Once more I’m providing a digest of the Twitter tweets I put out (PrivacyProf) over the past week that provided pointers to interesting and useful news reports and pieces of information that I do not want to have lost in the vastness of the ever-growing twittersphere. So, for posterity and my own future reference…my own backup if you will…here’s a listing of the ones I want to be able to look back upon without paging through multiple posts on my PrivacyProf account…

1. Scary 37% of “business tech pros” don’t think they need to comply w/any regs!Chart stats for FACTA way too low: http://tinyurl.com/c4d445
2. By Verizon; for stats remember V doesn’t help w/non-technical breaches: “2008 DATA BREACH INVESTIGATIONS REPORT” http://tinyurl.com/3gsqcv
3. Cool site about early “computer”: “Comptometer, Biography of a Machine” http://tinyurl.com/d2w93f
4. Interesting stuff for Fri 13th! PRT @sciam A Scary 13th: 20 Yrs Ago, Earth Blasted with Solar Plasma [Slide Show]: http://tinyurl.com/aowy5a
5. “Editorial: Internet in need of more explanation” http://tinyurl.com/cb8d6x
6. Content changes bases on what you look like: “Signs of the times: Smart ads that watch you watching them” http://tinyurl.com/bhsw9h
7. 58% of US gov’t workers spend 1 – 4 hrs daily managing information: “Paperwork still rules the day” http://tinyurl.com/ac7z4v
8. Complince is like wearing/bulletproof vest; major assets r protected, but still r limbs&arteries exposed w/o add’l protection!
9. PublicHearings/Exemption/ProhibitiononCircumventionof Copyright Protection Systems for Access Control Technologies http://tinyurl.com/aastne
10. @ITCompliance Related issue is retention of full email threads; possibility of changes in early thread msgs likely creates ediscovery issues
11. “HHS Issues Special Report on Health Reform and Launches New healthreform.gov Web Site” http://tinyurl.com/cd6elg
12. Critical rural privacy issues exist: “President Selects Top Rural Health Care Advocate to Oversee Key HHS Agency” http://tinyurl.com/da8gzh
13. More details re this HIPAA sanction: “CVS Pays $2.25 Million and Toughens Practices to Settle HIPAA Privacy Case” http://tinyurl.com/cj37kf
14. @MyLaptopGPS Unfortunately many/most people are more concerned w/appearances than w/security; better awareness is needed in orgs to address!
15. If you didn’t know about NIST SP 800-66: An Introductory Resource Guide for Implementing the HIPAA Security Rule http://tinyurl.com/cd29c2
16. Can bring class actions against co. execs: “South Africa: New Law to Make Company Directors More Accountable” http://tinyurl.com/bkj4bh
17. Finishing a report on change controls; compliance issues and privacy implications.
18. HHS has distributed $3 Billion in Recovery Act funds: “HHS Launches New Office of Recovery Act Coordination ” http://tinyurl.com/alpsty
19. Just spoke w/youth writer for next issue Protecting Information; http://tinyurl.com/debsnb Love enthusiasm for invstgtng security & privacy!
20. Know of any studies about how many sent emails actually are delivered & how many have significant delivery delays, eg, 1 week, 1 month, etc?
21. Email delivery is far from 100% dependable & seems to be getting worse.Orgs, tho, are relying on email more to transact official business…
22. How cookies used in IRS: “Privacy Impact Assessment – Withholding Compliance System (WHCS)” http://tinyurl.com/bcxlbr
23. Use of persistent & session cookies: “E-ZPass® New York Internet Privacy Policy” http://tinyurl.com/auwx28
24. For U.S.: “Government use of session cookies” http://tinyurl.com/b4l2by
25. Doing privacy impact assessment (PIA) & looking at persistent cookies issues; some interesting stuff. Of course can be used for good & bad.
26. Anyone using this from the US DHS? “IT Security Essential Body of Knowledge (EBK)” http://tinyurl.com/aqhhsg
27. EU; when done right infosec does NOT need to impede benefits:”Organ transplantation and the data protection issue” http://tinyurl.com/d7ja2v
28. Some new perspectives & reinforcement of info sec issues: “State Laws Require Secure Personal Data” http://tinyurl.com/acwh83
29. Law went into effect 9/29/2008:”Pakistan:Communications and Electronic Information – Electronic Crimes Prevention” http://tinyurl.com/dapjvg
30. “United States:Communications and Electronic Information – Privacy Lawsuit Against Google Street View Rejected” http://tinyurl.com/bzkbqs
31. Sounds like a great event! “2009 Global Marathon For, By and About Women in Engineering March 11-12” http://tinyurl.com/cbtlav
32. Blog post: “Here’s the link for Web 2.0 Privacy and Security Considerations” http://tinyurl.com/derweo
33. + to my list:compile chronology ofcanspam fines/convics
34. yes, CONSISTENTLY enforcing laws wld make them more effective; like policies, laws r wrthlss w/o enfrcmt
35. I’d love to see ONE data protection law that protects PII no matter what type of company has it! And…
36. One wish list: “10 IT agenda items for the first U.S. CIO” http://tinyurl.com/bmqf53
37. Blog post & paper: “Web 2.0 Privacy and Security Considerations” http://tinyurl.com/dddzvq
38. Encryption misuse a listed crime:”Pakistan:Communications and Electronic Information-Electronic Crimes Prevention” http://tinyurl.com/dapjvg
39. Privacy & security to enable emergency mgmt & crime fighting: “Nigeria: Towards Reliable Identity Database” http://tinyurl.com/cxgwe8
40. From UK: “The work of the Information Commissioner” http://tinyurl.com/atejjn Good privacy info & roles info; interesting achievements list
41. For IRS: “Electronic Fax (e-FAX) Milestone 4b/5 – Privacy Impact Assessment” http://tinyurl.com/b5rctu How good is Outlook & AD security?
42. Gov’t agency 2008 PIAs: “OMB releases its annual FISMA security report to Congress” http://tinyurl.com/bmmush Ag fails;Int’l Dev gets “100%”
43. “Technology is the easy part of data sharing…The hard part is trust and attitude” http://tinyurl.com/crg8a9 +awareness & better safeguards
44. Looking for stats on trend for email msgs that arent delivered, or delivery signfcntly delayed eg, weeks/months; NOT because of spam filters
45. They used a privacy impact assessment (PIA) to do so: “School district defuses surveillance concerns” http://tinyurl.com/7nenql
46. Kicking off a Privacy Impact Assessment today! These are always very interesting, particularly doing the data flows & seeing who touches PII
47. Interesting report about NIST activities last year: “Computer Security Division 2008 Annual Report” http://tinyurl.com/7mju22
48. Legal action against cyber defamation: “Lawsuit Cracks Open Online Anonymity” http://tinyurl.com/bw3g6e
49. Includes a doc’s signature used for prescriptions: “Loads of Sensitive Medical Records Found on P2P” http://tinyurl.com/ans4rm
50. Emphasizes need for awareness “data breaches are under reported by a factor of 100” http://tinyurl.com/cy7ulb I estimate it’s more than this
51. …Yvonne Rogers, Richard Harper, and Tom Rodden. Many good thoughts including those related to security and privacy
52. …as citizens and members of global communities; we are now in touch in more ways, and with more people than ever…” by Abigaiil Sellen..
53. …rather than saves it.” Indeed it can if we become fixated and tied to it…”Yet hyperconnectivity also has the power to mobilize us…
54. “Despite the ability of such new tools to improve efficientcy and save us time, such ‘digital presence’ increasingly consumes our time..
55. Very interesting article, “Reflecting Huaman Values in the Digital Age” discusses hyperconnectivity…possibilities and downfalls
56. “Your Students Are Your Legacy” “not the hundreds of papers you publish” David A. Patterson (also from ACM Communications)
57. Interesting ACM article, “When is a “License” Really A Sale?” Can you resell sw even if package says you can’t? Quanta decision impact
58. Sunday reading from Communications of the ACM “proponents of virtualizationn argue it…represents core enhancement to security” (hardcopy)
59. …as citizens and members of global communities; we are now in touch in more ways, and with more people than ever…” by Abigaiil Sellen..
60. …rather than saves it.” Indeed it can if we become fixated and tied to it…”Yet hyperconnectivity also has the power to mobilize us…
61. “Despite the ability of such new tools to improve efficientcy and save us time, such ‘digital presence’ increasingly consumes our time..
62. Very interesting article, “Reflecting Huaman Values in the Digital Age” discusses hyperconnectivity…possibilities and downfalls
63. “How to prevent and cure medical ID theft This type of identity theft can cause even greater harm” http://tinyurl.com/dcj84q
64. From the HHS site, posted Jan 15, 2009: “Medical Identity Theft Final Report” http://tinyurl.com/cklshm
65. “Medical identity theft a difficult problem to diagnose and treat” http://tinyurl.com/dh3uvu
66. I’m doing research on med id theft; finding a lot of good stuff, s/a: “Combating medical identity theft” http://tinyurl.com/bq3zyy
67. 9How bout “s/he”? Interesting thoughts: “On Twitter, is it ‘he or she’ or ‘they’ or ‘ip’?” http://tinyurl.com/atbyvg
68. Nice example from a higher-ed institute: “Handbook for Information Technology Security Risk Assessment Procedures” http://tinyurl.com/blmejb

Tags: awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, privacyprof, risk management, security training, twitter

This entry was posted on Sunday, March 15th, 2009 at 11:45 am and is filed under Information Security, Privacy and Compliance. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.