Archive for the ‘Privacy Incidents’ Category
Tuesday, December 23rd, 2008
How did the following happen…there are many options…insider threat? Poor IT storage controls? Poor applications development controls? Perhaps using real personally identifiable information (PII) for test purposes? Hacker break-in? Through an outsourced company with access to the PII, but who also had poor controls? There are so many possibilities…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, Katrina, personally identifiable information, PII, policies and procedures, privacy breach, privacy training, risk management, security training
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »
Tuesday, December 16th, 2008
Another real-life example to show the importance of having effective policies and procedures in place for not only information disposal, but also for the disposal of computers and storage media…
(more…)
Tags:awareness and training, disposal, Information Security, IT compliance, IT training, McCain, Palin, policies and procedures, privacy, privacy incident, privacy training, risk management, security training
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »
Thursday, December 4th, 2008
What was this worker for a healthcare provider thinking…didn’t/doesn’t the provider provide any kind of information security or privacy training or awareness communications…?
(more…)
Tags:awareness and training, HIPAA, Information Security, IT compliance, IT training, patient privacy, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance, Privacy Incidents | No Comments »
Friday, November 7th, 2008
Just last month I blogged about the new Identity Theft Enforcement and Restitution Act of 2008. It covers extortion. I’m interested to see if it gets used for the latest extortion attempt…
(more…)
Tags:awareness and training, cybercrime, Express Scripts, extortion, identity theft, Information Security, IT compliance, IT training, personally identifiable information, PII, policies and procedures, privacy training, risk management, security training
Posted in identity theft, Privacy Incidents | No Comments »
Wednesday, November 5th, 2008
Here’s another email incident example to add to your files…
(more…)
Tags:awareness and training, email incident, email security, hackers, Information Security, insider threat, IT compliance, IT training, passwords, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Privacy Incidents | No Comments »
Saturday, October 25th, 2008
Research into the psychology of hackers has been going on ever since Cap’n Crunch cereal whistles were used to make free phone calls to anywhere in the world.
I saw the ABC News article…
(more…)
Tags:ABC News, awareness and training, cybercrime, cybercriminals, hackers, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in identity theft, Privacy Incidents | No Comments »
Thursday, October 16th, 2008
A friend (thanks Terry!) just pointed me to a couple of really great sites that Nymity provides without needing to register, and they have no ads or marketing…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, Nymity, policies and procedures, privacy breaches, privacy studies, privacy training, risk management, security training
Posted in Privacy and Compliance, Privacy Incidents | No Comments »
Wednesday, September 3rd, 2008
Okay, here’s another example of a ridiculously dumb privacy breach that occurred, in Iowa this time, through a government agency posting information on the Internet…
(more…)
Tags:awareness and training, Chet Culver, cybercrime, Des Moines Register, Information Security, Iowa, IowaLandRecords.org, IT compliance, IT training, Michael Mauro, PII, policies and procedures, privacy training, risk management, security training, social security numbers, SSNs
Posted in government, Privacy and Compliance, Privacy Incidents | No Comments »
Saturday, August 30th, 2008
I’ve been doing a lot of work with data retention and disposal policies and procedures lately, remembering the silly things I have read about with regard to organizations getting rid of their computers, such as selling their computers on eBay when they no longer need them…without removing the information! This is certainly not a phenomenon that is confined to the U.S.
Lo and behold, another situation has happened where an organization sold their old computer on eBay…for a bargain at £77 ($141), and it contained a a huge amount of personally identifiable information (PII), including credit card applications, on what is reported to be as many as over 1 million customers. Here are a few excerpts from the report in Forbes…
(more…)
Tags:awareness and training, data disposal, Information Security, insider threat, IT compliance, IT training, laptop incident, outsourcing risks, PII, policies and procedures, privacy incident, privacy training, risk management, security training, vendor risks
Posted in Information Security, Lost & Stolen Laptops, Privacy and Compliance, Privacy Incidents | No Comments »
Monday, August 25th, 2008
Yesterday I read about the 7th criminal conviction and sentencing that has been given under HIPAA, “Woman gets 14 months in ID theft case.”
(more…)
Tags:awareness and training, Health Insurance Portability and Accountability Act, HIPAA, identity fraud, identity theft, Information Security, insider threat, IT compliance, IT training, Jay Meckenstock, Leslie A. Howell, Nicole Lanae Stevenson, policies and procedures, privacy training, risk management, security training
Posted in identity theft, Laws & Regulations, Non-compliance Sanctions Examples, Privacy and Compliance, Privacy Incidents | No Comments »
