Archive for the ‘Privacy Incidents’ Category

« Older Entries
Newer Entries »

BONY Loss Of Backup Tape With Unencrypted PII Is Disappointing…But Not Surprising

Tuesday, May 27th, 2008

Late last week I communicated with Linda McGlasson about a story she was putting together for bankinfosecurity that was published today, “Bank of New York Mellon Investigated for Lost Data Tape: 4.5 Million Customers Potentially Exposed.”
It’s a good and interesting article; check it out.
In Linda’s article there was a quote from Bank of New York (BONY) Mellon’s spokesperson Ron Sommer,

(more…)

Tags:, , , , , , , , , , , ,
Posted in Privacy and Compliance, Privacy Incidents | No Comments »

Addressing the Insider Threat

Tuesday, May 13th, 2008

My May issue of “IT Compliance in Realtime” is now available!
The first article I have within this issue is, “Addressing the Insider Threat.”
Here is the unformatted text of the article; download the PDF to get the much nicer, prettier, formatted version…

(more…)

Tags:, , , , , , , ,
Posted in Information Security, Privacy Incidents | No Comments »

A Couple Of Little Known HIPAA Facts

Thursday, May 8th, 2008

Last week I was contacted by Corey Goodman, a reporter for HCPro, about a story he is doing that sounds like it will be quite interesting! He is collecting examples and anecdotes about “little know HIPAA facts” and asked me to contribute some for his article.
I anticipate that he will be cutting the couple of little known facts I provided to him down quite a bit, so I wanted to provide them here not only as a future reference for myself, but also for those of you who may be interested!

(more…)

Tags:, , , , , , , , , , ,
Posted in Privacy and Compliance, Privacy Incidents | No Comments »

Yet Another Stolen Laptop With Clear Text Patient PII

Tuesday, March 25th, 2008

Yet another in a long procession of laptop thefs, “Stolen laptop contains personal info of 2,500 patients“.
Here are the first few paragraphs…

(more…)

Tags:, , , , , , , , , , , , ,
Posted in Lost & Stolen Laptops, Privacy Incidents | 1 Comment »

Passport Breach: Poor Security Practices Lead To Privacy Breaches

Sunday, March 23rd, 2008

The breach of the presidential candidates’ passport files were widely reported over the past few days, such as here and here, not to mention the many postings referencing it as “passport-gate” throughout the blogosphere and the political implications. However, based upon what I’ve been reading it looks more like the result of a poor, inadequate and vulnerable information security program.
There are many information security and privacy issues involved with this incident. It would make a great case study to use at a joint meeting with your information security, privacy and compliance folks. Some of the questions to include in your discussion could include…

(more…)

Tags:, , , , , , , , , , , , , ,
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »

What Business Leaders Need to Know About Privacy Breach Notifications

Thursday, March 13th, 2008

The third article in my March e-journal issue of “IT Compliance in Realtime” is “What Business Leaders Need to Know About Privacy Breach Notifications.”
Here it is, unformatted:

(more…)

Tags:, , , , , , , , ,
Posted in Privacy and Compliance, Privacy Incidents | No Comments »

The “Reasonable Belief” of a Privacy Breach

Wednesday, March 12th, 2008

The second article in my March e-journal issue of “IT Compliance in Realtime” is “The “Reasonable Belief” of a Privacy Breach.”
Here it is, unformatted:

(more…)

Tags:, , , , , , ,
Posted in Privacy and Compliance, Privacy Incidents | No Comments »

The “Reasonable Belief” of a Privacy Breach

Wednesday, March 12th, 2008

The second article in my March e-journal issue of “IT Compliance in Realtime” is “The “Reasonable Belief” of a Privacy Breach.”
Here it is, unformatted:

(more…)

Tags:, , , , , , , , ,
Posted in Privacy and Compliance, Privacy Incidents | No Comments »

Will Bad News Come in 3’s For Health Net?

Saturday, March 1st, 2008

In the past several days Health Net made the news…in ways they would rather not have…
First this on 2/22:

(more…)

Tags:, , , , , , , , , , ,
Posted in Privacy Incidents | No Comments »

Example privacy breach response plan

Sunday, February 24th, 2008

Too few organizations are prepared to respond to a privacy breach when it happens. Too many naively believe a privacy breach will not happen to them.
It is helpful to look at existing privacy breach notice plans when creating your own. The U.S. government agencies actually provide some good plans you can use as examples.

(more…)

Tags:, , , , , , , , , , ,
Posted in Privacy and Compliance, Privacy Incidents | No Comments »

« Older Entries
Newer Entries »