Posts Tagged ‘data protection’
Wednesday, October 31st, 2012
Last week I got the following question:
“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”
This is not the first time I’ve gotten this question, and others similar. As new technology businesses, cloud services and other businesses are popping up to provide services to large regulated organizations, start-ups are increasingly looking for a way to differentiate themselves from their competitors, and also prove that they have not only effective security controls in place, but that they also (more…)
Tags:27001, 27002, audit, awareness, breach, certification, compliance, customers, data protection, e-mail, electronic mail, email, employees, employment, HHS, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, ISMS, ISO27001, ISO27002, IT security, job applicants, laws, messaging, midmarket, non-compliance, OCR, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, reputation, risk, security, sensitive personal information, SPI, systems security, training
Posted in HIPAA, HITECH, Laws & Regulations | No Comments »
Monday, October 22nd, 2012
Last week one of my Facebook friends started a “friends only” discussion on his wall. It was a very interesting discussion, and one of his friends took the discussion, pretty much verbatim, and posted within a “public” (as in meant for the world to see) popular blog site. So the information on the Facebook page, where around 250 – 300 people could see the posts were now in a location where the bazillion (possibly a bit fewer) blog readers could see all the posts and the full names of those who made them. This is not the first time a situation like this has occurred. A lot of the information posted on people’s social media pages are really tempting to take and use as examples, or for business activities such as for marketing and promotions. However, doing so could get you into some personal and/or legal hot water. As organizations and individuals consider taking information they find on social media sites, they need to consider the reasons why doing so may not be a good idea after all.
Reason #1: It will (more…)
Tags:awareness, breach, compliance, copyright, Creepshots, customers, data protection, e-mail, electronic mail, email, employees, employment, facebook, Gawker, hiring, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, LinkedIn, messaging, Michael Brutsch, midmarket, non-compliance, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, Reddit, reputation, risk, security, sensitive personal information, social media, social network, SPI, systems security, training, twitter, Violentacrez
Posted in Social Media | 2 Comments »
Tuesday, May 5th, 2009
Today I gave a webcast (27 minutes) about “Understanding Data Protection from 4 Critical Perspectives” and it is now available online through this link…
(more…)
Tags:awareness and training, data protection, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Training & awareness | No Comments »
Wednesday, March 18th, 2009
Here are some encryption solution reviews, from David Strom at PC World, that anyone who wants to protect their laptop data, as well as information security, and yes privacy, practitioners should find useful…
(more…)
Tags:awareness and training, data protection, encryption, Information Security, IT compliance, IT training, laptop security, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »
Wednesday, September 19th, 2007
Deloitte Touche Tohmatsu just released their “2007 Global Security Survey” report.
(more…)
Tags:2007 Global Security Survey, awareness and training, data protection, Deloitte, Information Security, IT compliance, policies and procedures, privacy, security awareness
Posted in Information Security, Privacy and Compliance, Training & awareness | 2 Comments »
Monday, July 30th, 2007
In this global economy it is important for you to know, understand and follow the data protection laws in all the countries where you have offices, have customers, store personally identifiable information (PII) and from where PII is accessed. Each country has nuances within their laws that could create quite a big obstacle if you are doing business there and find you must suddenly stop because you are out of compliance with their data protection laws.
(more…)
Tags:AEPD, awareness and training, data protection, government, Information Security, international data transfer, IT compliance, Organic Law 15/1999, personal privacy, PII, policies and procedures, privacy, Report on International Data Transfers, Spain
Posted in Laws & Regulations, Privacy and Compliance | 2 Comments »
Thursday, July 19th, 2007
I have heard many information assurance (IA) professionals, when they are feeling frustrated, angry, or whatever other negative feelings we all have at one time or another, say what they are doing is not making a difference, or say they feel they are looked down upon by others in their organization as a “necessary evil.” They often feel that one person cannot make a difference.
(more…)
Tags:awareness and training, Congressional Gold Medal, customer privacy, data protection, Information Security, IT compliance, miracle wheat, Norman Borlaug, PII, policies and procedures
Posted in Information Security, Miscellaneous, Privacy and Compliance | No Comments »
Wednesday, July 18th, 2007
Tags:awareness and training, cross border data flow, customer privacy, data protection, employee privacy, government, Information Security, IT compliance, policies and procedures, Richard Thomas, U.K. ICO, United Kingdom
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
