March 2008 -

Archive for March, 2008

This Is Business Continuity Awareness Week!

Sunday, March 30th, 2008

Business Continuity Awareness Week (BCAW) is March 31st – April 4; at least it is in the UK and throughout Europe.
Business Continuity Awareness Week in Australia is the week from Monday, April 28th – Friday, May 2nd.

(more…)

Tags:awareness and training, BCAW, business continuity, Business Continuity Awareness Week, Information Security, IT compliance, policies and procedures, risk management, security awareness, security training
Posted in Information Security | 1 Comment »

Employee Fined $13,096 for Drunken Hacking

Friday, March 28th, 2008

Dan Swanson sent me this news story (thanks Dan!), which gave me a chuckle…
“Employee Fined $13,000 for Drunken Hacking”
A rather interesting part of his judgment:

(more…)

Tags:awareness and training, drunken hacking, Information Security, IT compliance, James M. DiBlasio, policies and procedures, risk management, security awareness, security training
Posted in Information Security, Miscellaneous | No Comments »

Who Had The Brilliant Idea To Outsource U.S. Passports?

Thursday, March 27th, 2008

Okay, after the recent passport files snooping debacle I found today’s news story, “Outsourcing passports ‘profound liability’” very ironic and concerning.
Not only for the reported huge waste of taxpayers’ dollars, but also for the security risks…

(more…)

Tags:awareness and training, GPO, Information Security, IT compliance, passport-gate, passports, policies and procedures, privacy breach, risk management, security awareness, security training
Posted in government, Information Security | 2 Comments »

The Benefits of a Privacy Ombudsman

Wednesday, March 26th, 2008

The folks from Cutter just notified me that an excerpt from a recent article I wrote, “Learning from a Privacy Ombudsman: A Case Study to Establish a Healthcare Services Ombudsman,” will soon be featured in the “Quote of the Day” section of the Cutter Web site.
Here’s the excerpt…

(more…)

Tags:awareness and training, healthcare, Information Security, IT compliance, policies and procedures, privacy breach, privacy ombudsman, risk management, security awareness, security training
Posted in Miscellaneous, Privacy and Compliance | No Comments »

Yet Another Stolen Laptop With Clear Text Patient PII

Tuesday, March 25th, 2008

Yet another in a long procession of laptop thefs, “Stolen laptop contains personal info of 2,500 patients“.
Here are the first few paragraphs…

(more…)

Tags:awareness and training, encryption, GAO, Information Security, IT compliance, laptop loss, laptop theft, NHLBI, patient privacy, policies and procedures, privacy breach, risk management, security awareness, security training
Posted in Lost & Stolen Laptops, Privacy Incidents | 1 Comment »

Passport Breach: Poor Security Practices Lead To Privacy Breaches

Sunday, March 23rd, 2008

The breach of the presidential candidates’ passport files were widely reported over the past few days, such as here and here, not to mention the many postings referencing it as “passport-gate” throughout the blogosphere and the political implications. However, based upon what I’ve been reading it looks more like the result of a poor, inadequate and vulnerable information security program.
There are many information security and privacy issues involved with this incident. It would make a great case study to use at a joint meeting with your information security, privacy and compliance folks. Some of the questions to include in your discussion could include…

(more…)

Tags:Analysis Corp, applications security, awareness and training, Barack Obama, Hillary Clinton, Information Security, IT compliance, John McCain, passport-gate, policies and procedures, privacy breach, risk management, security awareness, security training, Stanley Inc
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »

The Emperors’ New Clothes Lack Privacy

Friday, March 21st, 2008

Over the past few weeks I’ve talked to several privacy officers and information security officers about how things are going with their initiatives, funding, and so on. Many from the financial industry, but otherwise a wide range of businesses from small to large. There has been a common theme during these discussions…

(more…)

Tags:awareness and training, Information Security, IT compliance, policies and procedures, privacy breach, risk management, security awareness, security training
Posted in Information Security, Privacy and Compliance | No Comments »

Useful Data Protection (Privacy) Law Sites

Wednesday, March 19th, 2008

This morning I took a little time to update my long listing of world-wide data protection (privacy) laws.
Here are some of them you may find helpful:

(more…)

Tags:awareness and training, data protection law, Information Security, IT compliance, policies and procedures, privacy law, risk management, security awareness, security training
Posted in Laws & Regulations | No Comments »

HIPAA HAS Impacted Healthcare Providers…Despite Lack Of Enforcement

Monday, March 17th, 2008

I have written many times about how the U.S Department of Health and Human Services (HHS) has severely weakened the planned privacy and security goals of the Health Insurance Portability and Accountability Act (HIPAA) to require healthcare covered entities (CEs) to implement strong safeguards for the protected health information (PHI) with which they’ve been entrusted. And I still believe that.
However, after reading a another report today I realized something…

(more…)

Tags:awareness and training, Britney Spears, George Clooney, HHS, HIPAA, Information Security, IT compliance, policies and procedures, risk management, security awareness, security training, UCLA Medical Center
Posted in Laws & Regulations, Privacy and Compliance | No Comments »

Spitzer Downfall Spotlights Surveillance In Mainstream

Saturday, March 15th, 2008

In case you haven’t heard, now ex-New York-governor Elliot Spitzer recently was found to be the frequent customer of a “high end call girl service” for the past couple of years.
How was he caught? Through an electronic path he left making payments for his philandering flings.

(more…)

Tags:awareness and training, Elliot Spitzer, Information Security, IT compliance, policies and procedures, risk management, security awareness, security training, surveillance
Posted in Information Security, Miscellaneous | No Comments »

Archive for March, 2008

This Is Business Continuity Awareness Week!

Employee Fined $13,096 for Drunken Hacking

Who Had The Brilliant Idea To Outsource U.S. Passports?

The Benefits of a Privacy Ombudsman

Yet Another Stolen Laptop With Clear Text Patient PII

Passport Breach: Poor Security Practices Lead To Privacy Breaches

The Emperors’ New Clothes Lack Privacy

Useful Data Protection (Privacy) Law Sites

HIPAA HAS Impacted Healthcare Providers…Despite Lack Of Enforcement

Spitzer Downfall Spotlights Surveillance In Mainstream

Search Privacyguidance

Categories

Archives

Blogroll

Meta

Syndicate