Posts Tagged ‘encryption’
Wednesday, May 2nd, 2012
My 12-year-old son said to me yesterday after getting home from school, “Hey, Mommy, did you know that Wal-Mart can tell when you’re pregnant? And so can Target! Even before anyone else knows! They got a girl in trouble when they sent her dad coupons for baby stuff and congratulated her!”
Me, “That’s pretty incredible, isn’t it? Companies are able to discover things like that about people more than ever before through analyzing what is called ‘Big Data’.”
Son, “That’s really creepy. I think you should (more…)
Tags:audit, big data, breach, breach response, change controls, compliance, data analytics, data mining, encryption, IBM, Information Security, information technology, infosec, IT security, midmarket, non-compliance, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, SPI, systems security, Target, Wal-Mart
Posted in privacy | 1 Comment »
Tuesday, April 17th, 2012
Last week I provided Howard Anderson at HealthInfosecurity.com with some of my thoughts about the recent Utah Department of Health breach of the files of 900,000 individuals, and counting. He included some of my thoughts in his blog post, along with thoughts from others. I wanted to provide my full reply here, along with some expanded thoughts.
As background, for those of you who may not have heard of this hack yet, in a nutshell: (more…)
Tags:audit, breach, breach response, change controls, compliance, DTS, encryption, IBM, Information Security, information technology, infosec, IT security, Medicaid, midmarket, non-compliance, personal information, personally identifiable information, PHI, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, SPI, systems security, Utah
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Privacy Incidents | No Comments »
Friday, March 30th, 2012
De-identification is a great privacy tool for all types of businesses, of all sizes. If you have personal data that you want to use for research, marketing, testing applications, statistical trending or some other legitimate purpose, but you don’t need to know the specific individuals involved in order to meet your goals, then you should consider de-identifying the personal data. Even though it sounds complicated there are many good methods you can use to accomplish de-identification. And the great thing is, (more…)
Tags:anonymous, breach, compliance, de-identified data, de-identify, employment practice, encryption, IBM, Keywords: personal information, midmarket, non-compliance, personally identifiable information, PHI, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, re-identification, re-identify, Rebecca Herold, security, sensitive personal information, SPI
Posted in privacy | 2 Comments »
Friday, March 2nd, 2012
I am looking forward to the day when we can look at the news headlines and not see some report about a lost or stolen computing device or storage device that contained unencrypted personal information and/or other sensitive information. And, I also want to stop seeing stories reappear about such an incident, such as the stolen NASA laptop with the clear text Space Station control codes that was stolen last year, but is making the headlines yet again today. NASA is a large enough, and tech savvy enough, organization to know better! However, there are many organizations that simply don’t understand what a valuable information security tool encryption is. I work with many small to medium sized businesses (SMBs), all of which have legal obligations (such as through HIPAA and HITECH, along with contractual requirements) to protect sensitive information, such as personal information. Over the past year I’ve heard way too many of them make remarks such as… (more…)
Tags:BA, business associate, CE, covered entity, encrypt, encryption, HIPAA, HITECH, IBM, medium business, midmarket, PHI, privacy, privacy professor, privacy rule, privacyprof, protected health information, Rebecca Herold, safeguards, security, security rule, small business, SMB, W-2, W2
Posted in Information Security | 1 Comment »
Tuesday, August 9th, 2011
A KPMG auditor caused a breach for New Jersey hospitals because he or she lost an unencrypted flash drive containing over 4,500 patient records. (more…)
Tags:encryption, KPMG
Posted in BA, CE, HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance | 1 Comment »
Wednesday, April 6th, 2011
Yesterday I provided some thoughts to Howard Anderson at HealthinfoSecurity.com about the recent Health Net incident for his article. Here are some expanded thoughts for his questions…
(more…)
Tags:breach, Compliance Helper, encryption, Health Net, healthcare, HIPAA, HITECH, IBM, ID theft, Information Security, patient information, privacy, Rebecca Herold, security
Posted in HIPAA, HITECH | No Comments »
Wednesday, September 23rd, 2009
A couple of week’s ago I had the great opportunity and pleasure to speak with the both equally delightful and brilliant Anyck Turgeon and Scott Draughon on MyTechnologyLawyer.com about “Is encryption enough to achieve privacy?”
The feedback and followup to that show was spectacular! I got a ton of questions as a result. I will answer some of them here in the coming days. Here is the first…
(more…)
Tags:Anyck Turgeon, awareness and training, encryption, Information Security, IT compliance, IT training, personally identifiable information, PII, policies and procedures, privacy training, Scott Draughon, security training
Posted in Information Security, Privacy and Compliance | No Comments »
Thursday, September 10th, 2009
Of course the answer is no. But there are many reasons! Tune in this afternoon at 4:00pm Pacific time to hear Anyck Turgeon, Scott Draughon and me discuss this topic and talk about encryption laws and the impacts to privacy. Here is the information about the event…
(more…)
Tags:awareness and training, breach law, breach notification, breach response, encryption, HIPAA, HITECH Act, Information Security, IT compliance, IT training, law, patient privacy, personally identifiable information, PII, policies and procedures, privacy training, security training
Posted in Information Security, Laws & Regulations, Privacy Incidents | No Comments »
Thursday, July 2nd, 2009
On May 30, 2009, Nevada enacted a new law, SB 227, which will basically replace NRS 597.970 in January 2010.
In many ways the new law is an improvement over the much more vague, and brief, NRS 597.970. I want to focus here on an improvement, but something that still leaves much to interpretation; that is, what is meant by “encryption”?
(more…)
Tags:awareness and training, encryption, Information Security, IT compliance, IT training, Nevada, PII personally identifiable informaton, policies and procedures, privacy training, risk management, SB 227, SB 347, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Wednesday, March 18th, 2009
Here are some encryption solution reviews, from David Strom at PC World, that anyone who wants to protect their laptop data, as well as information security, and yes privacy, practitioners should find useful…
(more…)
Tags:awareness and training, data protection, encryption, Information Security, IT compliance, IT training, laptop security, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »