Archive for May, 2012
Thursday, May 31st, 2012
A couple of weeks ago I was doing a consulting call with a small startup business (that in a short span of time is already performing outsourced cloud processing for a number of really huge clients) about information security and privacy. They had implemented just the basic firewall and passwords, but otherwise had no policies, procedures, or documented program in place. I provided an overview of the need for information security and privacy controls to be in place throughout the entire information lifecycle; from creation and collection, to deletion and disposal. They were on board with everything I was describing until we got to (more…)
Tags:big data, breach, compliance, data analytics, data mining, degauss, disposal, disposal rule, facebook, FACTA, frictionless sharing, IBM, Information Security, information technology, infosec, IT security, midmarket, Netflix, non-compliance, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, SB 3159, security, Senate Bill 3159, sensitive personal information, shred, SPI, systems security, trash
Posted in Laws & Regulations | 5 Comments »
Thursday, May 17th, 2012
I was recently speaking with a friend on the phone, and she said, “I just had the most embarrassing thing happen! I had one of my Facebook friends send me a text teasing me about reading a rather sleazy article on TMZ. I did not know what she was talking about! So, I went to my Facebook page, and sure enough, down the timeline there was an article I had only briefly gone to the previous day after clicking a headline about moms on Google news and landed on a page; I quickly got off of when I saw it. I was so embarrassed to see that my brief visit to the page had been posted on my Facebook page! I don’t even go to TMZ on purpose, why is Facebook suddenly tattling on me when it accidentally went there?” (more…)
Tags:audit, big data, breach, breach response, change controls, compliance, DailyMotion, data analytics, data mining, encryption, facebook, foursquare, frictionless sharing, gartner, IBM, Information Security, information technology, infosec, IT security, Keywords: personal information, Metacafe, midmarket, Netflix, non-compliance, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, Socialcam, SPI, spotify, systems security, Viddy, Washington post, WPO, Zuckerberg
Posted in Miscellaneous | 2 Comments »
Wednesday, May 2nd, 2012
My 12-year-old son said to me yesterday after getting home from school, “Hey, Mommy, did you know that Wal-Mart can tell when you’re pregnant? And so can Target! Even before anyone else knows! They got a girl in trouble when they sent her dad coupons for baby stuff and congratulated her!”
Me, “That’s pretty incredible, isn’t it? Companies are able to discover things like that about people more than ever before through analyzing what is called ‘Big Data’.”
Son, “That’s really creepy. I think you should (more…)
Tags:audit, big data, breach, breach response, change controls, compliance, data analytics, data mining, encryption, IBM, Information Security, information technology, infosec, IT security, midmarket, non-compliance, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, SPI, systems security, Target, Wal-Mart
Posted in privacy | 1 Comment »