Posts Tagged ‘PIA’

Privacy For The Deceased

Wednesday, September 30th, 2009

Late last month I posted, “HIPAA/HITECH Breach Notice Rule: Applies To PHI of Deceased Individuals + Training A Key Element” and since then I’ve had around half a dozen or so folks ask me to write about privacy for the deceased…


10 Smart Grid Consumer-to-Utility Privacy Concerns; Are There More?

Friday, September 25th, 2009

I have had the great opportunity to participate in the NIST Smart Grid privacy standards group since July…


How To Do Privacy Impact Assessments

Monday, September 21st, 2009

Last week I was very fortunate to be able to speak at the IAPP Privacy Academy in Boston…


5 Common, Dumb and Dangerous Privacy Assumptions

Wednesday, June 17th, 2009

Today Kevin Beaver posted a nice article, “Dumb things IT consultants do” that included more than one warning about making assumptions. Kevin’s nice post made me think about all the dangerous assumptions consulants and practitioners often make when it comes to evaluating privacy practices…


1746 Organizations In The U.S.’s EU Safe Harbor Program

Thursday, March 12th, 2009

A type of project I really love to do is a privacy impact assessment (PIA). For companies who collect or otherwise handle the personally identifiable information (PII) of individuals from multiple countries, typically doing a cross border data flow analysis of the PII is within the scope of the PIA.


Your Name May Be Falling Off the Do Not Call List Soon!

Thursday, September 6th, 2007

I recently did a privacy impact assessment (PIA) for a marketing company and remembered that the U.S. Do Not Call list entries expire after 5 years! Most people do not realize this…did you know this?


U.S. Dept. of Homeland Security Makes 14 Privacy Impact Assessments Available

Wednesday, August 15th, 2007

I am a huge proponent of privacy impact assessments (PIAs); basically risk assessments for privacy. PIAs can reveal gaps in privacy practices, along with the information security practices used to protect privacy. They are important and effective exercises for all organizations that handle personally identifiable information (PII).