Privacy-related news in Iowa…and there seems to be a lot of it sometimes…is always of special interest to me. I often wonder how the same types of situations would play out in other states. Here’s an invasion of privacy case regarding in-home surveillance that is particularly interesting…
Posts Tagged ‘awareness and training’
Surveillance: Iowa Support’s Wife’s Privacy Invasion Claim
Sunday, January 4th, 2009CORRECTION: Massachusetts Data Protection Law Takes Effect May 1, 2009
Saturday, January 3rd, 2009A big thank you to Brandon Dunlap and Brett Myers for catching an error I made in my January 1 post…
New Data Protection Laws Go Into Effect Today
Thursday, January 1st, 2009Happy New Year!
Several news laws go into effect today. Here are just a few of them…
Using Speeding Surveillance To Get Your Enemies In Trouble
Wednesday, December 31st, 2008Well, you knew this type of abuse would happen sooner or later…
HIPAA Violation: Medical Clinic Leaves Box With PHI On Public Dumpster
Tuesday, December 30th, 2008This summer I had planned to do a dumpster-diving project with my sons, but then the Iowa floods postponed those plans. However, after reading the following I’m motivated to plan to do this in the spring after basketball and G&T activities are finished for the winter…
Insider Threat Example: 19,000 Pieces Of Computer Equipment Stolen; Why Didn’t Someone Notice?
Monday, December 29th, 2008Okay, this story begs the question, why didn’t someone at the Naval Research Laboratory notice disappearing equipment…?
New HHS Guidance States HIPAA Does Not Apply To PHRs
Sunday, December 28th, 2008I hope you are all having a wonderful holiday season! I hadn’t planned to take the past few days off from blogging, but something like the flu (probably the flu) hit me like a bag of bricks on Christmas day and I’ve been curled in a fetal position in my bed for the past few days. Oddly enough while laying there feeling like my bones were all slowly dissolving (and thinking about the types of body braces you’d need to create to deal with something like that!) I was also thinking about how silly it was for the Health Insurance Portability and Accountability Act (HIPAA; and any industry-specific data protection law) to define that the only organization’s that would legally need to safeguard protected health information (PHI) are the narrowly defined covered entities (CEs); healthcare providers, healthcare insurers and healthcare clearinghouses.
Santa Sees All; But Puts The U.S. On Naughty List For Poor Privacy Practices…?
Wednesday, December 24th, 2008Here’s a great article for Christmas Eve that covers a wide range of surveillance tools and techniques that are increasingly used by governments, law enforcement, employers, suspicious spouses, etc, etc, etc…
FEMA Records Of 16,000 Katrina Victims Posted Online
Tuesday, December 23rd, 2008How did the following happen…there are many options…insider threat? Poor IT storage controls? Poor applications development controls? Perhaps using real personally identifiable information (PII) for test purposes? Hacker break-in? Through an outsourced company with access to the PII, but who also had poor controls? There are so many possibilities…
Information Security & Privacy Training Should NOT Be Optional
Monday, December 22nd, 2008Over the past couple of weeks I’ve heard three different information security and privacy officers talk about making information security and privacy training within their organizations optional…not required…for personnel who have access to information assets and personally identifiable information (PII). Leaving training to the discretion of employees is very risky!
