Archive for the ‘privacy impact assessment’ Category

Every Organization with Personal Information Needs to Do a Privacy Impact Assessment

Thursday, December 11th, 2014

Today I had a great meeting with Sarah Cortes, with whom I am doing a session at the North America CACS ISACA conference in March. (I see I need to ask them to add Sarah’s name!)

I’m also going to teach a 2-day workshop (~4 hours each day), “Conducting A Privacy Impact Assessment” on March 18 & 19.

Every organization that handles personal information (PI) of any kind or form needs to know how to do a privacy impact assessment (PIA). And if you have PI from any type of individual, be it a customer, patient, employee, contractor, job applicant, etc., you need to make sure you are protecting, using and sharing the PI appropriately. A PIA will reveal where you are at risk with meeting your privacy obligations. Attend my PIA class in March and I will be happy to help you know how, or improve upon how you perform PIAs!

Can’t go to the conference for some reason? I can still help you! I have a PIA Toolkit you can use.

Any questions? Let me know!

Privacy Awareness: Moving from “I have nothing to hide” to “Oh dear!”

Wednesday, December 10th, 2014

The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.

When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would (more…)

Choose: $50 Credit Card Fraud Limit or Unlimited Privacy Damage?

Friday, June 6th, 2014

So today AT&T announced plans to test a service allowing payment card providers to access the location of a customer’s phone to improve the accuracy of fraud prevention systems for transactions made abroad. AT&T customers will have to opt-in to the fraud protection service, which will also be me made available to enterprise customers later this year.

Antone Gonsalves asked me for my opinions about the privacy implications, which he included some of within his article he published on CSO Online today.  However, I wanted to make several more points to follow-on to his article. (more…)

Privacy Lessons from Snapchat

Tuesday, June 3rd, 2014

There are many new small and mid-size business start-ups who are offering a wide range of online services, mobile apps, and smart devices. There are also many businesses that have been around a long time that see an opportunity and so are expanding into these areas.  I’ve spoken with many such businesses, and they often make two common privacy mistakes: (more…)