Posts Tagged ‘data mining’
Thursday, May 31st, 2012
A couple of weeks ago I was doing a consulting call with a small startup business (that in a short span of time is already performing outsourced cloud processing for a number of really huge clients) about information security and privacy. They had implemented just the basic firewall and passwords, but otherwise had no policies, procedures, or documented program in place. I provided an overview of the need for information security and privacy controls to be in place throughout the entire information lifecycle; from creation and collection, to deletion and disposal. They were on board with everything I was describing until we got to (more…)
Tags:big data, breach, compliance, data analytics, data mining, degauss, disposal, disposal rule, facebook, FACTA, frictionless sharing, IBM, Information Security, information technology, infosec, IT security, midmarket, Netflix, non-compliance, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, SB 3159, security, Senate Bill 3159, sensitive personal information, shred, SPI, systems security, trash
Posted in Laws & Regulations | 5 Comments »
Thursday, May 17th, 2012
I was recently speaking with a friend on the phone, and she said, “I just had the most embarrassing thing happen! I had one of my Facebook friends send me a text teasing me about reading a rather sleazy article on TMZ. I did not know what she was talking about! So, I went to my Facebook page, and sure enough, down the timeline there was an article I had only briefly gone to the previous day after clicking a headline about moms on Google news and landed on a page; I quickly got off of when I saw it. I was so embarrassed to see that my brief visit to the page had been posted on my Facebook page! I don’t even go to TMZ on purpose, why is Facebook suddenly tattling on me when it accidentally went there?” (more…)
Tags:audit, big data, breach, breach response, change controls, compliance, DailyMotion, data analytics, data mining, encryption, facebook, foursquare, frictionless sharing, gartner, IBM, Information Security, information technology, infosec, IT security, Keywords: personal information, Metacafe, midmarket, Netflix, non-compliance, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, Socialcam, SPI, spotify, systems security, Viddy, Washington post, WPO, Zuckerberg
Posted in Miscellaneous | 2 Comments »
Wednesday, May 2nd, 2012
My 12-year-old son said to me yesterday after getting home from school, “Hey, Mommy, did you know that Wal-Mart can tell when you’re pregnant? And so can Target! Even before anyone else knows! They got a girl in trouble when they sent her dad coupons for baby stuff and congratulated her!”
Me, “That’s pretty incredible, isn’t it? Companies are able to discover things like that about people more than ever before through analyzing what is called ‘Big Data’.”
Son, “That’s really creepy. I think you should (more…)
Tags:audit, big data, breach, breach response, change controls, compliance, data analytics, data mining, encryption, IBM, Information Security, information technology, infosec, IT security, midmarket, non-compliance, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, SPI, systems security, Target, Wal-Mart
Posted in privacy | 1 Comment »
Friday, September 5th, 2008
So, do you know how your business may be using data mining for customer and consumer profiling? Have you talked with your marketing folks about it?
Do you know how the stores you make your purchases from use your information to do customer profiling and other types of data mining? Have you asked them? Chances are the sales staff at the counters and check-outs wouldn’t know, but you could ask the store manager.
(more…)
Tags:awareness and training, data mining, Information Security, IT compliance, IT training, PII, policies and procedures, privacy training, risk management, security training
Posted in Privacy and Compliance | No Comments »
Thursday, September 4th, 2008
There’s been a lot in the news over the past few years about customer profiling. The term is used somewhat differently by different groups and the definition often debated. However, the mainstream news media generally uses the term to talk about how companies gather many different types of information related to consumers, and then use that information to make determinations about groups of people in various demographics, and even be able to narrow down certain activities to specific individuals when enough data, and it does not need to be personally identifiable information (PII), is collected.
(more…)
Tags:awareness and training, data mining, Information Security, IT compliance, IT training, PII, policies and procedures, privacy training, risk management, security training
Posted in Privacy and Compliance | No Comments »
Wednesday, July 30th, 2008
Many folks like to argue and pick apart what is meant by “data mining.” Marketers I’ve spoken with claim they are not doing data mining with their customers’ information, but just “repurposing” it.
Whatever you call it, you need to know how your organization is using personally identifiable information (PII) in ways other than the purposes for which it was collected. Many times these other purposes are achieved through data mining.
Last week the U.S. Department of Homeland Security held a workshop, “Implementing Privacy Protections in Government Data Mining” that provided some good information about data mining privacy issues that all organizations should consider. The comments the DHS received prior to the event were very interesting.
(more…)
Tags:awareness and training, data mining, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in government, Information Security, Privacy and Compliance | No Comments »
Tuesday, July 24th, 2007
Tags:Ask.com, awareness and training, data mining, FTC, Information Security, IT compliance, Microsoft, NAI, Network Advertising Initiative, PII, policies and procedures, privacy, risk, Yahoo
Posted in Privacy and Compliance | 2 Comments »
Saturday, April 28th, 2007
Today I read with interest an article in the U.K.’s Guardian Unlimited, “Surveillance ‘intrudes on our lives‘.”
I am doing some research into various surveillance methods, such as with CCTV, key loggers, and other methods of surreptitiously recording the activities of individuals, typically without their consent, and often without their knowledge.
(more…)
Tags:awareness and training, CCTV, data mining, Information Security, IT compliance, logging, monitoring, policies and procedures, privacy, risk, surveillance
Posted in Information Security, Laws & Regulations, Privacy and Compliance, Privacy Incidents | 2 Comments »
Thursday, November 30th, 2006
On November 29 Judge Clarence Cooper of Atlanta’s U.S. District Court ordered that Tamarac, Fla.-based 1st Source Information Specialists Inc. and company principals Kenneth W. Gorman and Steven Schwartz disgorge all profits and pay Cingular Wireless compensatory and punitive damages and attorney fees totaling $1,135,000.
1st Source was harvesting cell phone numbers from web sites and doing reverse lookups for cellphone numbers and selling the information to other businesss for $110 to $195. To make things worse they were also selling records of the calls made from specific cell phone numbers; an additional huge invasion of privacy.
(more…)
Tags:awareness and training, data mining, Information Security, IT compliance, judgment, policies and procedures, privacy, social engineering
Posted in Privacy and Compliance | 1 Comment »