Most organizations have posted privacy notices on their websites. Great, right? Well consider that a 2012 study showed that the average reader would need 25 days simply to read the privacy policies for all websites accessed in a year. Website privacy notices are often very poorly written. And that’s not the only problem, as I’ve discovered over the past couple of decades reviewing privacy notices. In the past year in the privacy impact assessments (PIAs) I’ve done, I’ve found two consistent problems with them all. (more…)
Posts Tagged ‘privacy impact assessment’
The expanding use of smart gadgets in the Internet of Things (IoT) is creating many more privacy risks than ever before encountered. Many businesses are also (finally!) starting to address privacy. And interest in how to establish privacy programs and how to perform privacy impact assessments (PIAs) to identify privacy risks are increasing. The privacy risks to the business that can occur include such things as: (more…)
Today I had a great meeting with Sarah Cortes, with whom I am doing a session at the North America CACS ISACA conference in March. (I see I need to ask them to add Sarah’s name!)
I’m also going to teach a 2-day workshop (~4 hours each day), “Conducting A Privacy Impact Assessment” on March 18 & 19.
Every organization that handles personal information (PI) of any kind or form needs to know how to do a privacy impact assessment (PIA). And if you have PI from any type of individual, be it a customer, patient, employee, contractor, job applicant, etc., you need to make sure you are protecting, using and sharing the PI appropriately. A PIA will reveal where you are at risk with meeting your privacy obligations. Attend my PIA class in March and I will be happy to help you know how, or improve upon how you perform PIAs!
Can’t go to the conference for some reason? I can still help you! I have a PIA Toolkit you can use.
Any questions? Let me know!
The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.
When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would (more…)
So today AT&T announced plans to test a service allowing payment card providers to access the location of a customer’s phone to improve the accuracy of fraud prevention systems for transactions made abroad. AT&T customers will have to opt-in to the fraud protection service, which will also be me made available to enterprise customers later this year.
Antone Gonsalves asked me for my opinions about the privacy implications, which he included some of within his article he published on CSO Online today. However, I wanted to make several more points to follow-on to his article. (more…)
There are many new small and mid-size business start-ups who are offering a wide range of online services, mobile apps, and smart devices. There are also many businesses that have been around a long time that see an opportunity and so are expanding into these areas. I’ve spoken with many such businesses, and they often make two common privacy mistakes: (more…)
Sorry to be so tardy in getting a blog post out. As many of you know I’ve been working with the NIST Smart Grid Privacy Subgroup since late June. The work done for this group is through time volunteered by all involved.
As a quick recap, I led the privacy impact assessment (PIA) for the consumer-to-utility portion of the planned smart grid during the late June to late August/early September time frame. On Friday, 11/20, I provided an update on our NIST groups activities during the Gridwise Alliance phone conference; perhaps some of you were on that call?
Here are some links showing information about our NIST Smart Grid privacy group’s work:
I’ve had about half a dozen folks ask me how things are going with the work I’m doing with the NIST Smart Grid privacy group, and if I could provide an update since my last couple of posts on the topic here and here.
The time is going by much too quickly, and I am getting a bit nervous as we get closer to when we need to have the next draft of the NISTIR ready, tentatively set for December 31; there is so much more to do in this VOLUNTEER group effort…