Posts Tagged ‘privacy impact assessment’

Newer Entries »

CEs and BAs: Be HIPAA/HITECH Compliant Or Pay A Hefty Penalty

Thursday, October 29th, 2009

The HHS released HITECH Act Enforcement Interim Final Rule today…

(more…)

Tags:, , , , , , , , , , , , , ,
Posted in Laws & Regulations, Privacy and Compliance | 2 Comments »

Smart Grid Privacy: Laws and Implications

Wednesday, October 21st, 2009

I was recently asked several questions about my work with the NIST Smart Grid privacy group and associated issues. Here are a couple of those questions, and my answers to them…

(more…)

Tags:, , , , , , , , , , , , , ,
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »

Privacy For The Deceased

Wednesday, September 30th, 2009

Late last month I posted, “HIPAA/HITECH Breach Notice Rule: Applies To PHI of Deceased Individuals + Training A Key Element” and since then I’ve had around half a dozen or so folks ask me to write about privacy for the deceased…

(more…)

Tags:, , , , , , , , , , , , , , , ,
Posted in Privacy and Compliance | No Comments »

10 Smart Grid Consumer-to-Utility Privacy Concerns; Are There More?

Friday, September 25th, 2009

I have had the great opportunity to participate in the NIST Smart Grid privacy standards group since July…

(more…)

Tags:, , , , , , , , , , , , , , , , ,
Posted in Information Security, Privacy and Compliance | 2 Comments »

How To Do Privacy Impact Assessments

Monday, September 21st, 2009

Last week I was very fortunate to be able to speak at the IAPP Privacy Academy in Boston…

(more…)

Tags:, , , , , , , , , , , , , , ,
Posted in Information Security, Privacy and Compliance | No Comments »

5 Common, Dumb and Dangerous Privacy Assumptions

Wednesday, June 17th, 2009

Today Kevin Beaver posted a nice article, “Dumb things IT consultants do” that included more than one warning about making assumptions. Kevin’s nice post made me think about all the dangerous assumptions consulants and practitioners often make when it comes to evaluating privacy practices…

(more…)

Tags:, , , , , , , , , , ,
Posted in Information Security, Privacy and Compliance | 2 Comments »

1746 Organizations In The U.S.’s EU Safe Harbor Program

Thursday, March 12th, 2009

A type of project I really love to do is a privacy impact assessment (PIA). For companies who collect or otherwise handle the personally identifiable information (PII) of individuals from multiple countries, typically doing a cross border data flow analysis of the PII is within the scope of the PIA.

(more…)

Tags:, , , , , , , , , , , ,
Posted in government, Privacy and Compliance | No Comments »

Your Name May Be Falling Off the Do Not Call List Soon!

Thursday, September 6th, 2007

I recently did a privacy impact assessment (PIA) for a marketing company and remembered that the U.S. Do Not Call list entries expire after 5 years! Most people do not realize this…did you know this?

(more…)

Tags:, , , , , , , , , ,
Posted in Laws & Regulations | 3 Comments »

U.S. Dept. of Homeland Security Makes 14 Privacy Impact Assessments Available

Wednesday, August 15th, 2007

I am a huge proponent of privacy impact assessments (PIAs); basically risk assessments for privacy. PIAs can reveal gaps in privacy practices, along with the information security practices used to protect privacy. They are important and effective exercises for all organizations that handle personally identifiable information (PII).

(more…)

Tags:, , , , , , , , , , ,
Posted in Privacy and Compliance | 1 Comment »

Newer Entries »