Today it was widely reported that several privacy groups were banding together to demand the creation of a “Do Not Track” list, similar to the FTC’s “Do Not Call” list.
Archive for October, 2007
Email Security and Privacy: NY Hospital Retention Ruling Points Out Importance of Policies and AwarenessWednesday, October 31st, 2007
On October 17, 2007, there was a very interesting ruling regarding a doctor’s email communications sent to an attorney and the associated attorney privilege. In the matter of Scott v Beth Israel Med. Ctr. Inc. the New York Supreme Court found that the doctor’s email messages to his attorneys using the hospital network were not privileged and could be retained by the hospital even though the doctor wanted the hospital to stop retaining his messages and delete all emails related to his communications with his lawyers.
Did you know that there are now 40 state level breach notice laws in the U.S., including the District of Columbia?
Many different websites provide information about the state breach notice laws, but most of them do not list all the current breach notice laws, or they provide information in a way that is not easy to quickly find specifically what I’m looking for.
5-Point Checklist for Info Sec and Privacy Pros to Use for Data Protection and Privacy Law ComplianceSunday, October 28th, 2007
One of the basic privacy principles is to limit the collection of personally identifiable information (PII) to only that which is necessary for the business purpose for which it is being collected. These privacy principles, built largely around the OECD privacy principles, are the basis for most data protection and privacy laws throughout the world.
One of the sessions I attended at the IAPP Privacy Academy this past week was “APEC Update – Self Regulatory Approaches to Cross Border Transfers of Personal Data.” The presenters were: Pamela Jones Harbour, Commissioner, Federal Trade Commission (FTC), Marty Abrams, Executive Director, Center for Information Policy Leadership, and Fran Maier, Executive Director and President, TRUSTe.
I want to revisit the blog posting I made a few days ago, “Average Cost of ID Theft Per Victim is $31,356”
Some folks gave me some feedback, saying that they thought this cost was way too high based upon their own experiences when someone had used their credit cards and “it only took a matter of minutes to call the credit card company and report it, cancel the card/number, and get a new card, along with the $50” that they were responsible for.
Yesterday (Wednesday) was the final day of the IAPP Privacy Academy, and it was a great conference for me! I have been preaching about information security and privacy collaboration within a 2-day training seminar over the past 2 years, so it is good to finally start hearing others recognize and promote the need for information security and privacy practitioners to work together.
Finally, a report that looks much more accurate with regard to how much identity theft costs the VICTIMS of a privacy breach. Most reported victim costs that I have seen in the past seemed much too low considering all the time that victims talked about trying to repair and recover from identity theft, and how much resources it took, the many years it often takes, and so on.
It has been great talking in-depth about privacy issues over the past two days here at the IAPP Privacy Academy.
We had a great turnout for the pre-conference seminar; the room was filled to the 60-person capacity. It was good to hear the concerns and common practices of the diverse organizations for how they are providing privacy training and awareness.