Archive for the ‘Privacy and Compliance’ Category
Tuesday, January 15th, 2008
I just read a very interesting article, “CMS’ HIPAA watchdog presents potential conflict” that made me go Hmmm!!
The genesis of the article is that the Centers for Medicare and Medicaid Services (CMS), the agency that is responsible for the Health Insurance Portability and Accountability Act (HIPAA) oversight and compliance enforcement, has contracted PricewaterhouseCoopers (PwC) to perform HIPAA Security Rule compliance audits during 2008.
(more…)
Tags:awareness and training, CMS, HHS, HIPAA, Information Security, IT compliance, OCR, patient privacy, PHI, Piedmont Hospital, PII, policies and procedures, PricewaterhouseCoopers, privacy, privacy policy, privacy rule, PwC, risk management, security awareness, security rule, security training
Posted in Privacy and Compliance | No Comments »
Friday, January 11th, 2008
I’ve blogged several times, such as here, here and here, about how information posted to the Internet, such as on Facebook and other social networking sites, cannot be considered as being private or secure, have been used to make hiring and firing decisions, and how it has impacted lives in other ways.
Well, now information posted to social networking sites are being used by schools.
(more…)
Tags:awareness and training, Eden Prairie, facebook, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, protecting information, risk management, security awareness, security training, social networking
Posted in Privacy and Compliance | No Comments »
Sunday, January 6th, 2008
While doing some encryption research I ran across this Vermont ruling made on November 29, 2007.
It provides some good lessons about computer forensics and investigation and password management.
(more…)
Tags:5th Amendment, awareness and training, Boucher, computer forensics, democrats, encryption, Information Security, Iowa caucus, IT compliance, Niedermeier, password security, PGP, policies and procedures, privacy, republicans, risk management, security awareness, security training, Vermont
Posted in Laws & Regulations, Privacy and Compliance | 2 Comments »
Thursday, January 3rd, 2008
I recently blogged about “6 “Scary Stuff” Privacy Terms IT, Info Sec and Privacy Folks Should Know.”
I was very pleasantly surprised to hear from Dr. Michael G. Michael and his wife Dr. Katina Michael a couple of days ago about the post! (Thank you Michael and Katina!) They provided some additional very interesting information about the term “√úberveillance.” With their permission, here is a large portion of the message they sent to me:
(more…)
Tags:ambient technology, awareness and training, Dr. Katina Michael, Dr. Michael G. Michael, employee privacy, employee tracking, GPS tracking, Information Security, IT compliance, policies and procedures, privacy, privacy law, RFID, risk management, security awareness, security training, social security number, SSN, uberveillance
Posted in Privacy and Compliance | No Comments »
Thursday, December 27th, 2007
On December 10 the U.S. Federal Trade Commission (FTC) announced that the FTC commissioners voted unanimously to have principles to govern online behavioral advertising. At the same time they released their proposed principles to guide the development of self-regulation in this area.
(more…)
Tags:awareness and training, behavioral advertising, cookies, FTC, FTC Act, Information Security, IT compliance, policies and procedures, privacy, privacy policy, privacy principles, risk management, security awareness, security training, web bugs
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Wednesday, December 26th, 2007
Tags:American United Mortgage Company, awareness and training, disposal rule, FACTA, FCRA, FTC, FTC Act, GLBA, Information Security, IT compliance, policies and procedures, privacy, privacy incident, privacy policy, privacy rule, risk management, security awareness, security training
Posted in Information Security, Non-compliance Sanctions Examples, Privacy and Compliance | No Comments »
Friday, December 21st, 2007
This morning I did a podcast interview with bankinfosecurity and they already have it posted!
During the interview I answered and expanded upon five questions and issues:
(more…)
Tags:awareness and training, bankinfosecurity, breach response, incident response, Information Security, IT compliance, policies and procedures, privacy, privacy breach, privacy policy, risk management, security awareness, security training
Posted in Privacy and Compliance | No Comments »
Wednesday, December 19th, 2007
For the past 10 years I have been driving the same, reliable, non-troublesome car. It still looks good enough (I don’t really worry about driving an “it” kind of car). However, it is getting a bit rattly, and my friends have been increasingly giving me a hard time about continuing to drive it past the 200,000 mile mark. I never really cared much until my starter went out a couple of months ago. I wondered, what if this had happened to me while I was in a neighboring state at a client site? Sure, I have AAA, but it would still be a hassle. So, I decided if I saw a car I really liked and that had all the features I wanted, I would splurge and get a new car.
Well…I just happened to find a car I absolutely loved after seeing and driving it. I was at the dealer paying for it yesterday, and the sales person asked for my Social Security Number (SSN).
(more…)
Tags:awareness and training, FERPA, GLBA, HIPAA, identity theft, Information Security, Iowa law, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy policy, risk management, security awareness, security training, social security number, SSN
Posted in Privacy and Compliance | 1 Comment »
Tuesday, December 18th, 2007
Organizations have faced legal and regulatory requirements for literally decades. However, IT compliance is relatively young.
U.S. healthcare organizations reacted with alarm over the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The U.S. financial organizations soon followed suit with their reaction to the passage of the Gramm Leach Bliley Act (GLBA), also known as the Financial Modernization Act, of 1999. But probably the biggest whammy felt by the largest numbers of organizations was the passage of the Sarbanes Oxley (SOX) Act of 2002.
(more…)
Tags:awareness and training, GLBA, HIPAA, Information Security, IT compliance, ITIL, PCI, policies and procedures, privacy, privacy policy, risk management, security awareness, security training, SOX
Posted in Privacy and Compliance | No Comments »
Monday, December 17th, 2007
Tis the season for lists upon lists upon lists. However, Fortune’s “101 Dumbest Moments in Business” for 2007 caught my eye for being rather unique-sounding. There were *MANY* dumb information security and privacy business moments in 2007; I wondered, did Fortune recognize any of them?
I took the time to flip through them quickly…ah, yes! Quite a fun exercise! And here at least 18 IT compliance, info sec and/or privacy links to the Fortune 101 list:
(more…)
Tags:awareness and training, CIPA, Didier Stevens, Fortune, Information Security, IT compliance, One Laptop Per Child, Paris Hilton, policies and procedures, privacy, privacy policy, risk management, security awareness, security training
Posted in Information Security, Privacy and Compliance | No Comments »
