Posts Tagged ‘FTC’
Thursday, March 12th, 2015
“Everyone knows that hackers only go after big organizations!” the wearable medical device representative shouted at me after my presentation on the need to build security and privacy controls into such devices, as well as having policies and procedures governing their use within the business organization. “It is a waste of our time, effort and money to establish and build in such security and privacy controls!”
This one person’s strong opinion is one that I’ve heard many times over the years about implementing security and privacy controls in general. And it is becoming more dangerous from a security and privacy perspective to not only those using wearable devices of all kinds (medical, fitness, tracking, etc.), but wearables also bring significant risk to the organizations whose employees are wearing them. (more…)
Tags:cybersecurity, Dell, FTC, Information Security, Internet of Things, IoT, privacy, privacy professor, privacyprof, Rebecca Herold, smart device, TechPage, wearable, wearables
Posted in Internet of Things, Uncategorized | No Comments »
Friday, February 20th, 2015
Still relevant lessons in security economics
I started working in the information security and privacy space in 1988 at a large multi-national financial and healthcare organization. Imagine trying to get security and privacy controls implemented at a time when there were no regulations requiring organizations to do so. Yes, I faced some challenges. And many since. Some examples: (more…)
Tags:cybersecurity, Dell, Edith Ramirez, Federal Trade Commission, FTC, Information Security, Internet of Things, IoT, Joshua Wright, Julie Brill, Maureen Ohlhausen, privacy, privacy professor, privacyprof, Rebecca Herold, smart device, TechPage, Terrell McSweeny
Posted in Internet of Things | No Comments »
Saturday, November 29th, 2014
It is that time of the year again…time for prognostications about the year ahead!
I was asked to provide a few predictions for 2015. Based upon not only what I’ve seen in 2014, but also foreshadowing from the past two-three decades, here are some realistic possibilities. (more…)
Tags:2015 predictions, big data, big data analytics, breaches, Dell, FDA, FTC, HHS, HITECH, Information Security, information security risks, infosec, Internet of Things, IoT, personal health recordsHIPAA, personal information, PHR, policies, privacy, privacy breach, privacy information, privacy professor, privacy risks, privacyprof, procedures, Rebecca Herold, risks, sensitive information, sensitive personal data, training
Posted in Cybersecurity, privacy | No Comments »
Monday, August 24th, 2009
After a few days unable to make time to post to the blog, or technical difficulties preventing me when I did make time, I’m happy to resume my posting!
Today I want to offer a few thoughts about the breach notice rules that were released last week by the HHS and the FTC in compliance with the HITECH Act requirements…
(more…)
Tags:awareness and training, breach law, breach notification, breach response, FTC, HHS, HIPAA, HITECH Act, Information Security, IT compliance, IT training, patient privacy, personally identifiable information, PII, policies and procedures, privacy training, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Friday, May 1st, 2009
Tags:awareness and training, FTC, identity theft, Information Security, IT compliance, IT training, policies and procedures, privacy training, Red Flags rule, risk management, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Monday, February 16th, 2009
On February 12 the U.S. Federal Trade Commission (FTC), the most actively aggressive oversight agency in the U.S. with regard to enforcing privacy protections, released new behavioral advertising principles…
(more…)
Tags:awareness and training, behaviorial advertising, compliance, FTC, Information Security, IT compliance, IT training, policies and procedures, privacy, privacy principles, privacy training, risk management, security training
Posted in government, Laws & Regulations, Privacy and Compliance | No Comments »
Wednesday, December 17th, 2008
Today the U.S. Federal Trade Commission (FTC) released a new report about social security numbers (SSNs), identity theft, and recommended 5 ways to help prevend having SSNs being used for identity theft…
(more…)
Tags:awareness and training, FTC, identity theft, Information Security, IT compliance, IT training, policies and procedures, privacy, privacy training, risk management, security training, social security number, SSN
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Monday, December 15th, 2008
Below is a good example of why organizations need to do third party (vendor, outsourcers, business partners, etc.) information security and privacy program reviews. A very important sentence to show your business leaders who don’t think they need to ensure third party security is, “The lender made the data vulnerable, the complaint alleges, by allowing a third-party home seller to access the data without taking reasonable steps to protect it.”
(more…)
Tags:awareness and training, FTC, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training, third party security
Posted in Non-compliance Sanctions Examples, Privacy and Compliance | 1 Comment »
Tuesday, November 25th, 2008
I speak with many folks about the importance of published website privacy policies, along with the issues of obtaining consent…not implied but explicit/express…to change the terms of privacy policies.
I also participate in LinkedIn, and I have found it to be a great and valuable tool to network and communicate with other information security and privacy practicitioners.
So, today when I logged in I was quite interested to see the following banner posted on the home page…
(more…)
Tags:awareness and training, express consent, FTC, implied consent, Information Security, IT compliance, IT training, LinkedIn, policies and procedures, privacy policy change, privacy training, risk management, security training
Posted in Privacy and Compliance | 2 Comments »
Thursday, October 23rd, 2008
I was surprised to read this yesterday…
(more…)
Tags:awareness and training, FDIC, Federal Reserve Board, FTC, Information Security, IT compliance, IT training, OCC, OTS, policies and procedures, privacy training, Red Flags rule, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
