There is a great new site, etiolated.org, that takes the privacy breach data accumulated by attrition.org and parses it into some very interesting statistics, trends charts, provides areas for commentary, and lots of other interesting and useful information.
Great New Site for Data Loss Statistics
May 15th, 2007High School Cyber-Defense Competition: Mentoring Information Security Leaders of the Future
May 15th, 2007There is great opportunity to ensure future computer systems and applications are more securely engineered than they are now by teaching our children from a young age the importance of information security and privacy, and showing them what needs to be done. I often have fantastic conversations with my sons about information security and privacy issues; they always bring wonderful perspectives I never thought about.
Insider Threat Example: Engineer Leaks U.S. Military Secrets
May 11th, 2007There has been a lot of talk and blogging recently about whether or not there is a need for an information security industry/profession. Um sure, and there is no need for the physical security industry/profession either, is there?
As long as humans touch information in any way, electronically or physically, information security will be needed to provide them with policies, procedures, standards, guidance, training, ongoing awareness, and responding to and fixing the security messes and privacy breaches they cause.
The Importance of Policies…Breathalyzer = Drug Test = Physical Search = 4th Amendment Violation?: Iowa High School Students Given Breathalyzer Tests at the Prom
May 10th, 2007I’m always interested in reading about information security and privacy issues reported here in the heartland.
A story in my local daily paper, the Des Moines Register, caught my eye and filled my thoughts today and points out, among other things, the importance of having policies and communicating them.
Two U.S. Federal Data Protection Bills Approved: One May Actually Make It Through
May 9th, 2007It looks like we make actually get a federal data protection law, that includes breach notice requirements, this year. Such a law is long overdue; not only to protect personally identifiable information (PII), but also to help businesses to resolve their growing headaches involved with trying to comply with at least 36 state breach notice laws as well as dozens of other state level data protection and credit freeze laws, and multiple industry-specific data protection laws.
Deadline is Today for Submitting Comments to the DHS About Draft REAL ID Rules
May 8th, 2007The Department of Homeland Security (DHS) published draft rules regarding REAL ID. Comments are due by 5:00 PM Eastern Time *TODAY*.
France Fines Tyco Healthcare: U.S. Companies, You MUST Know and Follow International Data Protection Laws
May 7th, 2007In April the French Data Protection Authority (CNIL) reported they had issued a $40,972 fine against a subsidiary of U.S.-based Tyco Healthcare in March for inadequate storage safeguards and cross-border transfer of employee personally identifiable information (PII).
Data Security: OECD Publishes New Privacy Guidelines for Accessing Data From Publicly Funded Research Projects
May 6th, 2007On May 3 the Organization for Economic and Cooperation and Development (OECD) released a new 24-page guideline,”Principles and Guidelines for Access to Research Data from Public Funding” for organizations in governments throughout the world regarding access to data from publicly funded research projects.