Archive for February, 2007

FTC: Speech Highlights Need for All Organizations To Address Information Security and Privacy & Education On These Topics

Friday, February 9th, 2007

The transcript of FTC Chairman Deborah Platt Majoras’ keynote on February 6 at the RSA conference, “ID Theft and Cyber-crime: Where Thieves Victims, Industry and Government Intersect” is available on the FTC site.
I’ve often stressed how the FTC Act basically applies to all organizations of all sizes in all industries doing business in the U.S. that have been entrusted to handle personal information. Too many organizations still believe that information security privacy issues only need to be handled by healthcare or financial organizations. The FTC has made many published statements to demonstrate that all organizations had better get their act together and implement safeguards for personally identifiable information (PII). Some of the statements within Majoras’ keynote emphasize this.

(more…)

Privacy Law: Leahy & Specter File Personal Data Privacy Act of 2007 Bill

Thursday, February 8th, 2007

On Tuesday, February 6, U.S. Sen. Patrick Leahy, D-Vt., and Sen. Arlen Specter, R-Pa., filed legislation,the Personal Data Privacy Act of 2007, that would, among other things, require organizations to notify consumers of security breaches as well as mandate the adoption of internal policies to protect personal data. This bill is generally the same as the bill Leahy proposed in 2005 and then again in 2006.

(more…)

Privacy Breach: Bank in UK Sends Personal Data of 75,000 Customers to 1 Customer Requesting Her Own Statement

Wednesday, February 7th, 2007

The Halifax Bank of Scotland sent the complete account information for 75,000 of their customers to one customer who had requested a copy of her own statement.

(more…)

Identity Theft: More Info On Fallout From The TJX Breach

Wednesday, February 7th, 2007

The Akron Beacon Journal reported February 5 more impacts of the massive TJX breach that occurred late in 2006 that may have impacted over 40 million individuals according to the Wall Street Journal.

(more…)

Software Licensing: Free Tools from the BSA & 10 Steps To Compliance

Tuesday, February 6th, 2007

I saw an article published on February 1, “United States: 10 Simple Steps To Ensure Software Licensing Compliance.”

(more…)

Software Licensing: Free Tools from the BSA & 10 Steps To Compliance

Tuesday, February 6th, 2007

I saw an article published on February 1, “United States: 10 Simple Steps To Ensure Software Licensing Compliance.”

(more…)

HIPAA: Congressional and GAO Reports Say HHS Needs To Make Changes To Protect Patient Privacy

Monday, February 5th, 2007

According to a congressional testimony report posted February 1, “Private Health Records: Privacy Implications of the Federal Government’s Health Information Technology Initiative,” the Department of Health and Human Services (HHS) needs to do more to address privacy and security concerns connected with the new technology.
Here is an excerpt from the testimony statement of Senator Daniel K. Akaka:

(more…)

PCI DSS and GLBA Compliance & Privacy Breach: Lawsuits Filed Against TJX

Sunday, February 4th, 2007

Let’s look at the events that have occurred with the recent TJX computer hack and resulting privacy breach and identity thefts:

(more…)

Free Awareness from the FTC: Phishing

Friday, February 2nd, 2007

I ran across this on the FTC site, an email to send to folks that links to an animation to help make them aware of phishing messages; isn’t this cool!? The FTC sight provides this as an awareness raising communication. It’s a little long, and hopefully the folks going to this link will have their sound turned off so it doesn’t shock their desk neighbors, but all in all it is a great, FREE (paid for by U.S. tax dollars), awareness communication to warn about the threats involved with phishing messages.

(more…)

“Say What You Do”: My New Book Now Available!

Thursday, February 1st, 2007

I had the great privilege and pleasure to work with Dorian Cougias, an award-winning author and information security practitioner, Marcelo Halpern, an internationally acclaimed lawyer, and Karsten Koop, also an award winning author and highly experienced IT auditor, to co-author our newly released book, “Say What You Do.”

(more…)