Posts Tagged ‘FTC’

How businesses can reduce wearables security & privacy risks

Thursday, March 12th, 2015

“Everyone knows that hackers only go after big organizations!” the wearable medical device representative shouted at me after my presentation on the need to build security and privacy controls into such devices, as well as having policies and procedures governing their use within the business organization. “It is a waste of our time, effort and money to establish and build in such security and privacy controls!”

This one person’s strong opinion is one that I’ve heard many times over the years about implementing security and privacy controls in general. And it is becoming more dangerous from a security and privacy perspective to not only those using wearable devices of all kinds (medical, fitness, tracking, etc.), but wearables also bring significant risk to the organizations whose employees are wearing them. (more…)

Perceptive Privacy Protectors Push for IoT Privacy Protections

Friday, February 20th, 2015

Still relevant lessons in security economics

I started working in the information security and privacy space in 1988 at a large multi-national financial and healthcare organization. Imagine trying to get security and privacy controls implemented at a time when there were no regulations requiring organizations to do so. Yes, I faced some challenges. And many since. Some examples: (more…)

4 Privacy Predictions for 2015

Saturday, November 29th, 2014

It is that time of the year again…time for prognostications about the year ahead!

I was asked to provide a few predictions for 2015. Based upon not only what I’ve seen in 2014, but also foreshadowing from the past two-three decades, here are some realistic possibilities.  (more…)

HIPAA/HITECH Breach Notice Rule: Applies To PHI of Deceased Individuals + Training A Key Element

Monday, August 24th, 2009

After a few days unable to make time to post to the blog, or technical difficulties preventing me when I did make time, I’m happy to resume my posting!
Today I want to offer a few thoughts about the breach notice rules that were released last week by the HHS and the FTC in compliance with the HITECH Act requirements…


Red Flags Rule Enforcement Delayed to August 1, 2009; FTC Providing a Compliance “Template”

Friday, May 1st, 2009

The FTC has once more announced a delayed enforcement of the Red Flags Rule to August 1, 2009


New Online Behavioral Advertising Principles: Self Regulation Does Not Mean Less Scrutiny By The FTC!

Monday, February 16th, 2009

On February 12 the U.S. Federal Trade Commission (FTC), the most actively aggressive oversight agency in the U.S. with regard to enforcing privacy protections, released new behavioral advertising principles


FTC Publishes Report On SSNs and Identity Theft

Wednesday, December 17th, 2008

Today the U.S. Federal Trade Commission (FTC) released a new report about social security numbers (SSNs), identity theft, and recommended 5 ways to help prevend having SSNs being used for identity theft…


Example Of Why Business Leaders MUST Ensure Third Party Security

Monday, December 15th, 2008

Below is a good example of why organizations need to do third party (vendor, outsourcers, business partners, etc.) information security and privacy program reviews. A very important sentence to show your business leaders who don’t think they need to ensure third party security is, “The lender made the data vulnerable, the complaint alleges, by allowing a third-party home seller to access the data without taking reasonable steps to protect it.”


Continued Use Of Site Means Consent to Privacy Policy Changes?

Tuesday, November 25th, 2008

I speak with many folks about the importance of published website privacy policies, along with the issues of obtaining consent…not implied but explicit/express…to change the terms of privacy policies.
I also participate in LinkedIn, and I have found it to be a great and valuable tool to network and communicate with other information security and privacy practicitioners.
So, today when I logged in I was quite interested to see the following banner posted on the home page…


FTC Postpones Active Red Flags Rule Enforcement To May 1, 2009

Thursday, October 23rd, 2008

I was surprised to read this yesterday…