Posts Tagged ‘data protection’

« Older Entries

Be Aware of Risks with Outsourcing to Other Countries

Saturday, October 3rd, 2015

Businesses must be aware of risks with outsourcing to other countries activities involving personal information. Over the past couple of months I’ve heard over a dozen organizations express their opinion that if they hire organizations outside the U.S. to do work for them, then those organizations are not bound by U.S. laws. Most were from small to midsized organizations and startups. But it was somewhat surprising to hear also hear this sentiment from an organization with multiple locations and thousands of employees. This has been an incorrect belief of far too many organizations for decades.

I’ve also had clients in other countries ask about the need to comply with U.S. laws, such as for HIPAA compliance, when they provide services for U.S individuals and/or businesses.  Many believe they do not need to. (more…)

Tags:, , , , , , , , , , , , , , , ,
Posted in BA and Vendor Management, Information Security, Privacy and Compliance | No Comments »

Using “Compliant” Stuff Doesn’t Result in Full Compliance

Wednesday, June 11th, 2014

In the past couple of weeks I’ve spoken with five different small to mid-size organizations who have had a software or hardware vendor basically tell them, “Our product is HIPAA compliant! Use it and you will also be fully HIPAA compliant!” How can that be? In three words; it can’t be. Here’s what is most likely going on with those claims. (more…)

Tags:, , , , , , , , , , , , , ,
Posted in HIPAA, Marketing, Privacy and Compliance | 1 Comment »

Privacy Lessons from Snapchat

Tuesday, June 3rd, 2014

There are many new small and mid-size business start-ups who are offering a wide range of online services, mobile apps, and smart devices. There are also many businesses that have been around a long time that see an opportunity and so are expanding into these areas.  I’ve spoken with many such businesses, and they often make two common privacy mistakes: (more…)

Tags:, , , , , , , , , , , , ,
Posted in privacy, privacy impact assessment, Privacy Incidents | No Comments »

Lessons from 3 Organizations That Made 3 Privacy Mistakes

Wednesday, May 21st, 2014

Even with the number of privacy breaches increasing, and with numbers of privacy sanctions coming from the FTC and other regulatory agencies and courts snowballing for companies doing irresponsible things with personal information, putting growing numbers of individuals at risk of identity fraud as well as physical safety risks, companies are still asking for way too much unnecessary and sensitive personal information purely for their marketing purposes.

And too many online media outlets, often reporting on or promoting these marketing efforts, are perpetuating these very bad privacy practices. Then, so they will not upset their advertisers, they actually are deleting comments that point out how bad those marketing and data collection practices are.  I recently just experienced such a situation with (more…)

Tags:, , , , , , , , , , , , , , , , , ,
Posted in Marketing, PIA, privacy | No Comments »

Rx for Incorrect Compliance Claims and XP

Thursday, April 10th, 2014

In the past couple of weeks I’ve gotten a couple dozen questions from my clients that are small to midsized covered entities (CEs) or business associates (BAs) under HIPAA, in addition to several small to midsized start-ups that provide services in other industries.  And, while some of these concerns are arising out completely erroneous advice, regrettably, some of the questions resulted from my own mea culpa of writing a confusing sentence in my last blog post, for which I’ve since provided a clarification within. (Lesson: I need to spend more time double-checking/editing text prior to posting after doing edits to cut the length.) I apologize for any confusion or alarm that may have arisen as a result.

However, this does provide a good opportunity to examine in more depth the compliance issues related to Windows XP use, and the related questions I’ve received.  The following are the most common questions I’ve answered in the past several days. (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in HIPAA | No Comments »

Will the Demise of XP Shut Down Your Business…or Heart?

Tuesday, March 25th, 2014

If you haven’t heard yet, Windows XP will no longer be supported after April 8, 2014. That’s just a couple of weeks away! Why should you even care? Well, because you may have an important, or even mission-critical, computing device you use for your business, or for personal use, that is running on Windows XP. According to NetMarketShare at the end of February, 2014, 30% of all folks using Windows desktop computers were still running Windows XP.  This is around ½ a BILLION computers, folks!  After support ends, (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Information Security | 1 Comment »

More Phone Scams For the General Public

Thursday, March 20th, 2014

It seems that right now phone scam season is going strong!  Last week I posted about some common scams targeting businesses. Those same scams are also targeting the general public, so please be on the lookout for them. In addition to those, here are some others that seem to be targeting primarily individuals and the general public. (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Uncategorized | No Comments »

Phone Scam Open Season – Business Risks

Friday, March 14th, 2014

It seems that right now phone scam season is going strong!  I got 2 calls last week from scammers. I got another scammer call during a meeting last night. Two of my LinkedIn contacts got calls in the past week that they asked me about. A local newspaper columnist got a call from a scammer. As folks are becoming more aware of phishing attempts via email and other types of malware, they are also becoming more lax about spotting phone scams, often stating the belief that most crooks are using online phishing scams instead of any other type of rip-off. (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Uncategorized | 1 Comment »

NSA is not the Only One Getting to Your App Data

Wednesday, February 26th, 2014

Do you think the NSA is the biggest threat to your privacy? Certainly they are collecting a significant amount of personal data. And from the looks of it, with their new facility that may hold up to 12 exabytes (that’s 12,000,000,000,000,000,000 bytes) of data, they appear to be planning to continue collecting, and keeping, more data. This is an important topic, and I’ll look at in more depth in an upcoming blog post. But for now, you need to know and understand that there are many other entities that are collecting data from you and your mobile apps in the same way as NSA is slurping it up, along with several other ways. (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Information Security, mobile computing, privacy | No Comments »

Strong security controls are necessary for more than just preventing hack attempts

Tuesday, February 25th, 2014

Recently I’ve heard in various discussion venues the argument that information security controls are an impediment to technology use, and that instead we should look at demotivating the hackers. With specific regard to medical devices, one commenter stated that generally, the best “bet in defending medical devices (as well as financial systems) is making the information useless/pointless for the attackers.”  This is a dangerous attitude, and minimizes the true value of data on the devices.

Considering data on any type of computing device is considered (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Information Security, privacy | No Comments »

« Older Entries