Today the U.S. Federal Trade Commission (FTC) released a report, “Combating Identity Theft: Implementing a Coordinated Plan.”
Archive for the ‘Privacy and Compliance’ Category
New FTC Report Provides Organizations Good Guidance For Protecting PII
Tuesday, September 18th, 2007PII for 60,000 Lost In Yet Another Incident: Know How To Address The Risks Involved With Entrusting PII To Business Partners
Thursday, September 13th, 2007Yesterday yet another incident occurred where a business partner / vendor lost the personally identifiable information (PII) for which they had been entrusted. Americhoice sent a CD containing the PII of 67,000 individuals to TennCare via overnight UPS delivery.
The First Ever HIPAA Audit: Where’s The Report? Does It Have Beef?
Wednesday, September 12th, 2007Gosh, I just had a flashback to the “Where’s the Beef” commercial from years ago… 🙂
The U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule went into effect in April, 2001, and gave covered entities (CEs) two years to get into compliance. The HIPAA Security Rule went into effect in April 2003 and CEs had until April 2005 to get into compliance.
HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI
Monday, September 10th, 2007There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.
HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI
Monday, September 10th, 2007There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.
Breach Notice Laws; Definitely A 21st Century Privacy Issue!
Wednesday, September 5th, 2007Hey, this week is Global Security Week!
The theme this year is “Privacy in the 21st Century.” Have you sent any communications about this topic out to your personnel?
Thinking About Web Bugs…
Monday, September 3rd, 2007Last week I participated in an interesting discussion on the Security Catalyst site about using web bugs within an organization. I pointed Cutaway to a paper I wrote a couple of years ago, “Quit Bugging Me!”
Judge Finds Officers Not Accountable for SOX Report Errors
Saturday, September 1st, 2007On August 21, 2007, there was a significant court decision made possibly impacting future Sarbanes-Oxley Act decisions in “CENTRAL LABORERS’ PENSION FUND v.INTEGRATED ELECTRICAL SERVICES INC; HERBERT ALLEN; WILLIAM W REYNOLDS; JEFFREY PUGH”
