Over the past few weeks I’ve talked to several privacy officers and information security officers about how things are going with their initiatives, funding, and so on. Many from the financial industry, but otherwise a wide range of businesses from small to large. There has been a common theme during these discussions…
The Emperors’ New Clothes Lack Privacy
March 21st, 2008Useful Data Protection (Privacy) Law Sites
March 19th, 2008This morning I took a little time to update my long listing of world-wide data protection (privacy) laws.
Here are some of them you may find helpful:
HIPAA *HAS* Impacted Healthcare Providers…Despite Lack Of Enforcement
March 17th, 2008I have written many times about how the U.S Department of Health and Human Services (HHS) has severely weakened the planned privacy and security goals of the Health Insurance Portability and Accountability Act (HIPAA) to require healthcare covered entities (CEs) to implement strong safeguards for the protected health information (PHI) with which they’ve been entrusted. And I still believe that.
However, after reading a another report today I realized something…
Spitzer Downfall Spotlights Surveillance In Mainstream
March 15th, 2008In case you haven’t heard, now ex-New York-governor Elliot Spitzer recently was found to be the frequent customer of a “high end call girl service” for the past couple of years.
How was he caught? Through an electronic path he left making payments for his philandering flings.
Information Security and Privacy Areas MUST Collaborate For Their Initiatives To Be Effective
March 14th, 2008For the past several years I have written often, and given much training, to demonstrate and emphasize the need for information security and privacy areas to collaborate in their efforts. There are just too many topic overlaps between the two areas to NOT work together cooperatively.
Effectively addressing and coordinating Privacy and Information Security initiatives has moved to the top of the list for companies maintaining customer and employee information. However, there are often gaps in communication and collaboration between Privacy and Information Security activities.
What Business Leaders Need to Know About Privacy Breach Notifications
March 13th, 2008The third article in my March e-journal issue of “IT Compliance in Realtime” is “What Business Leaders Need to Know About Privacy Breach Notifications.”
Here it is, unformatted:
The “Reasonable Belief” of a Privacy Breach
March 12th, 2008The second article in my March e-journal issue of “IT Compliance in Realtime” is “The “Reasonable Belief” of a Privacy Breach.”
Here it is, unformatted:
The “Reasonable Belief” of a Privacy Breach
March 12th, 2008The second article in my March e-journal issue of “IT Compliance in Realtime” is “The “Reasonable Belief” of a Privacy Breach.”
Here it is, unformatted:
Iowa Privacy Breach Bill Has Much Of Its Teeth Pulled
March 10th, 2008Iowa introduced a new bill, SSB 3200, on February 20 to establish a state privacy breach notification law.
As originally worded it would have also required merchants to follow credit and debit card industry data security rules and make them liable to banks for costs they incurred after a breach of payment card transaction data not retained in compliance with those rules. However, in the past week SSB 3200 was amended in committee to remove the retailer liability provisions.
A companion bill, HSB 721, was introduced February 26.
Twelve Messaging Risks to Address Now
March 10th, 2008The first article within the March issue of my new e-journal, “IT Compliance in Realtime” is “Twelve Messaging Risks to Address Now.”
Here are a few excerpts…
