Archive for March, 2009

HIPAA Sanctions and Convictions Will Increase with HITECH Act & New Administration

Tuesday, March 31st, 2009

Upon reading and researching HIPAA and the impact of the HITECH Act upon it, basically broadening its applicability as well as adding new requirements for privacy breach notifications, I recently was compelled to write an article about what I foresee as likelihood that, after a very frustratingly slow start (by several years!) of HIPAA enforcement, increasingly more HIPAA sanctions will be made in the coming months and years.
SearchCompliance printed my article in three parts in their Compliance Tips section…


Don’t let differing authority levels damage info sec, privacy & compliance collaboration

Thursday, March 26th, 2009

I first realized the need for information security and legal compliance areas to closely collaborate on converging issues in the mid-1990’s while establishing the information security and privacy requirements for one of the first online banks. Over the past 5+ years I’ve been actively evangelizing through my 2-day classes, conference and meeting speeches, and many articles and other publications about the need for information security, privacy and legal compliance areas to collaborate, and pointing out the areas where these responsibilities converge.


Carnegie Mellon’s CyLab Is A Great Resource

Wednesday, March 25th, 2009

I was very happy to be invited to Carnegie Mellon University (CMU) to speak about information security and privacy convergence last month at their CyLab research and education center. It was a great experience!


Many Motivators For Identity Theft

Tuesday, March 24th, 2009

I’ve heard far too many business leaders in lesser-regulated industries, of organizations of all sizes, say something to the effect of, “Oh, we don’t have any information that hackers would find of any value.”


There Are 47 US State & Territory Breach Notice Laws: 1-Page Listing

Monday, March 23rd, 2009

Over the weekend I did some research to make sure I am up to date with all the current U.S. state and U.S. territories breach notice laws…


Avoid Information Overload In Your Information Security & Privacy Training!

Sunday, March 22nd, 2009

I’ve been reviewing some “canned” information security and privacy training offerings in the past few months, and I’m seeing that many of them are trying to dump TOO MUCH information on those taking them; learners can only absorb so much information within a short period of time and retain it for any significant amount of time!


Cautionary Tales for Tweeting About Work

Thursday, March 19th, 2009

I’ve been using Twitter now ( for three going on four weeks. I’ve found it to be a very great way to be in touch with the latest news and happenings, and also to get in touch with other folks who care about and want to discuss the same types of topics as I do. I also see using Twitter within business organizations as a very good awareness raising tool. More on that in another post. But for now I want to discuss some of the potential personal hazards of tweeting…


Encryption Solution Reviews

Wednesday, March 18th, 2009

Here are some encryption solution reviews, from David Strom at PC World, that anyone who wants to protect their laptop data, as well as information security, and yes privacy, practitioners should find useful…


Computer Fraud Criminal Sentenced To 4 1/2 Yrs Jailtime + US$1.6 Million

Tuesday, March 17th, 2009

Would you notice a $20 – $30 fraudulent charge mixed in with a lot of other charges…most people have more than 10 according to a financial fraud expert friend…on your credit card statement?
It looks like in Bulgaria they really lower the sanctions boom on those committing computer fraud..


Business Continuity Awareness Week is 3/23 – 3/27

Monday, March 16th, 2009

Here’s another awareness raising opportunity…