Archive for the ‘Uncategorized’ Category

Implementing a Data De-Identification Framework

Wednesday, November 21st, 2012

Growing numbers of organizations are trying to figure out the benefits of anonymizing, or as HIPAA (the only regulation that provides specific legal requirements for such actions) puts it “de-identifying,” personal information. Healthcare organizations see benefits for improving healthcare. Their business associates (BAs) see benefits in the ways in which they can minimize the controls around such data. Of course marketing organizations salivate at the prospects of doing advanced analysis with such data to discover new trends and marketing possibilities.  The government wants to use it for investigations. Historians want to use it for, yes, marking historical events. And the list (more…)

Privacy Scares from the Ghosts of Job Applicants Past

Monday, September 17th, 2012

There is a topic that has been coming up, over and over and over again over the past 12 years, that I’ve never seen addressed in other publications.  What does your organization do with all the personal information you collect from job applicants?  Consider a real situation I encountered around ten years ago. (more…)

Cybercriminals Just Came A Callin’ At My House

Friday, July 8th, 2011

I just got off a 30-minute call that came unsolicited from a young-sounding man with a very thick Indian accent who, when I asked him his name, said it was Jason Anderson (doesn’t sound like an authentic name of someone from India).  He told me he was calling me because there had been a lot of complaints in my area about malicious code damaging operating system software and he wanted to be sure my operating system was not impacted. (more…)

HITECH Act: Breach Notification Is Necessary Based Upon Items Used In De-Identification

Wednesday, July 29th, 2009

Continuing along the discussion of the HITECH Act this week, I want to consider a couple of questions I recently discussed with a CISO at a healthcare insurer about when breach notification is necessary…


Humorous Security Calendar

Wednesday, February 18th, 2009

Check out a sample month of a humorous information security wall calendar that Rick Lawhorn created that “tracks notable breaches, infosec facts and viruses.”

Massachusetts Encryption Law Pushed Back Once More

Wednesday, February 18th, 2009

Monday I received messages almost at the same time from Brandon Dunlap and Brett J. Byers; thanks Brandon and Brett!
They were notifying me of yet another delay in the Massachusetts law, “201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH
As explained on the website:


Use This RBS Worldpay News Report For Training

Thursday, February 5th, 2009

On November 8, 2008 more than 130 ATM machines in 49 cities throughout the world were hit by a group of cybercriminals during a 30-minute period.


Insider Threat & More Examples Related To Putting Info on the Internet

Saturday, December 13th, 2008

Here are some more examples of the dumb things that folks (often times folks within your organization) put on the Internet that had some bad repercussions…remember, once you put something on the Internet, even for a short period of time, you might as well accept that it will be out there forever…


Medical Identity Theft Is On The Rise

Tuesday, September 9th, 2008

For day 2 of Global Security Week I want to highlight the growing problem of medical identity theft…


100+ Hot Spots During A Short Drive Around Town

Monday, June 16th, 2008

Last Friday my 8-year-old son and I looked for a wifi hotspot to work from while my 11-year-old son was at band camp for the day (I didn’t want to waste gas by driving all the 25+ miles back home, and then driving into town again to pick him up at the end of the day). We discovered the IHOP close by actually has free wireless access…I did not know that! So, we had lunch there and I did work while we ate.