February 2009 -

Archive for February, 2009

Judgment For Disclosing PII To Business Partners: Explicit Opt-In Is Required

Friday, February 27th, 2009

I just ran across the judgment for an interesting case involving privacy and opt-in consent for disclosing personally identifiable information (PII)…

Tags:awareness and training, FCC, Information Security, IT compliance, IT training, Opt-in, policies and procedures, privacy training, risk management, security training, third party security
Posted in Laws & Regulations, Privacy and Compliance | No Comments »

Judgment For Disclosing PII To Business Partners: Explicit Opt-In Is Required

Friday, February 27th, 2009

I just ran across the judgment for an interesting case involving privacy and opt-in consent for disclosing personally identifiable information (PII)…

Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training, third party security
Posted in Laws & Regulations, Privacy and Compliance | No Comments »

HIPAA Violations: Nurses Allegedly Post X-Ray Photos To Facebook

Thursday, February 26th, 2009

Okay, here’s a perfect real incident to use for a case study to ~~argue~~ discuss whether or not this is a HIPAA violation!

Tags:awareness and training, HIPAA, HITECH Act, Information Security, IT compliance, IT training, patient information, PHI, policies and procedures, privacy training, risk management, security training
Posted in Privacy and Compliance, Privacy Incidents | 5 Comments »

7 Info Sec & Privacy Tidbits

Wednesday, February 25th, 2009

Today I spent a lot of time in phone meetings and doing research. So, instead of focusing on writing about one topic today, here are my tweets I sent out, that cover a wide range of topics…

Tags:audits, awareness and training, hacker, Information Security, IT compliance, IT training, OECD, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Miscellaneous, Privacy and Compliance | No Comments »

7 Info Sec & Privacy Tidbits

Wednesday, February 25th, 2009

Today I spent a lot of time in phone meetings and doing research. So, instead of focusing on writing about one topic today, here are my tweets I sent out, that cover a wide range of topics…

Tags:audits, awareness and training, hacker, Information Security, IT compliance, IT training, OECD, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Miscellaneous, Privacy and Compliance | No Comments »

Employee Suing Starbucks For Poor Security & Laptop Theft

Tuesday, February 24th, 2009

Here’s an interesting progression in how to address the growing data breaches that occur largely from ignored, overlooked, and/or inadequate security practices…

Tags:awareness and training, encryption, identity theft, Information Security, IT compliance, IT training, laptop theft, policies and procedures, privacy training, risk management, security training, Starbucks, stolen laptop
Posted in Information Security, Lost & Stolen Laptops, Privacy and Compliance, Privacy Incidents | No Comments »

Report on Healthcare Provider HIPAA Progress

Monday, February 23rd, 2009

Here’s an interesting report from URAC about healthcare providers and HIPAA compliance progress…

Tags:awareness and training, HIPAA, Information Security, IT compliance, IT training, patient privacy, policies and procedures, privacy training, risk management, security training, URAC
Posted in Laws & Regulations, Privacy and Compliance | No Comments »

Surveillance: New Employee Privacy Law in Portugal

Sunday, February 22nd, 2009

On Februry 17, 2009, a new workplace privacy law took effect in Portugal…

Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, Portugal privacy law, privacy training, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »

Medical Identity Theft: Medical Equipment Co. Owner Sentenced to Prison

Friday, February 20th, 2009

I just ran across this U.S. Department of Justice (USDOJ) press release from January 20, 2009…

Tags:awareness and training, Information Security, IT compliance, IT training, medical identity theft, policies and procedures, privacy training, Remberto Sarmiento, risk management, security training
Posted in identity theft | 2 Comments »

2ND HIPAA Sanction: CVS Must Pay $2.25 Million And Improve Info Sec Practices For Improper Disposal

Thursday, February 19th, 2009

The 2nd ever to date HIPAA sanction has been handed down by the Department of Health and Human Services (HHS)…

Tags:awareness and training, CVS, HIPAA, HIPAA sanction, Information Security, IT compliance, IT training, policies and procedures, privacy rule, privacy training, risk management, security rule, security training
Posted in Information Security, Laws & Regulations, Non-compliance Sanctions Examples, Privacy and Compliance | No Comments »