Of all the U.S. government regulatory oversight agencies, the Federal Trade Commission (FTC) is the most active and aggressive in looking for and applying penalties to organizations that not only are in noncompliance with laws and regulations, but also those who are not in compliance with their own information security and privacy promises; in other words, those that are practicing “unfair and deceptive trade practices.”
Archive for the ‘Laws & Regulations’ Category
Something You Should Know: FTC Is Aggressively Going After Companies With Poor Security
Sunday, October 7th, 2007Canadian Privacy Commissioners Release TJX Investigation Report
Tuesday, September 25th, 2007Yesterday the Office of the Privacy Commissioner of Canada and the Office of the Information and Prrivacy Commissioner of Alberta released their “Report of an Investigation into the Security, Collection and Retention of Personal Information” concerning the TJX breach. The investigation was performed to determine if, and if so to what extent, the incident was a violation of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and/or the Personal Information Protection Act (PIPA).
PII for 60,000 Lost In Yet Another Incident: Know How To Address The Risks Involved With Entrusting PII To Business Partners
Thursday, September 13th, 2007Yesterday yet another incident occurred where a business partner / vendor lost the personally identifiable information (PII) for which they had been entrusted. Americhoice sent a CD containing the PII of 67,000 individuals to TennCare via overnight UPS delivery.
The First Ever HIPAA Audit: Where’s The Report? Does It Have Beef?
Wednesday, September 12th, 2007Gosh, I just had a flashback to the “Where’s the Beef” commercial from years ago… 🙂
The U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule went into effect in April, 2001, and gave covered entities (CEs) two years to get into compliance. The HIPAA Security Rule went into effect in April 2003 and CEs had until April 2005 to get into compliance.
Fair Labor Standards Act: Court Ruling Makes Me Wonder…When/Do IT Folks Get Paid For Overtime?
Tuesday, September 11th, 2007Here’s something interesting along the compliance front…especially considering the very long hours I used to work for my employer years ago, and how long I know so many other IT folks work long hours trying to resolve problems. It also brings in a law I’m not very familiar with, the Fair Labor Standards Act (FLSA), but motivates me to learn more. Those of you in IT fields will be interested in this…
Judge Rules USA PATRIOT Act Breaks Separation of Powers Requirements
Thursday, September 6th, 2007There was some very interesting news in the Kansas City Star today; “Judge strikes down part of Patriot Act”
Judge Rules USA PATRIOT Act Breaks Separation of Powers Requirements
Thursday, September 6th, 2007There was some very interesting news in the Kansas City Star today; “Judge strikes down part of Patriot Act”
Your Name May Be Falling Off the Do Not Call List Soon!
Thursday, September 6th, 2007I recently did a privacy impact assessment (PIA) for a marketing company and remembered that the U.S. Do Not Call list entries expire after 5 years! Most people do not realize this…did you know this?
Breach Notice Laws; Definitely A 21st Century Privacy Issue!
Wednesday, September 5th, 2007Hey, this week is Global Security Week!
The theme this year is “Privacy in the 21st Century.” Have you sent any communications about this topic out to your personnel?
