Archive for March, 2012

6 Good Reasons to De-Identify Data

Friday, March 30th, 2012

De-identification is a great privacy tool for all types of businesses, of all sizes.  If you have personal data that you want to use for research, marketing, testing applications, statistical trending or some other legitimate purpose, but you don’t need to know the specific individuals involved in order to meet your goals, then you should consider de-identifying the personal data.  Even though it sounds complicated there are many good methods you can use to accomplish de-identification.  And the great thing is, (more…)

6 Good Reasons NOT To Ask For Facebook Passwords

Friday, March 23rd, 2012

In case you’ve not paid attention to the news in the past week, there has been a barrage of stories (over 1500 turned up in a quick online search) about organizations asking job applicants and employees for their Facebook, Twitter, LinkedIn and other social networking passwords.  It’s a hot topic folks! I’ve listed a bunch of them at the end of this post.  Compelled password disclosure is a very bad idea for organizations to do for many reasons.  Here are six that should be compelling to business management: (more…)

Encryption: Myths and Must Knows

Friday, March 2nd, 2012

I am looking forward to the day when we can look at the news headlines and not see some report about a lost or stolen computing device or storage device that contained unencrypted personal information and/or other sensitive information.  And, I also want to stop seeing stories reappear about such an incident, such as the stolen NASA laptop with the clear text Space Station control codes that was stolen last year, but is making the headlines yet again today.  NASA is a large enough, and tech savvy enough, organization to know better!  However, there are many organizations that simply don’t understand what a valuable information security tool encryption is.   I work with many small to medium sized businesses (SMBs), all of which have legal obligations (such as through HIPAA and HITECH, along with contractual requirements) to protect sensitive information, such as personal information.  Over the past year I’ve heard way too many of them make remarks such as… (more…)