Something I’ve been spending a lot of work on this summer is creating management tools to help information security and privacy practitioners do their jobs more effectively and efficiently. In the past three months I’ve had over a dozen CISOs and CPOs call me and ask if I had specific types of tools to help them with their information security, privacy and compliance efforts and iniatives. One of the tools will help them with managing their programs and processes for, along with the many complex issues involved with, transferring personally identifiable information (PII) with any of the 27 European Union (EU) contries to the U.S. and other countries. One of the areas involved with tackling this issue is whether or not to participate in the Safe Harbor program.
So, I was very interested to read that the U.S. Commerce Department announced a new certification mark/seal for organizations to put on their websites to show that they have self-certified compliance with the Safe Harbor Framework requirements.
Archive for the ‘Privacy and Compliance’ Category
New Website Seal For Companies Participating In The EU Safe Harbor Program
Sunday, August 3rd, 2008Free Info Sec & Privacy Training Hosted By The FTC and COPP
Thursday, July 31st, 2008If you’re in the Los Angeles area on August 13, here’s what looks to be a good, FREE, day of getting information security and privacy training hosted by the U.S. Federal Trade Commission (FTC) and the California Office of Privacy Protection (COPP).
If you are a company with no dedicated information security or privacy position, like most small and medium sized businesses (SMBs), then go to this event to hear WHY you need to make efforts to safeguard your customers’ and employees’ personally identifiable information (PII). Hey, if you’re in the area, it’ll only cost your time!
Here’s the full announcement…
Do You Do Data Mining?
Wednesday, July 30th, 2008Many folks like to argue and pick apart what is meant by “data mining.” Marketers I’ve spoken with claim they are not doing data mining with their customers’ information, but just “repurposing” it.
Whatever you call it, you need to know how your organization is using personally identifiable information (PII) in ways other than the purposes for which it was collected. Many times these other purposes are achieved through data mining.
Last week the U.S. Department of Homeland Security held a workshop, “Implementing Privacy Protections in Government Data Mining” that provided some good information about data mining privacy issues that all organizations should consider. The comments the DHS received prior to the event were very interesting.
17 Info Security & Privacy Topics Call Center Staff Must Understand
Tuesday, July 29th, 2008Okay…back to my continuing lecture on the need to provide targeted training on specific information security and privacy topics to the various responsibility groups throughout your enterprise.
Consider this; what if you took a driver’s education class and all they told you to do, by showing you on a PowerPoint slide, is how to put the key in the ignition, turn the engine over, how to press the accelerator to move forward, and how to press the brakes to stop. Then they told you to go out there and drive…have it it! Would you be well prepared to get onto the road and deal with all the other things you need to know about driving? Most likely not. If you feel you would be well prepared, please tell me you will not be driving on the central Iowa roads… 🙂
First HIPAA Sanction Applied! $100,000 + Required Actions
Friday, July 18th, 2008My jaw almost dropped early this morning when I saw the press release from the HHS yesterday, “HHS, Providence Health & Services Agree on Corrective Action Plan to Protect Health Information”
Is it about time the HHS actually enforced HIPAA? Yes!
Without applied sanctions for noncompliance, laws and regulations are meaningless and ineffective.
I’m going to look at the Resolution Agreement closely and comment on that soon…in the meantime here is the full press release:
Organizations of All Sizes Need IT Security & Privacy Training
Thursday, July 17th, 2008Many organizations create broadly scoped information security training for all their personnel to take, but too few create targeted training for groups that need to have specialized knowledge for certain topics. Different departments within an organization handle different types of information, and have different types of contact with business partners, customers and other employees. So doesn’t it make sense that the payroll folks would need training specific for their job responsibilities, and sales folks would need training specific to their responsibilities that are are very different from the payroll folks, and so on? Also, legal requirements those in various industries need specialized training. For example, those in the healthcare space in the U.S. need HIPAA training.
According to the U.S. Census Bureau, small businesses employ more than half of all Americans. Very few small and medium sized businesses (SMBs) have specialized IT staff; most of the owners or personnel take on the day-to-day IT tasks themselves, operating on a wing and a prayer that nothing will go wrong. These huge numbers of folks within SMBs are also taking care of the IT security and privacy activities…hopefully.
Organizations of All Sizes Need IT Security & Privacy Training
Thursday, July 17th, 2008Many organizations create broadly scoped information security training for all their personnel to take, but too few create targeted training for groups that need to have specialized knowledge for certain topics. Different departments within an organization handle different types of information, and have different types of contact with business partners, customers and other employees. So doesn’t it make sense that the payroll folks would need training specific for their job responsibilities, and sales folks would need training specific to their responsibilities that are are very different from the payroll folks, and so on?
According to the U.S. Census Bureau, small businesses employ more than half of all Americans. Very few small and medium sized businesses (SMBs) have specialized IT staff; most of the owners or personnel take on the day-to-day IT tasks themselves, operating on a wing and a prayer that nothing will go wrong. These huge numbers of folks within SMBs are also taking care of the IT security and privacy activities…hopefully.
Get Involved With The 4th Annual Global Security Week!
Wednesday, July 16th, 2008For the past couple of years I’ve been involved with a fantastic group of people who have put their passion, time and resources into helping raise awareness of security issues throughout the world. Dr. Gary Hinson and Brian Honan in particular have invested literally hundreds (perhaps thousands?) of hours into Global Security Week throughout the past four years.
Get Involved With The 4th Annual Global Security Week!
Wednesday, July 16th, 2008For the past couple of years I’ve been involved with a fantastic group of people who have put their passion, time and resources into helping raise awareness of security issues throughout the world. Dr. Gary Hinson and Brian Honan in particular have invested literally hundreds (perhaps thousands?) of hours into Global Security Week throughout the past four years.
Get Involved With The 4th Annual Global Security Week!
Wednesday, July 16th, 2008For the past couple of years I’ve been involved with a fantastic group of people who have put their passion, time and resources into helping raise awareness of security issues throughout the world. Dr. Gary Hinson and Brian Honan in particular have invested literally hundreds (perhaps thousands?) of hours into Global Security Week throughout the past four years.
