I had been planning to post about a legal argument made regarding employer’s email systems and employee rights, but I’ll save that until the weekend…this sounds more fun right now any way!
Archive for the ‘Privacy and Compliance’ Category
The Path Less Traveled…I’ve Been “Tagged” to Blog About How I Got Into This Business and To This Point in my Career
Friday, April 6th, 2007Insider Threat Example: Former Wal-Mart Employee Spied Because His Managers Told Him To
Wednesday, April 4th, 2007I have seen organizations where management and staff members were so fixated on protecting the company, to the disregard of observing laws and complying with policies, that they ended up doing completely inappropriate actions that involved infringing on privacy and breaking laws.
Privacy Act: FTC Proposes Allowing Disclosure of PII Records to Third Parties To Assist Data Breach Response Within Gov’t Agencies
Tuesday, April 3rd, 2007On March 29 the FTC published a proposed new routine use, (72 Fed. Reg. 14814, 3/29/07), that would allow FTC records governed by the Privacy Act to be disclosed to “appropriate” persons and entities when reasonably necessary to respond and prevent, minimize, or remedy harm resulting from a U.S. government agency data breach or compromise.
How Long Has It Been Since You’ve Done An Awareness Activity? Privacy and Security Week Starts April 8
Monday, April 2nd, 2007Awareness activities are an important and necessary component of an effective, layered, information assurance program. Too little time is spent on communicating information security and privacy requirements, threats, vulnerabilities, and other related issues within most organizations. Providing regular traning and ongoing awareness activities to all personnel, along with customized training to targeted groups with unique information security responsibilities, such as call centers, sales and marketing folks, and applications and systems developers, as is also very important.
Royal Academy of Engineering Releases Privacy Study Report: Emphasizes Importance of Engineering Security and Privacy Into Technology
Friday, March 30th, 2007The Royal Academy of Engineering, located in London, recently released a report, “Dilemmas of Privacy and Surveillance: Challenges of Technological Change.”
I just ran across it and haven’t had a chance to review it in depth yet, but a quick scan and reading the executive summary shows some interesting thoughts.
Study Reports The Companies Trusted Most For Privacy
Thursday, March 29th, 2007The Ponemon Institute puts out an annual survey asking anyone who wants to participate in their online survey who the companies are that they believe respect their customers most and do the best job of protecting their privacy.
U.S. ONDI and DOD Standardizing Security Policies
Wednesday, March 28th, 2007The Office of the National Director of National Intelligence (ONDI) and the Department of Defense (DoD) announced they are going to standardize their information security policies.
The work on the standardization started 8 months ago.
Government Compliance: FBI Director Says USA PATRIOT Act Doesn’t Need Changes; That FBI Is To Blame for Associated Problems
Tuesday, March 27th, 2007Today U.S. FBI Director Robert Mueller appeared before the Senate Judiciary Committee and testified that there are no problems with the USA PATRIOT Act, but that the FBI did not implement the Act appropriately.
Don’t Be A Security Slacker
Sunday, March 25th, 2007Today I woke up to a beautiful, gorgeous spring morning…sunny, low 60’s (abnormally high for March), gentle breeze, the grass seemed to have gotten green over night, the birds are singing, the geese and ducks have come back after being gone for the winter and are swimming on our pond, a cute little chipmunk is eating from the birdseed and nuts I scattered on the patio outside my office door, what a great day! And then, after a nice walk outside, I come back inside, first to do some chores along with my family; my sons doing their assigned cleaning.
Raise Awareness by Sharing Your Knowledge And Experience
Saturday, March 24th, 2007You help to improve information assurance efforts and assist other information assurance practitioners by sharing your expertise, experiences, and suggestions. Consider writing an article for publication not only to help others, but also to help you hone your writing skills, validate your expertise to your business leaders by showing them your published work, and provide an avenue for meeting other professionals who reach out to ask you questions about your article.