Most organizations have posted privacy notices on their websites. Great, right? Well consider that a 2012 study showed that the average reader would need 25 days simply to read the privacy policies for all websites accessed in a year. Website privacy notices are often very poorly written. And that’s not the only problem, as I’ve discovered over the past couple of decades reviewing privacy notices. In the past year in the privacy impact assessments (PIAs) I’ve done, I’ve found two consistent problems with them all. (more…)
Archive for the ‘privacy’ Category
There are fascinating and potentially very helpful smart gadgets being introduced every day into the consumer market. Particularly to create “smart homes” that will make refrigerators, lights, doors, and anything else that can be connected online (so basically anything) Wi-Fi enabled so that you can control, check on, record, and lock them, just to name just a few of the possibilities, from anywhere with a handy dandy app or mobile device. (more…)
Note: This was written in early January for part of International Data Privacy Day and Iowa Data Privacy Day activities. It is just now being published due to some unforeseen delays.
Do you have any type of wearable health device, like a fitness tracker? Or maybe an implanted or attached medical device, like an insulin pump or pacemaker? If they connect with apps or other computers through wireless connections, they are most likely collecting and sending huge amounts of data. Have you considered all that data, and how it is secured and who is getting it? (more…)
How well do you think your patient data, wherever it is located, is being secured? How well do you think your healthcare providers (doctors, nurses, hospitals, clinics, etc.) and health insurance companies are securing your patient information?
The fact is, with the increasing occurrences of patient data breaches, and more use of patient data for purposes beyond the provision of healthcare, most people are worried about patient data security. (more…)
A childhood friend of mine, who does not have a technology or information security background, recently asked me whether or not apps that promise messages, photos, videos, and anything else sent through them will completely disappear were to be trusted. She referenced several different proclaimed “disappearing messages” apps that are currently available and asked, “So what do you think of these disappearing apps? The messages are not really gone?” She is responsible for the care of an adult relative, and wanted to be able to communicate with his healthcare providers securely, and to not have any of the communications to linger and had been using one of these apps. (more…)
I’ve been working with hundreds of businesses over the past fifteen years, and I’ve found many common challenges that they are always trying to address, as well as some common, dangerously incorrect, beliefs about security and privacy. There are some common misconceptions that are unique to one-person to small businesses.
The expanding use of smart gadgets in the Internet of Things (IoT) is creating many more privacy risks than ever before encountered. Many businesses are also (finally!) starting to address privacy. And interest in how to establish privacy programs and how to perform privacy impact assessments (PIAs) to identify privacy risks are increasing. The privacy risks to the business that can occur include such things as: (more…)
The recent Consumer Electronics Show (CES) in Las Vegas was overflowing with new types of gadgets and devices that will become part of the Internet of Things (IoT). A business friend of mine attended the show and when he filled me in on all that he saw, he expressed amazement at what he estimated to be hundreds of wearable gadgets that he found there; they literally “dominated” the show. I had asked him prior to his attendance if he could check with some of the vendors on an important privacy topic while he was there, and so he had a lot to tell me about what he found, as well as what the vendors he spoke with wouldn’t tell him, that are directly related to privacy. (more…)
Have you made plans for Data Privacy Day (DPD) yet? What, you’ve never heard of DPD? You can see more about it here. Or, have you heard about DPD, but you’ve not yet had time to plan for it? Well, I love doing information security and privacy awareness activities and events! I’ve been doing them for 2 ½ decades, and have written about them often, and included a listing of 250 awareness activities in my Managing an Information Security and Privacy Awareness and Training Program book.
Here are five of the ways that I’ve found to be very effective for raising privacy awareness throughout the years. (more…)
Seeing all these really bad information security incidents and privacy breaches, often daily, are so disappointing. Let’s consider these four in particular.
- The Sony hack that seems to continue to get worse as more details are reported.
- An ER nurse using the credit cards of patients.
- Breaches of Midwest Women’s Healthcare patient records due to poor disposal practices at the Research Hospital.
- TD Bank’s outsourced vendor losing two backup tapes containing data about 260,000 of their customers.
And the list could continue for pages.
These incidents, and most others, probably could have been prevented if an effective information security and privacy management program existed that was built around three primary core elements: (more…)