Information security, privacy, and compliance practitioners must obtain the support of executive management to be successful. So how do you do this?
I talk about this in the first section of the first article of my October issue of “IT Compliance in Realtime Journal.”
Here is the unformatted version of the first section of the first article; download the PDF to see a much nicer-looking version…
Archive for the ‘Privacy and Compliance’ Category
Create A Clear Education Strategy BEFORE Asking Executives for Training and Awareness Support
Wednesday, October 29th, 2008Web 2.0 Security, Privacy & Policies
Friday, October 24th, 2008Since 2000 I’ve been writing a monthly column for the Computer Security Institute (CSI) Alert publication…
FTC Postpones Active Red Flags Rule Enforcement To May 1, 2009
Thursday, October 23rd, 2008I was surprised to read this yesterday…
Reading Online Privacies Could Cost $365 Billion Annually? Doubt It!
Tuesday, October 21st, 2008My friend Alec (thanks Alec!) pointed me this interesting story…
Federal Reserve Releases Examination Procedures For Red Flags Rule Compliance
Friday, October 17th, 2008If you must comply with the Red Flags Rule, which is a rule that falls under the umbrella of the Fair and Accurate Credit Transactions Act (FACTA), which most organizations in the U.S. who process payments from their customers must comply with, for which compliance is required by November 1 of this year, then you should review the recently released guidance documents that will be used by the government oversight examiners…
Two Great Sites About Privacy Breaches and Privacy Studies
Thursday, October 16th, 2008Palin Email Hacker Indicted
Wednesday, October 8th, 2008Around September 10 a widely-reported story broke about how Sarah Palin’s Yahoo! email account was broken into.
Contents of some of her email messages were then widely posted to various Internet websites.
HIPAA Compliance During Emergencies and Disasters
Tuesday, October 7th, 2008Yesterday the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new HIPAA frequently asked question (FAQ) to their site; a great question that many organizations do not even consider until after the fact…
Do Your Legal Contracts Conflict with Your Web Site Privacy Policy?
Friday, October 3rd, 2008Over the years I’ve found while doing website privacy policy reviews and gap analyses that a large portion of organizations make promises within their posted web site privacy policies that they do not support by internal procedures, and that they do not provide internal personnel training and awareness communications for; a huge risk!
I’ve also found that many organizations have online contracts for their web site customers that are in conflict with their posted privacy policies.
Are the Terms of Your Legal Contracts Enforceable?
Wednesday, October 1st, 2008Most web sites have some type of legal contract that is presented to site visitors for any number of reasons. Do your web site visitors actually read them? It probably depends upon how the contracts are presented to the web site visitors, and how the wording is constructed.
Are the contracts written clearly? Or, could they be interpreted in multiple ways? Or trick people into thinking they are agreeing to something other than what the legalese is trying to obligate them to agree to?
