In many countries, such as in all 25 of the European Union states and within Canada, just to name a few, individuals have the legal right to request from organizations a verification of whether or not the organization has information about him or her, and organizations must provide to individuals, upon their request, a copy of their corresponding personal information in an easy-to-understand format, within a reasonable period of time from the request.
Archive for the ‘government’ Category
Privacy: How to handle individual access requests in the UK in compliance with the Data Protection Act
Friday, February 16th, 2007Privacy Breach, Hackers and Lawsuits: Iowa Department of Education, Microsoft and Perkins Omelettes; Oh My!
Thursday, February 15th, 2007There’s been enough interesting information security and privacy news here in my own frigid (subzero) snowy back yard in central Iowa to keep me from looking beyond the state for discussion material. Well yes, I did look beyond anyway…what I found will wait until another day.
Yesterday was interesting in that the Iowa Department of Education announced a security breach into their GED database and the Microsoft versus Comes/Iowa class action lawsuit was settled out of court.
HSPD-12 and U.S. Government Agency Authentication and Access Controls
Wednesday, February 14th, 2007Creating technologies that authenticate users with a high degree of confidence has always been a challenge, not only because of the typical complexity of the systems, but also because of the amount of confidence that must be placed within the end-user to appropriately secure his or her own user authentication information, most commonly the user ID and password.
Over the past several years the U.S. Government Accountability Office (GAO) has identified the historically poor authentication and access control practices as barriers for successful information sharing between not only government entities, but also with the private sector.
HSPD-12 and U.S. Government Agency Authentication and Access Controls
Wednesday, February 14th, 2007Creating technologies that authenticate users with a high degree of confidence has always been a challenge, not only because of the typical complexity of the systems, but also because of the amount of confidence that must be placed within the end-user to appropriately secure his or her own user authentication information, most commonly the user ID and password.
Over the past several years the U.S. Government Accountability Office (GAO) has identified the historically poor authentication and access control practices as barriers for successful information sharing between not only government entities, but also with the private sector.
Privacy Breach: FBI Loses Laptops Each Month Despite 2002 Audit Telling Them To Improve Practices
Monday, February 12th, 2007Today the U.S. Department of Justice (DOJ) released the “The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit” report.
As you can tell by my post title, this should be a very embarrassing report for the FBI.
Privacy Breach: FBI Loses Laptops Each Month Despite 2002 Audit Telling Them To Improve Practices
Monday, February 12th, 2007Today the U.S. Department of Justice (DOJ) released the “The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit” report.
As you can tell by my post title, this should be a very embarrassing report for the FBI.
FTC: Speech Highlights Need for All Organizations To Address Information Security and Privacy & Education On These Topics
Friday, February 9th, 2007The transcript of FTC Chairman Deborah Platt Majoras’ keynote on February 6 at the RSA conference, “ID Theft and Cyber-crime: Where Thieves Victims, Industry and Government Intersect” is available on the FTC site.
I’ve often stressed how the FTC Act basically applies to all organizations of all sizes in all industries doing business in the U.S. that have been entrusted to handle personal information. Too many organizations still believe that information security privacy issues only need to be handled by healthcare or financial organizations. The FTC has made many published statements to demonstrate that all organizations had better get their act together and implement safeguards for personally identifiable information (PII). Some of the statements within Majoras’ keynote emphasize this.
Privacy Law: Leahy & Specter File Personal Data Privacy Act of 2007 Bill
Thursday, February 8th, 2007On Tuesday, February 6, U.S. Sen. Patrick Leahy, D-Vt., and Sen. Arlen Specter, R-Pa., filed legislation,the Personal Data Privacy Act of 2007, that would, among other things, require organizations to notify consumers of security breaches as well as mandate the adoption of internal policies to protect personal data. This bill is generally the same as the bill Leahy proposed in 2005 and then again in 2006.
HIPAA: Congressional and GAO Reports Say HHS Needs To Make Changes To Protect Patient Privacy
Monday, February 5th, 2007According to a congressional testimony report posted February 1, “Private Health Records: Privacy Implications of the Federal Government’s Health Information Technology Initiative,” the Department of Health and Human Services (HHS) needs to do more to address privacy and security concerns connected with the new technology.
Here is an excerpt from the testimony statement of Senator Daniel K. Akaka:
Free Awareness from the FTC: Phishing
Friday, February 2nd, 2007I ran across this on the FTC site, an email to send to folks that links to an animation to help make them aware of phishing messages; isn’t this cool!? The FTC sight provides this as an awareness raising communication. It’s a little long, and hopefully the folks going to this link will have their sound turned off so it doesn’t shock their desk neighbors, but all in all it is a great, FREE (paid for by U.S. tax dollars), awareness communication to warn about the threats involved with phishing messages.
