Here’s a case I found interesting…the U.S. District Court for the Eastern District of Tennessee ruled on October 24th that providing a group of record company plaintiffs with student personally identifiable information (PII) does not violate the U.S. Family Educational Rights and Privacy Act (FERPA).
Archive for the ‘Laws & Regulations’ Category
Judge Rules University Policy & FERPA Allow Student PII To Be Released
Tuesday, November 6th, 2007Judge Rules University Policy & FERPA Allow Student PII To Be Released
Tuesday, November 6th, 2007Here’s a case I found interesting…the U.S. District Court for the Eastern District of Tennessee ruled on October 24th that providing a group of record company plaintiffs with student personally identifiable information (PII) does not violate the U.S. Family Educational Rights and Privacy Act (FERPA).
Do Something To Change Information Security, Privacy and Compliance…Contact Congress!
Sunday, November 4th, 2007I, along with a very large number of other bloggers, writers and instructors, often pick apart data protection and privacy laws and regulations, and point out how certain portions of them are infeasible for most organizations to implement, and talk about the types of laws that should be inacted to protect personally identifiable information (PII) and privacy. But how many of us actually do something about it and contact our lawmakers to communicate this information?
Do Something To Change Information Security, Privacy and Compliance…Contact Congress!
Sunday, November 4th, 2007I, along with a very large number of other bloggers, writers and instructors, often pick apart data protection and privacy laws and regulations, and point out how certain portions of them are infeasible for most organizations to implement, and talk about the types of laws that should be inacted to protect personally identifiable information (PII) and privacy. But how many of us actually do something about it and contact our lawmakers to communicate this information?
Definitions For the Identity Theft Prevention Program Rule Under FACTA & Questions For Your Organization
Friday, November 2nd, 2007In addition to some great followup questions I got from Andy in response to my blog posting yesterday, “FTC Now Requires Organizations to Have an Identity Theft Prevention Program” I have also received some interesting questions from others about the new Identity Theft Prevention Program Rule, along with having the opportunity to have some interesting discussions with several folks today, such as Linda McGlasson at bankinfosecurity.com.
Definitions For the Identity Theft Prevention Program Rule Under FACTA & Questions For Your Organization
Friday, November 2nd, 2007In addition to some great followup questions I got from Andy in response to my blog posting yesterday, “FTC Now Requires Organizations to Have an Identity Theft Prevention Program” I have also received some interesting questions from others about the new Identity Theft Prevention Program Rule, along with having the opportunity to have some interesting discussions with several folks today, such as Linda McGlasson at bankinfosecurity.com.
FTC Now Requires Organizations to Have an Identity Theft Prevention Program
Thursday, November 1st, 2007Did you know that if you are a U.S. financial organization, *AND/OR* if you have information about your U.S. customers with which identity theft could occur, you are now legally required to have a documented Identity Theft Prevention Program to help prevent identity theft in connection with new and existing accounts?
40 State Level Breach Notice Laws…And Counting
Monday, October 29th, 2007Did you know that there are now 40 state level breach notice laws in the U.S., including the District of Columbia?
Many different websites provide information about the state breach notice laws, but most of them do not list all the current breach notice laws, or they provide information in a way that is not easy to quickly find specifically what I’m looking for.
HIPAA, The Insider Threat & Prison Time
Thursday, October 11th, 2007It seems there are more and more stories related to patient privacy and HIPAA popping up lately. Today another story caught my eye related to them.
New Nevada Law Explicitly Requires Organizations to Encrypt PII Sent Through Networks
Tuesday, October 9th, 2007To date there have been several laws that direct organizations in certain industries to consider using encryption as one way to protect data based upon the organization’s considered risks, and laws that make encryption a factor in decisions regarding breach notifications, but until now no laws that I’m aware of explicitly required personally identifiable information (PII) to be encrypted. The state of Nevada has now changed that!
