Archive for the ‘privacy’ Category

How to Avoid Common Privacy Notices Mistakes

Wednesday, March 23rd, 2016

Most organizations have posted privacy notices on their websites. Great, right? Well consider that a 2012 study showed that the average reader would need 25 days simply to read the privacy policies for all websites accessed in a year. Website privacy notices are often very poorly written. And that’s not the only problem, as I’ve discovered over the past couple of decades reviewing privacy notices. In the past year in the privacy impact assessments (PIAs) I’ve done, I’ve found two consistent problems with them all. (more…)

Are Smart Homes Security Dumb?

Tuesday, March 8th, 2016

There are fascinating and potentially very helpful smart gadgets being introduced every day into the consumer market. Particularly to create “smart homes” that will make refrigerators, lights, doors, and anything else that can be connected online (so basically anything) Wi-Fi enabled so that you can control, check on, record, and lock them, just to name just a few of the possibilities, from anywhere with a handy dandy app or mobile device. (more…)

The Internet of Medical Things: Health Data Privacy

Thursday, March 3rd, 2016

Note: This was written in early January for part of International Data Privacy Day and Iowa Data Privacy Day activities. It is just now being published due to some unforeseen delays.

Do you have any type of wearable health device, like a fitness tracker? Or maybe an implanted or attached medical device, like an insulin pump or pacemaker? If they connect with apps or other computers through wireless connections, they are most likely collecting and sending huge amounts of data. Have you considered all that data, and how it is secured and who is getting it? (more…)

People care about the security of their patient data

Saturday, December 12th, 2015

How well do you think your patient data, wherever it is located, is being secured? How well do you think your healthcare providers (doctors, nurses, hospitals, clinics, etc.) and health insurance companies are securing your patient information?

The fact is, with the increasing occurrences of patient data breaches, and more use of patient data for purposes beyond the provision of healthcare, most people are worried about patient data security. (more…)

No Those Messages Will Not Completely Self-Delete

Friday, October 30th, 2015

A childhood friend of mine, who does not have a technology or information security background, recently asked me whether or not apps that promise messages, photos, videos, and anything else sent through them will completely disappear were to be trusted. She referenced several different proclaimed “disappearing messages” apps that are currently available and asked, “So what do you think of these disappearing apps?  The messages are not really gone?” She is responsible for the care of an adult relative, and wanted to be able to communicate with his healthcare providers securely, and to not have any of the communications to linger and had been using one of these apps. (more…)

Small Businesses Must Address Security and Privacy

Friday, September 18th, 2015

I’ve been working with hundreds of businesses over the past fifteen years, and I’ve found many common challenges that they are always trying to address, as well as some common, dangerously incorrect, beliefs about security and privacy. There are some common misconceptions that are unique to one-person to small businesses.

Here are four common recurring incorrect information security and privacy beliefs of small businesses, and the facts that these businesses need to know: (more…)

Organizations Must Consider Privacy Harms

Tuesday, May 12th, 2015

The expanding use of smart gadgets in the Internet of Things (IoT) is creating many more privacy risks than ever before encountered. Many businesses are also (finally!) starting to address privacy. And interest in how to establish privacy programs and how to perform privacy impact assessments (PIAs) to identify privacy risks are increasing. The privacy risks to the business that can occur include such things as: (more…)

Data Collection Must be Limited for Internet of Things Privacy

Friday, January 30th, 2015

The recent Consumer Electronics Show (CES) in Las Vegas was overflowing with new types of gadgets and devices that will become part of the Internet of Things (IoT). A business friend of mine attended the show and when he filled me in on all that he saw, he expressed amazement at what he estimated to be hundreds of wearable gadgets that he found there; they literally “dominated” the show. I had asked him prior to his attendance if he could check with some of the vendors on an important privacy topic while he was there, and so he had a lot to tell me about what he found, as well as what the vendors he spoke with wouldn’t tell him, that are directly related to privacy. (more…)

5 Effective Ways to Raise Privacy Awareness

Thursday, December 18th, 2014

Have you made plans for Data Privacy Day (DPD) yet? What, you’ve never heard of DPD?  You can see more about it here. Or, have you heard about DPD, but you’ve not yet had time to plan for it? Well, I love doing information security and privacy awareness activities and events! I’ve been doing them for 2 ½ decades, and have written about them often, and included a listing of 250 awareness activities in my Managing an Information Security and Privacy Awareness and Training Program book.

Here are five of the ways that I’ve found to be very effective for raising privacy awareness throughout the years. (more…)

The 3 Necessary Elements for Effective Information Security Management

Thursday, December 11th, 2014

Seeing all these really bad information security incidents and privacy breaches, often daily, are so disappointing.  Let’s consider these four in particular.

  1. The Sony hack that seems to continue to get worse as more details are reported.
  2. An ER nurse using the credit cards of patients.
  3. Breaches of Midwest Women’s Healthcare patient records due to poor disposal practices at the Research Hospital.
  4. TD Bank’s outsourced vendor losing two backup tapes containing data about 260,000 of their customers.

And the list could continue for pages.

These incidents, and most others, probably could have been prevented if an effective information security and privacy management program existed that was built around three primary core elements: (more…)