Recently I read a print article written by a prominant privacy officer at a well-known company who has been writing a lot of articles about privacy over the past couple of years. She is successful and usually has some good advice, but what worried me about the latest article I read, and some of her other articles, is that she specifies that certain issues are handled by IT and/or the information security officer, so privacy officers do not need to worry about them or even know much, if anything at all, about them. The topics she’s mentioned have been encryption, outsourcing IT functions, and information security policies, just to name a few.
Posts Tagged ‘corporate governance’
Information Security and Privacy Professionals Must Partner on Over 15 Different Enterprise Issues
Wednesday, April 25th, 2007SOX Compliance: Fraudsters Posing as Officials Selling “Compliance Solutions;” *NO* vendor Product Can Make an Organization 100% Compliant With ANY Regulation
Tuesday, April 24th, 2007Something that has irritated me for a very long time are vendors who see a chance to make a quick buck off of worried organizations, afraid they are not going to be in compliance with new laws, and create junk products to sell to them using fear, uncertainty and doubt (FUD). FUD products.
I saw a lot of HIPAA FUD back when that regulation went into effect, and saw way too many people spending way too much money for so-called HIPAA security and privacy certifications offered by vendors who did not even have anyone on staff with any type of healthcare provider, payer or clearinghouse practitioner experience. Not to mention HIPAA compliance solutions.
Security: NIST Releases Report on Biometrics Advances
Tuesday, April 10th, 2007Improved algorithms used in facial recognition software programs have improved the success of such technology by up to ten times since 2002, the National Institute of Standards and Technology (NIST) said in a report,”Face Recognition Vendor Test (FRVT) 2006 and the Iris Challenge Evaluation (ICE) 2006 Large-Scale Results” issued March 29.
Privacy Act: FTC Proposes Allowing Disclosure of PII Records to Third Parties To Assist Data Breach Response Within Gov’t Agencies
Tuesday, April 3rd, 2007On March 29 the FTC published a proposed new routine use, (72 Fed. Reg. 14814, 3/29/07), that would allow FTC records governed by the Privacy Act to be disclosed to “appropriate” persons and entities when reasonably necessary to respond and prevent, minimize, or remedy harm resulting from a U.S. government agency data breach or compromise.
Royal Academy of Engineering Releases Privacy Study Report: Emphasizes Importance of Engineering Security and Privacy Into Technology
Friday, March 30th, 2007The Royal Academy of Engineering, located in London, recently released a report, “Dilemmas of Privacy and Surveillance: Challenges of Technological Change.”
I just ran across it and haven’t had a chance to review it in depth yet, but a quick scan and reading the executive summary shows some interesting thoughts.
Study Reports The Companies Trusted Most For Privacy
Thursday, March 29th, 2007The Ponemon Institute puts out an annual survey asking anyone who wants to participate in their online survey who the companies are that they believe respect their customers most and do the best job of protecting their privacy.
U.S. ONDI and DOD Standardizing Security Policies
Wednesday, March 28th, 2007The Office of the National Director of National Intelligence (ONDI) and the Department of Defense (DoD) announced they are going to standardize their information security policies.
The work on the standardization started 8 months ago.
Government Compliance: FBI Director Says USA PATRIOT Act Doesn’t Need Changes; That FBI Is To Blame for Associated Problems
Tuesday, March 27th, 2007Today U.S. FBI Director Robert Mueller appeared before the Senate Judiciary Committee and testified that there are no problems with the USA PATRIOT Act, but that the FBI did not implement the Act appropriately.
USA PATRIOT Act: FBI Is Underreporting Their Use Of This Law To Order Businesses to Monitor Email, Phone Calls and Financial Information
Friday, March 9th, 2007CNN reported today that a U.S. Department of Justice (DoJ) audit finds the FBI is has not kept good track of how many times they have ordered businesses monitoring of emails, telephone records and financial information. The report has not yet been posted to the DoJ site but is supposed to be released sometime today.
According to the CNN report:
FTC’s COPPA Report Recommends Larger Penalties and More Education
Monday, March 5th, 2007The February 2007 FTC Report to Congress, “Implementing the Children’s Online Privacy Protection Act” (COPPA) provides a good look into the compliance actions and failures of numerous organizations to appropriately comply with this law designed to protect the privacy of children under 13 years of age.
