Archive for September, 2008

Do Your Legal Contracts Trick Web Site Visitors into Installing Spyware?

Tuesday, September 30th, 2008

Over the past few years I’ve done a lot of research and reviewed a lot of privacy policies, and it’s really been amazing to see how the wording in many of them are not providing any privacy protections to website visitors or customers at all! In fact, some of them are downright tricking people into agreeing to share their personally identifiable information (PII) having software installed on their computers that they probably really do not want to have…

(more…)

PII Encryption Required by New Massachusetts and Nevada Laws

Monday, September 29th, 2008

There is a growing trend in laws that require personally identifiable information (PII) to be encrypted.
Encryption in past laws have been directed to be considered based upon risk, but now they are more explicitly required in some laws.

(more…)

Privacy as a Competitive Edge

Thursday, September 25th, 2008

I discuss how privacy is a competitive edge for business in the next section from my article, “How to Use Privacy as a Business Differentiator” within my September issue of IT Compliance in Realtime Journal.
Download the PDF for a much nicer looking version…

(more…)

Privacy As A Business Differentiator

Wednesday, September 24th, 2008

Should you be concerned about maintaining the privacy of the personally identifiable information (PII) with which you’ve been entrusted…from your customers, employees and others…only because of the growing numbers of laws that require you to be concerned?
Do you do nothing with regard to privacy protections if you are not compelled by laws because you want to save the money it would take to put the protections in place?

(more…)

“Doing Well by Doing Good”

Tuesday, September 23rd, 2008

Here’s the next section from my article, “How to Use Privacy as a Business Differentiator” within my September issue of IT Compliance in Realtime Journal.
Download the PDF for a much nicer looking version…

(more…)

New HHS Guides For HIPAA Privacy Rule

Monday, September 22nd, 2008

Did you see that the Department of Health and Human Services (HHS) released some new guidance documents for the Healthcare Portability and Accountability Act (HIPAA) Privacy Rule compliance activities on September 17?
I need to go through them more thoroughly, but upon a quick scan they look like they contain some pretty good, and interesting, guidance information for both patients and healthcare providers…

(more…)

Tomorrow is “Secure Your ID” Day

Friday, September 19th, 2008

This morning I was listening to my usual favorite radio station and was somewhat surprised to hear a guest talk about how he was going to be at a local grocery store parking lot tomorrow to offer free shredding services to help raise awareness of identity theft and in observation of “Secure Your ID” Day…

(more…)

Obtaining Support and Funding from Senior Management

Thursday, September 18th, 2008

Throughout the late spring and summer months I had the great opportunity to participate in an talented workgroup sponsored and led by the European Network and Information Security Agency (ENISA) to create a new, and quite valuable, resource for information security practitioners to help them obtain funding and sponsorship for the training and awareness programs.

(more…)

How to Use Privacy as a Business Differentiator & To Maintain Trust

Tuesday, September 16th, 2008

A recent news report from New Zealand, “Safety of personal info worries Kiwis” highlighted how business safeguards and privacy practices impact customer trust, and subsequently retention.
A recent New Zealand Privacy Commissioner survey found, among other things:

(more…)

A $1 Billion Access Control Mistake

Monday, September 15th, 2008

It has been widely reported and blogged about how an old United Airlines story was posted with huge stock value loss…

(more…)