Ever since talk of the bird flu pandemic started making the news in 2005, information assurace folks have talked about how this could affect them and their efforts. There have been some very interesting viewpoints and insights. Most related to the loss of availability of personnel needed for the business to continue to function, loss of access to vendors, and to outsourced entities, and other emergency management and disaster recovery issues.
When you start thinking about it and brainstorming with your colleagues you discover there truly are many related information assurance issues.
Archive for the ‘government’ Category
Emergency and Disaster Planning: Government Establishes a Limited Time Pandemic Flu “Blog Summit”
Friday, May 25th, 2007Two U.S. Federal Data Protection Bills Approved: One May Actually Make It Through
Wednesday, May 9th, 2007It looks like we make actually get a federal data protection law, that includes breach notice requirements, this year. Such a law is long overdue; not only to protect personally identifiable information (PII), but also to help businesses to resolve their growing headaches involved with trying to comply with at least 36 state breach notice laws as well as dozens of other state level data protection and credit freeze laws, and multiple industry-specific data protection laws.
Deadline is Today for Submitting Comments to the DHS About Draft REAL ID Rules
Tuesday, May 8th, 2007The Department of Homeland Security (DHS) published draft rules regarding REAL ID. Comments are due by 5:00 PM Eastern Time *TODAY*.
France Fines Tyco Healthcare: U.S. Companies, You MUST Know and Follow International Data Protection Laws
Monday, May 7th, 2007In April the French Data Protection Authority (CNIL) reported they had issued a $40,972 fine against a subsidiary of U.S.-based Tyco Healthcare in March for inadequate storage safeguards and cross-border transfer of employee personally identifiable information (PII).
Employee Privacy & New Credit Check Law In Washington State Impacts Employers: Joins Similar Laws In 4 Other States
Friday, May 4th, 2007Doing background checks on potential employees, and regularly for certain positions with significant access to personally identifiable information (PII) or managemen capabilities, has been a growing trend in recent years. Such checks are viewed as ways to help prevent putting untrustworthy and significant at-risk individuals into positions where they could perform malicious and/or criminal activities.
SOX Amendment Defeated: Information security and SMBs
Tuesday, May 1st, 2007HIPAA: More Changes and Initiatives by HHS
Thursday, April 26th, 2007I’ve been reading so much about HIPAA lately; no enforcement actions yet, but a lot of changes, proposals and initiatives.
Two more I read about recently:
SOX Compliance: Fraudsters Posing as Officials Selling “Compliance Solutions;” *NO* vendor Product Can Make an Organization 100% Compliant With ANY Regulation
Tuesday, April 24th, 2007Something that has irritated me for a very long time are vendors who see a chance to make a quick buck off of worried organizations, afraid they are not going to be in compliance with new laws, and create junk products to sell to them using fear, uncertainty and doubt (FUD). FUD products.
I saw a lot of HIPAA FUD back when that regulation went into effect, and saw way too many people spending way too much money for so-called HIPAA security and privacy certifications offered by vendors who did not even have anyone on staff with any type of healthcare provider, payer or clearinghouse practitioner experience. Not to mention HIPAA compliance solutions.
HIPAA: Advisory Workgroup Proposes PHI Security and Privacy Requirements Should Apply to All Organizations
Monday, April 23rd, 2007The Department of Health and Human Services (HHS) has a Confidentiality, Privacy, and Security Workgroup, also known as the American Health Information Community, that is made up of practitioners, IT folks, lawyers and other leaders outside of the government who want a say in how protected health information (PHI) is safeguarded, shared, and otherwise handled.
Free Information Security Training Workshops from FISSEA
Tuesday, April 17th, 2007The information security and privacy incidents tally continues to grow every day, the threats and vulnerabilities continue to appear every day, and information security and privacy professionals have a hard time keeping up with them all, not to mention keeping their own personnel aware of the many issues they face in their every day business work. And then to get the resources and time necessary to create an effective program! I know many folks often seem overwhelmed.
