Archive for January, 2007

Info Sec and Privacy Pros Need Ongoing Training

Saturday, January 20th, 2007

I write a lot about the need for a comprehensive and ongoing information security and privacy education program within organizations. Many people do. More is needed. However, something that I don’t see written about much is the need for information security and privacy practitioners and leaders to also receive ongoing training covering the issues for which they are responsible. We see a lot of seminars and conferences offered, but it is often hard to get the budget approved to attend these, let alone be able to take 2, 3, 4 or even 5 days away from the office.


U.S. Commerce Dept’s CISO Leaves for the GAO Asst. Director of Security Position

Wednesday, January 17th, 2007

There was an interesting short article from the Government Computer News today, “CISO leaving Commerce for GAO.”


Awareness and Training Example: Privacy Impacts Throughout the Day

Tuesday, January 16th, 2007

There was a very interesting article in the Washington Post today, “Enjoying Technology’s Conveniences But Not Escaping Its Watchful Eyes
This documentary of the day in the life of a woman shows how privacy issues are encountered throughout the day, and how virtually all of us leave a bit of ourselves, and along with it our privacy, whenever we get online, make purchases from stores, make phone calls, or do any number of things in virtually any place.


PIPEDA Action: Canadian Airline Refuses to Make Changes After Customer Complains

Monday, January 15th, 2007

The Office of the Privacy Commissioner of Canada published findings last week for a PIPEDA case in which an individual complained that a Canadian airline refused to give him access to his personal information.
It is interesting that the names of organizations are not published within the decisions and summaries of the Privacy Commissioners.


Laptop Incident: N.C. Dept of Revenue Laptop Theft Puts 30,000 Residents At Risk

Saturday, January 13th, 2007

Today the North Carolina Charlotte Observer reported a laptop was stolen from the car of an N.C. Department of Revenue employee in December.
They mailed letters to all 30,000 individuals this week. According to the report this is the first time notifications have been made within N.C. since they put their privacy breach notification law for government agencies into effect during the fall of 2006.


RFID Silliness: Is The Eagle on Your Coin Watching You?

Friday, January 12th, 2007

I saw an article on Yahoo news yesterday, “U.S. warns about Canadian spy coins,” that pointed out a warning issued by the U.S. Defense Security Service about Canadian coins being used to track U.S. government contractors.
The CIA has information about similar types of coins: “This hollow container, fashioned to look like an Eisenhower silver dollar, is still used today to hide and send messages or film without being detected. Because it resembles ordinary pocket change, it is virtually undetectable as a concealment device.”


Outsourcing: Dubai Strengthens Data Protection Law

Thursday, January 11th, 2007

On Monday (1/8) the Dubai International Financial Centre (DIFC) implemented a stronger Data Protection Law and appointed a Data Protection Commission to oversee the DIFC.

“The Data Protection Law, which has been amended following a period of public consultation, ensures the protection of all personal information, including any sensitive personal data, and is compliant with the provisions of the laws and directives of the European Union and the guidelines of the Organisation for Economic Co-operation and Development (OECD), including the transfer of data.”


HIPAA Mobile and Remote Computing Security Guidance from CMS

Wednesday, January 10th, 2007

Today I received notice that the Centers for Medicare & Medicaid Services (CMS) just issued a new publication, “Security Guidance for Remote Use‚Äù which is actually dated 12/28/2006.

“This document is intended to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of Electronic Protected Health Information (EPHI).”


12 Privacy-Impacting U.S. Federal Bills Introduced on January 4

Wednesday, January 10th, 2007

On January 4th the 110th U.S. congress convened for the first time, and they did not waste any time introducing many new bills. 12 of them have privacy impacts. You can find more information about each of these at the THOMAS (Library of Congress) site. However, as of today (1/10/2007), the full texts for most of these bills are not yet available online.
From the Senate:


Identity Theft Examples: Used for Illegal Immigrants

Monday, January 8th, 2007

In the past month around 1,300 employees of Swift & Company were detained during immigrations raids in Iowa, Nebraska, texas, Utah, Minnesota and Colorado.
As many as 220 of those detained face identity theft charges.