Posts Tagged ‘FTC’

HIPAA/HITECH Breach Notice Rule: Applies To PHI of Deceased Individuals + Training A Key Element

Monday, August 24th, 2009

After a few days unable to make time to post to the blog, or technical difficulties preventing me when I did make time, I’m happy to resume my posting!
Today I want to offer a few thoughts about the breach notice rules that were released last week by the HHS and the FTC in compliance with the HITECH Act requirements…

(more…)

Red Flags Rule Enforcement Delayed to August 1, 2009; FTC Providing a Compliance “Template”

Friday, May 1st, 2009

The FTC has once more announced a delayed enforcement of the Red Flags Rule to August 1, 2009

(more…)

New Online Behavioral Advertising Principles: Self Regulation Does Not Mean Less Scrutiny By The FTC!

Monday, February 16th, 2009

On February 12 the U.S. Federal Trade Commission (FTC), the most actively aggressive oversight agency in the U.S. with regard to enforcing privacy protections, released new behavioral advertising principles

(more…)

FTC Publishes Report On SSNs and Identity Theft

Wednesday, December 17th, 2008

Today the U.S. Federal Trade Commission (FTC) released a new report about social security numbers (SSNs), identity theft, and recommended 5 ways to help prevend having SSNs being used for identity theft…

(more…)

Example Of Why Business Leaders MUST Ensure Third Party Security

Monday, December 15th, 2008

Below is a good example of why organizations need to do third party (vendor, outsourcers, business partners, etc.) information security and privacy program reviews. A very important sentence to show your business leaders who don’t think they need to ensure third party security is, “The lender made the data vulnerable, the complaint alleges, by allowing a third-party home seller to access the data without taking reasonable steps to protect it.”

(more…)

Continued Use Of Site Means Consent to Privacy Policy Changes?

Tuesday, November 25th, 2008

I speak with many folks about the importance of published website privacy policies, along with the issues of obtaining consent…not implied but explicit/express…to change the terms of privacy policies.
I also participate in LinkedIn, and I have found it to be a great and valuable tool to network and communicate with other information security and privacy practicitioners.
So, today when I logged in I was quite interested to see the following banner posted on the home page…

(more…)

FTC Postpones Active Red Flags Rule Enforcement To May 1, 2009

Thursday, October 23rd, 2008

I was surprised to read this yesterday…

(more…)

Despite 45+ U.S. Federal and State Laws, SSNs Still Widely Misused & Breached…Why?

Wednesday, August 20th, 2008

It amazes me how many news articles are frequently reported that are related to the misuse or breach of social security numbers (SSN). Today just a few the stories that popped up included:

(more…)

New Website Seal For Companies Participating In The EU Safe Harbor Program

Sunday, August 3rd, 2008

Something I’ve been spending a lot of work on this summer is creating management tools to help information security and privacy practitioners do their jobs more effectively and efficiently. In the past three months I’ve had over a dozen CISOs and CPOs call me and ask if I had specific types of tools to help them with their information security, privacy and compliance efforts and iniatives. One of the tools will help them with managing their programs and processes for, along with the many complex issues involved with, transferring personally identifiable information (PII) with any of the 27 European Union (EU) contries to the U.S. and other countries. One of the areas involved with tackling this issue is whether or not to participate in the Safe Harbor program.
So, I was very interested to read that the U.S. Commerce Department announced a new certification mark/seal for organizations to put on their websites to show that they have self-certified compliance with the Safe Harbor Framework requirements.

(more…)

Free Info Sec & Privacy Training Hosted By The FTC and COPP

Thursday, July 31st, 2008

If you’re in the Los Angeles area on August 13, here’s what looks to be a good, FREE, day of getting information security and privacy training hosted by the U.S. Federal Trade Commission (FTC) and the California Office of Privacy Protection (COPP).
If you are a company with no dedicated information security or privacy position, like most small and medium sized businesses (SMBs), then go to this event to hear WHY you need to make efforts to safeguard your customers’ and employees’ personally identifiable information (PII). Hey, if you’re in the area, it’ll only cost your time!
Here’s the full announcement…

(more…)