Archive for the ‘privacy’ Category

“Privacy Information” Depends upon Context

Wednesday, December 10th, 2014

This year Admiral Mike Rogers, the current Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service, gave the luncheon keynote address at the U.S. Chamber of Commerce’s Third Annual Cybersecurity Summit, “Sharing Cyber Threat Information to Protect Business and America.” You can find it at: (more…)

Privacy Awareness: Moving from “I have nothing to hide” to “Oh dear!”

Wednesday, December 10th, 2014

The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.

When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would (more…)

4 Privacy Predictions for 2015

Saturday, November 29th, 2014

It is that time of the year again…time for prognostications about the year ahead!

I was asked to provide a few predictions for 2015. Based upon not only what I’ve seen in 2014, but also foreshadowing from the past two-three decades, here are some realistic possibilities.  (more…)

Address Privacy During Social Media Marketing

Friday, August 29th, 2014

Over the past few months I’ve been creating some social media marketing privacy guidelines and requirements for a couple of my large clients. Today I read a post from a fellow IBM Midsize Insider contributor, Jason Hannula, “Social Media: Enterprise Content or Customer Relationship Information?” It stated that “93% of marketers are using social media for business.” A large number of these are from small and midsize organizations. It is important for these organizations to not only keep Jason’s suggestions in mind, and follow the business’s data governance requirements, but also to make sure privacy is also appropriately addressed. Many, perhaps most, small to midsize businesses do not yet have social media privacy requirements in place. (more…)

Avoid this Common Privacy Choice Mistake

Monday, August 25th, 2014

Many marketing professionals have a common temptation; they want to send as many marketing messages to as many people as possible, and they would love to send it to all folks who have ever been customers or clients of their business, and often times actually want to simply send to everyone whose email address they can obtain in any way.

Privacy professionals make many efforts to guide marketers on what is acceptable and not acceptable. After all, (more…)

Security is Action…Privacy is the Result of Action

Thursday, July 31st, 2014

What is the difference between security and privacy?

Many of my clients are small and midsized businesses. They often express confusion over what each of these terms (neither of which have a universally-accepted definition) actually means, how they are different, and how they are similar. This is important for business leaders to understand so they can make appropriate decisions within their information security and privacy management programs. Especially in small and midsize businesses, where there may not be a specific position to address either of these important topics. Let’s start with considering at a high level the differences between information security and privacy. (more…)

10 Big Data Analytics Privacy Problems

Thursday, June 26th, 2014

Big data analytics are being used more widely every day for an even wider number of reasons. These new methods of applying analytics certainly can bring innovative improvements for business. For example, retail businesses are successfully using big data analytics to predict the hot items each season, and to predict geographic areas where demand will be greatest, just to name a couple of uses.

The power of big data analytics is so great that in addition to all the positive business possibilities, there are just as many new privacy concerns being created.  Here are ten of the most significant privacy risks. (more…)

Choose: $50 Credit Card Fraud Limit or Unlimited Privacy Damage?

Friday, June 6th, 2014

So today AT&T announced plans to test a service allowing payment card providers to access the location of a customer’s phone to improve the accuracy of fraud prevention systems for transactions made abroad. AT&T customers will have to opt-in to the fraud protection service, which will also be me made available to enterprise customers later this year.

Antone Gonsalves asked me for my opinions about the privacy implications, which he included some of within his article he published on CSO Online today.  However, I wanted to make several more points to follow-on to his article. (more…)

Privacy Lessons from Snapchat

Tuesday, June 3rd, 2014

There are many new small and mid-size business start-ups who are offering a wide range of online services, mobile apps, and smart devices. There are also many businesses that have been around a long time that see an opportunity and so are expanding into these areas.  I’ve spoken with many such businesses, and they often make two common privacy mistakes: (more…)

Lessons from 3 Organizations That Made 3 Privacy Mistakes

Wednesday, May 21st, 2014

Even with the number of privacy breaches increasing, and with numbers of privacy sanctions coming from the FTC and other regulatory agencies and courts snowballing for companies doing irresponsible things with personal information, putting growing numbers of individuals at risk of identity fraud as well as physical safety risks, companies are still asking for way too much unnecessary and sensitive personal information purely for their marketing purposes.

And too many online media outlets, often reporting on or promoting these marketing efforts, are perpetuating these very bad privacy practices. Then, so they will not upset their advertisers, they actually are deleting comments that point out how bad those marketing and data collection practices are.  I recently just experienced such a situation with (more…)