Archive for the ‘Laws & Regulations’ Category
Saturday, September 1st, 2007
On August 21, 2007, there was a significant court decision made possibly impacting future Sarbanes-Oxley Act decisions in “CENTRAL LABORERS‚Äô PENSION FUND v.INTEGRATED ELECTRICAL SERVICES INC; HERBERT ALLEN; WILLIAM W REYNOLDS; JEFFREY PUGH”
(more…)
Tags:awareness and training, CENTRAL LABORERS’ PENSION FUND, HERBERT ALLEN, Information Security, INTEGRATED ELECTRICAL SERVICES INC, IT compliance, JEFFREY PUGH, policies and procedures, privacy, risk management, Sarbanes Oxley, SOX, WILLIAM REYNOLDS
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Friday, August 31st, 2007
I’ve talked several times about some of the risks of using the social networking sites, such as here and here.
Here is an example of how others can post information about you on these sites that will continue to haunt you for years to come.
(more…)
Tags:awareness and training, Information Security, IT compliance, MySpace, policies and procedures, privacy, privacy breach, risk management, social networks
Posted in Information Security, Laws & Regulations, Privacy and Compliance | 2 Comments »
Wednesday, August 22nd, 2007
Multi-national organizations doing business in Europe must know and understand not only their obligations to protect personally identifiable information (PII) under the European Union (EU) Data Protection Directive 95/45/EC, but they must also know and understand the data protection laws within each of the EU member countries.
(more…)
Tags:awareness and training, data protection law, EU Data Protection Directive, European Union, Information Security, IT compliance, policies and procedures, privacy, privacy law, risk management
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Monday, August 20th, 2007
The new U.S. Social Security number (SSN) No Match Rule was published August 15 in the Federal Register. You can also see it here.
This new regulation provides directives for the letters the U.S. Social Security Administration (SSA) issues to employers when the SSA discovers that an SSN does not match the information provided by the employer.
(more…)
Tags:awareness and training, Department of Homeland Security, DHS, Information Security, IT compliance, no match letter, no match rule, PII, policies and procedures, privacy, risk management, social security administration, social security number, SSA, SSN
Posted in Laws & Regulations, Privacy and Compliance | 1 Comment »
Thursday, August 9th, 2007
Over the past few years I have done well over a hundred business partner security program reviews for organizations who wanted to ensure that the organizations to whom they were entrusting their sensitive data, or other business processing, had appropriate security and privacy policies, practices, training and were generally trustworthy.
(more…)
Tags:awareness and training, business partner security review, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, risk management
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Monday, July 30th, 2007
In this global economy it is important for you to know, understand and follow the data protection laws in all the countries where you have offices, have customers, store personally identifiable information (PII) and from where PII is accessed. Each country has nuances within their laws that could create quite a big obstacle if you are doing business there and find you must suddenly stop because you are out of compliance with their data protection laws.
(more…)
Tags:AEPD, awareness and training, data protection, government, Information Security, international data transfer, IT compliance, Organic Law 15/1999, personal privacy, PII, policies and procedures, privacy, Report on International Data Transfers, Spain
Posted in Laws & Regulations, Privacy and Compliance | 2 Comments »
Wednesday, July 25th, 2007
I really enjoy reading survey results. I can’t help myself. Whether the surveys are well-done, sloppy, long, short, statistically accurate or obviously statistically invalid, I still find them interesting. Especially when they cover what the general public and non-IT/non-infosec person thinks or knows about information security and privacy, or some industry-specific issue.
(more…)
Tags:Aetna, awareness and training, FPA, HIPAA, Information Security, IT compliance, PHI, PHR, PII, policies and procedures, privacy, risk management
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Friday, July 20th, 2007
I’m thankful to be able to have my own company of one to do what I enjoy so much with information security, privacy and compliance. I am also an active part of managing the farm business for my family. With these two businesses comes A LOT of paperwork, along with checks that must regularly be sent in to various government agencies.
(more…)
Tags:awareness and training, check processing, Federal Reserve Bank, government, Information Security, IT compliance, law, policies and procedures
Posted in government, Laws & Regulations | 1 Comment »
Wednesday, July 18th, 2007
Tags:awareness and training, cross border data flow, customer privacy, data protection, employee privacy, government, Information Security, IT compliance, policies and procedures, Richard Thomas, U.K. ICO, United Kingdom
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Friday, July 13th, 2007
Tags:awareness and training, Charles W. Courtney, government, HHS, HIPAA, Hospital Sisters of the Third Order of St. Francis, Information Security, IT compliance, Kyoung Suk Kim, OCR, patient privacy, PHI, PII, policies and procedures, privacy, privacy rule, security rule
Posted in government, Laws & Regulations, Privacy and Compliance | 1 Comment »
