Irving Escobar, the alleged leader of a Florida fraud ring that used stolen credit card information linked to the TJX, data breach was sentenced to five years in prison and must pay nearly $600,000 in restitution.

(more…)

PII for 60,000 Lost In Yet Another Incident: Know How To Address The Risks Involved With Entrusting PII To Business Partners

Thursday, September 13th, 2007

Yesterday yet another incident occurred where a business partner / vendor lost the personally identifiable information (PII) for which they had been entrusted. Americhoice sent a CD containing the PII of 67,000 individuals to TennCare via overnight UPS delivery.

(more…)

The First Ever HIPAA Audit: Where’s The Report? Does It Have Beef?

Wednesday, September 12th, 2007

Gosh, I just had a flashback to the “Where’s the Beef” commercial from years ago… :)
The U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule went into effect in April, 2001, and gave covered entities (CEs) two years to get into compliance. The HIPAA Security Rule went into effect in April 2003 and CEs had until April 2005 to get into compliance.

(more…)

Fair Labor Standards Act: Court Ruling Makes Me Wonder…When/Do IT Folks Get Paid For Overtime?

Tuesday, September 11th, 2007

Here’s something interesting along the compliance front…especially considering the very long hours I used to work for my employer years ago, and how long I know so many other IT folks work long hours trying to resolve problems. It also brings in a law I’m not very familiar with, the Fair Labor Standards Act (FLSA), but motivates me to learn more. Those of you in IT fields will be interested in this…

(more…)

HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI

Monday, September 10th, 2007

There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.

(more…)

HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI

Monday, September 10th, 2007

There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.

(more…)

m4s0n501