Archive for the ‘Privacy and Compliance’ Category

Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction

Monday, November 5th, 2007

Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.

(more…)

FTC Now Requires Organizations to Have an Identity Theft Prevention Program

Thursday, November 1st, 2007

Did you know that if you are a U.S. financial organization, *AND/OR* if you have information about your U.S. customers with which identity theft could occur, you are now legally required to have a documented Identity Theft Prevention Program to help prevent identity theft in connection with new and existing accounts?

(more…)

Will A “Do Not Track” List Materialize?

Wednesday, October 31st, 2007

Today it was widely reported that several privacy groups were banding together to demand the creation of a “Do Not Track” list, similar to the FTC’s “Do Not Call” list.

(more…)

Email Security and Privacy: NY Hospital Retention Ruling Points Out Importance of Policies and Awareness

Wednesday, October 31st, 2007

On October 17, 2007, there was a very interesting ruling regarding a doctor’s email communications sent to an attorney and the associated attorney privilege. In the matter of Scott v Beth Israel Med. Ctr. Inc. the New York Supreme Court found that the doctor’s email messages to his attorneys using the hospital network were not privileged and could be retained by the hospital even though the doctor wanted the hospital to stop retaining his messages and delete all emails related to his communications with his lawyers.

(more…)

5-Point Checklist for Info Sec and Privacy Pros to Use for Data Protection and Privacy Law Compliance

Sunday, October 28th, 2007

One of the basic privacy principles is to limit the collection of personally identifiable information (PII) to only that which is necessary for the business purpose for which it is being collected. These privacy principles, built largely around the OECD privacy principles, are the basis for most data protection and privacy laws throughout the world.

(more…)

APEC Privacy Framework: Viewpoints from the FTC, TRUSTe & Marty Abrams

Saturday, October 27th, 2007

One of the sessions I attended at the IAPP Privacy Academy this past week was “APEC Update – Self Regulatory Approaches to Cross Border Transfers of Personal Data.” The presenters were: Pamela Jones Harbour, Commissioner, Federal Trade Commission (FTC), Marty Abrams, Executive Director, Center for Information Policy Leadership, and Fran Maier, Executive Director and President, TRUSTe.

(more…)

Microsoft’s Charney Agrees That Information Security and Privacy Pros Must Work Together

Thursday, October 25th, 2007

Yesterday (Wednesday) was the final day of the IAPP Privacy Academy, and it was a great conference for me! I have been preaching about information security and privacy collaboration within a 2-day training seminar over the past 2 years, so it is good to finally start hearing others recognize and promote the need for information security and privacy practitioners to work together.

(more…)

Training Info Sec and Privacy For Incident Response; Many Issues Overlap

Tuesday, October 23rd, 2007

It has been great talking in-depth about privacy issues over the past two days here at the IAPP Privacy Academy.
We had a great turnout for the pre-conference seminar; the room was filled to the 60-person capacity. It was good to hear the concerns and common practices of the diverse organizations for how they are providing privacy training and awareness.

(more…)

Helping Privacy Pros Deliver Effective Privacy Training and Awareness

Monday, October 22nd, 2007

Today I am co-delivering training with 4 other privacy education pros at the IAPP Privacy Academy pre-conference seminar, “Training 360¬∞: How to Educate the Enterprise.”

(more…)

Best privacy advisers in 2007

Saturday, October 20th, 2007

On Thursday, 10/18, Computerworld released their list of “The best privacy advisers in 2007

(more…)