I speak with many organizations who have customers throughout the world, often via their ecommerce websites, and an alarmingly large number of these organizations are completely unaware of the data protection laws they must follow in the countries where their customers are from. When the privacy commissioners from these other countries discover the organizations not following the laws, the organizations can have substantial financial impact on their businesses from not only fines, but typically more significantly from bad press, and orders to discontinue business within the country until they have their business activities, policies and processes in compliance with the requirements.
Archive for the ‘Laws & Regulations’ Category
5 Security Lessons from Non-Compliance with UK Data Protection Law
Monday, July 2nd, 2007RAM Is Subject To E-Discovery Under Recent Ruling: Talk With Your Legal Counsel About The IT Issues
Friday, June 29th, 2007Late last year I blogged about the new E-Discovery Rule that took effect on December 1, 2006.
I wrote “The Business Leader Data Retention and E-Discovery Primer” discussing the issues, and I also wrote an article discussing the e-discovery issues for which IT must be involved, “E-Discovery Quagmires.”
First Person Convicted Under CAN-SPAM Is Sentenced to 70 Months in Federal Prison and Must Pay Over $1 Million
Tuesday, June 26th, 2007On June 11, Jeffrey B. Goodin was ordered to pay $1,002,885.58 to the victims of his phishing scheme.
Laws, Standards, Mapping, and HIPAA
Friday, June 22nd, 2007Today is the last day of Norwich University’s Masters programs residency week; this afternoon is graduation.
It has been a great week…I have loved chatting with the students and faculty, and I’ve compiled a page full of topics I want to research and blog about!
Medical Identity Theft and Bill Requiring Criminal Background Checks In LTC Facilities
Tuesday, June 19th, 2007I have had relatives very close to me who, because of degenerative diseases and medical problems, have had to go to long term care (LTC) facilities. I always worried about the care they were receiving when I was not around. I worried that others would not be caring for them in a truly caring and kind way. I worried that people who had been convicted of violent crimes and financial fraud might try to take advantage of them and the others in the facility. I tried to keep a close watch on them.
New Information Security and Cybercrime Initiatives Planned in the EU
Monday, June 4th, 2007As cybercrime continues to occur in more varied ways, as more incidents are reported every day, as new threats emerge, as more vulnerabilities are found within software and systems, often within those products that companies buy to improve security, the more bills, plans, initiatives and laws that emerge worldwide to address these issues.
Handling Complex and Difficult Privacy and Information Security Issues
Wednesday, May 30th, 2007Only 10 more days until my 2-day seminar, “Handling Complex and Difficult Privacy and Information Security Issues” in Scottsdale, Arizona on June 9th and 10th (Saturday and Sunday)!
A Twist Within a New State Breach Notice Law: Maryland’s Also Requires Information Security Safeguards
Monday, May 28th, 2007Here’s something that you don’t see in other states…
On May 17, Maryland Governor Martin O’Malley signed into law two identical bills, one from the House and one from the Senate, that require businesses to notify state residents if their unencrypted or unredacted personal information, whether in electronic or paper form, is breached. In addition to mandating breach notification, the new law contains data security and data destruction requirements for companies doing business in the state.
More Reason to Strengthen Information Security: New MN Law Restricts How Long Merchants Can Retain Purchase Information
Monday, May 28th, 2007To date we have at least 37 U.S. states that have enacted breach notice laws, (Maryland’s new breach notice law was signed May 17th), but these address how to react AFTER personally identifiable information (PII) has been compromised. Multiple federal-level bills proposed but none yet passed.
