Here’s a case I found interesting…the U.S. District Court for the Eastern District of Tennessee ruled on October 24th that providing a group of record company plaintiffs with student personally identifiable information (PII) does not violate the U.S. Family Educational Rights and Privacy Act (FERPA).
Posts Tagged ‘data protection law’
Judge Rules University Policy & FERPA Allow Student PII To Be Released
Tuesday, November 6th, 2007Judge Rules University Policy & FERPA Allow Student PII To Be Released
Tuesday, November 6th, 2007Here’s a case I found interesting…the U.S. District Court for the Eastern District of Tennessee ruled on October 24th that providing a group of record company plaintiffs with student personally identifiable information (PII) does not violate the U.S. Family Educational Rights and Privacy Act (FERPA).
Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction
Monday, November 5th, 2007Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.
Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction
Monday, November 5th, 2007Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.
Do Something To Change Information Security, Privacy and Compliance…Contact Congress!
Sunday, November 4th, 2007I, along with a very large number of other bloggers, writers and instructors, often pick apart data protection and privacy laws and regulations, and point out how certain portions of them are infeasible for most organizations to implement, and talk about the types of laws that should be inacted to protect personally identifiable information (PII) and privacy. But how many of us actually do something about it and contact our lawmakers to communicate this information?
Do Something To Change Information Security, Privacy and Compliance…Contact Congress!
Sunday, November 4th, 2007I, along with a very large number of other bloggers, writers and instructors, often pick apart data protection and privacy laws and regulations, and point out how certain portions of them are infeasible for most organizations to implement, and talk about the types of laws that should be inacted to protect personally identifiable information (PII) and privacy. But how many of us actually do something about it and contact our lawmakers to communicate this information?
Information Security Awareness in Europe…The Issues Are the Same Worldwide
Friday, August 24th, 2007on 8/22/2007 a very interesting and useful report was released by the European Network and Information Security Agency (ENISA), “Information security awareness initiatives: Current practice and the measurement of success.”
EU Data Protection Audits Active and Anticipated
Thursday, August 23rd, 2007As a follow-up to my blog posting yesterday, I wanted to point out that the European Union (EU) Data Protection Authorities (DPAs) have been very active in pursuing data protection law compliance.
EU Data Protection Directive 95/46/EC: Member Countries
Wednesday, August 22nd, 2007Multi-national organizations doing business in Europe must know and understand not only their obligations to protect personally identifiable information (PII) under the European Union (EU) Data Protection Directive 95/45/EC, but they must also know and understand the data protection laws within each of the EU member countries.
Outsourcing: Dubai Strengthens Data Protection Law
Thursday, January 11th, 2007On Monday (1/8) the Dubai International Financial Centre (DIFC) implemented a stronger Data Protection Law and appointed a Data Protection Commission to oversee the DIFC.
“The Data Protection Law, which has been amended following a period of public consultation, ensures the protection of all personal information, including any sensitive personal data, and is compliant with the provisions of the laws and directives of the European Union and the guidelines of the Organisation for Economic Co-operation and Development (OECD), including the transfer of data.”