I have a blog problem…there are way too many things I want to blog about and not enough hours in the day to do it! Throughout each day I note news items from the TV, or website news articles, or research, or reports, or just observations while at businesses or in public, and I only have a chance to blog about a small fraction of them. Today I think I’ll just briefly mention five of the topics I’ve planned to blog about, along with a brief note about each, and then maybe I’ll be able to revisit them sometime in the near future and discuss them at greater length.
Archive for the ‘Privacy and Compliance’ Category
Data Will Always Be Less Safe In The Future…I Don’t Want To Get Gussied Up To Talk On The Phone
Wednesday, October 17th, 2007Trending Towards More Business Applied Employee Sanctions For Security Incidents
Monday, October 15th, 2007I’ve been noticing lately more and more organizations sanctioning their employees for not following information security policies. I first blogged about it recently on September 24 about a hospital actively enforcing sanctions for HIPAA violations, then again on October 10 about another hospital sanctioning employees for noncompliance, then again on October 11, and then again just yesterday.
HIPAA, The Insider Threat & Prison Time
Thursday, October 11th, 2007It seems there are more and more stories related to patient privacy and HIPAA popping up lately. Today another story caught my eye related to them.
Another Hospital Suspends Staff For Violating HIPAA Requirements
Wednesday, October 10th, 2007A couple of weeks ago I blogged about the Ivinson Memorial Hospital applying sanctions to their staff for violating HIPAA requirements.
They have set a good example…another hospital has also applied sanctions…suspending 27 of their staff members for violating HIPAA requirements.
Iowa Universities Provide Examples of Good and Bad Information Security and Privacy
Wednesday, October 10th, 2007In the past week the two largest universities in Iowa provided examples of both great and poor security practices. Let’s see…how about the bad example first?
New Nevada Law Explicitly Requires Organizations to Encrypt PII Sent Through Networks
Tuesday, October 9th, 2007To date there have been several laws that direct organizations in certain industries to consider using encryption as one way to protect data based upon the organization’s considered risks, and laws that make encryption a factor in decisions regarding breach notifications, but until now no laws that I’m aware of explicitly required personally identifiable information (PII) to be encrypted. The state of Nevada has now changed that!
Something You Should Know: FTC Is Aggressively Going After Companies With Poor Security
Sunday, October 7th, 2007Of all the U.S. government regulatory oversight agencies, the Federal Trade Commission (FTC) is the most active and aggressive in looking for and applying penalties to organizations that not only are in noncompliance with laws and regulations, but also those who are not in compliance with their own information security and privacy promises; in other words, those that are practicing “unfair and deceptive trade practices.”
Why Would You Trust Microsoft To Store Your Sensitive Health Information?
Thursday, October 4th, 2007Today Microsoft launched their new web portal, HealthVault to store, for free, “medical histories, immunization and other records from doctors’ offices and hospital visits, including data from devices like heart monitors. It is also tied to a health information search engine the software maker launched last month.”
Know How To Motivate Your Personnel To Protect Information
Wednesday, October 3rd, 2007Not everyone has the same motivation to secure the information they handle or access while they are working. This is something very important for information security and privacy practitioners to understand, but unfortunately too many do not think about motivation factors when creating and managing their information security, privacy and compliance programs.
