Archive for the ‘Laws & Regulations’ Category
Wednesday, December 5th, 2007
California’s privacy breach notification law SB1386 started the ball rolling with regard to what is now at least 40 U.S. states, including the District of Columbia, that have breach notice laws. Most of the subsequent state laws largely based theirs upon SB1386, including how the law defines “personal information.”
Effective January 1, 2008, the definition of “personal information” changes when AB1298 goes into effect in California.
(more…)
Tags:AB1298, awareness and training, breach notice law, Information Security, information security policies, insider threat, IT compliance, personally identifiable informatio, PII, policies and procedures, risk management, SB1386, security risk, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Wednesday, November 28th, 2007
My 13-year-old-niece wrote an article for me about social engineering, and I got a chuckle out of her writing, “Maybe I’m old-fashioned, but I only use email. I don’t have my own FaceBook site.”
Can you imagine email being old-fashioned?! Gosh, my hand-written letters must be prehistoric!
(more…)
Tags:awareness and training, COPPA, IM, Information Security, instant messaging, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy breach, privacy incident, risk management, security risk, security training, texting
Posted in Information Security, Laws & Regulations, Privacy and Compliance | 2 Comments »
Sunday, November 25th, 2007
My blog posting from earlier talked about how the MPAA is trying to combat movie piracy.
I just visited the LinkedIn site and was intrigued to find an ad from the Business Software Alliance (BSA) offering up to $1,000,000…yes, US $1 million …for reporting illegal software and copyright infringements by organizations, by a distributor, or over the Internet.
(more…)
Tags:awareness and training, BSA, Information Security, IT compliance, LinkedIn, MPAA, policies and procedures, privacy, privacy breach, privacy incident, risk management, security risk, security training, University Toolkit
Posted in Laws & Regulations | 4 Comments »
Sunday, November 25th, 2007
Many times software designed to enforce legal compliance, or find network users who are breaking laws, bring along with them greater risks to information security and privacy.
(more…)
Tags:awareness and training, Information Security, IT compliance, MPAA, policies and procedures, privacy, privacy breach, privacy incident, risk management, security risk, security training, University Toolkit
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Monday, November 19th, 2007
I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.
(more…)
Tags:awareness and training, email security, encryption, Health Insurance Portability and Accountability Act, HIPAA, IM security, Information Security, instant messaging, IT compliance, patient privacy, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Monday, November 19th, 2007
I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.
(more…)
Tags:awareness and training, email security, encryption, Health Insurance Portability and Accountability Act, HIPAA, IM security, Information Security, instant messaging, IT compliance, patient privacy, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Sunday, November 18th, 2007
Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.
(more…)
Tags:awareness and training, DHS, employment issues, I-9 forms, Illegal Immigration Reform and Immigrant Responsibility Act of 1996, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training, social security numbers, SSN, U.S. Citizenship and Immigration Services
Posted in Laws & Regulations | 1 Comment »
Sunday, November 18th, 2007
Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.
(more…)
Tags:awareness and training, DHS, employment issues, I-9 forms, Illegal Immigration Reform and Immigrant Responsibility Act of 1996, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training, social security numbers, SSN, U.S. Citizenship and Immigration Services
Posted in Laws & Regulations | 3 Comments »
Sunday, November 11th, 2007
I just read about a French Supreme Court decision made on October 10 (you can see a Google English rough translation of it here) that is significant to organizations who have employees in France, or anywhere worldwide for that matter, and the organization’s employee monitoring practices.
(more…)
Tags:awareness and training, court decision, employee monitoring, French Supreme Court, Information Security, IT compliance, logging, monitoring, policies and procedures, privacy, privacy training, risk management, security training
Posted in government, Laws & Regulations, Privacy and Compliance | No Comments »
Saturday, November 10th, 2007
This week the FTC once again demonstrated that they aggressively enforce compliance with those regulations for which they have responsibility.
In their press release, “FTC Announces Law Enforcement Crackdown on Do Not Call Violators” they detail their recent actions against six organizations for non-compliance with the Do Not Call (DNC) registry requirements. The involved settlements totaled close to $7.7 million in civil penalties. In addition to the following, actions against Global Mortgage Funding are pending.
Here is an overview of the non-compliance activities and associated fines/penalties:
(more…)
Tags:ADT, Alarm King, Ameriquest, awareness and training, Craftmatic, Do Not Call, DSS, FTC, Global Mortgage Funding, Guardian Communications, Information Security, IT compliance, policies and procedures, privacy, privacy training, risk management, security training
Posted in Laws & Regulations, Non-compliance Sanctions Examples, Privacy and Compliance | No Comments »
