Posts Tagged ‘GLBA’
Wednesday, December 10th, 2014
The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.
When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would (more…)
Tags:awareness, compliance training, cyber security awareness, cybersecurity, cybersecurity awareness, financial security training, FISMA, GLBA, healthcare security training, HIPAA, HIPAA security training, Information Security, information security awareness, information security training, Kai Roer, Mo Amin, PIA, privacy, privacy awareness, privacy impact assessment, privacy professor, Rebecca Herold, training
Posted in privacy, privacy impact assessment, Privacy Incidents | No Comments »
Wednesday, November 20th, 2013
One of the things I love about helping all my Compliance Helper (CH) clients with their information security and privacy compliance activities is that they often ask questions that most other small and mid-size organizations also have. So, I then have a great opportunity to share advice! One of my recent conversations dealt with the challenges my mid-size client was having in trying to appropriately customize the data and records retention policy and procedure I provide through the CH service to fit his organization’s unique type of business associate service, while also meet compliance with the HIPAA retention requirements. The paraphrased questions below started our conversation after I advised that there are many types of documents that must be retained for at least 6 years to meet compliance: (more…)
Tags:21 CFR Part 11, awareness, BA, BAA, breach, business associate, CE, compliance, covered entity, data management, data protection, data retention, GLBA, HIPAA, HITECH, IBM, information management, information retention, Information Security, information technology, infosec, IT security, midmarket, non-compliance, Omnibus, personal information, personal information identifier, personal information item, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, retain, retention, risk assessment, risk management, security, SSA, systems security, training, USA PATRIOT Act
Posted in HIPAA, Laws & Regulations | No Comments »
Friday, June 3rd, 2011
A couple of days ago I published my monthly Privacy Professor Tips message, “Summer Break-in.” I provide these tips free to anyone who wants to sign up for it on my web site and fills out one of the boxes that says, (more…)
Tags:awareness, breach, compliance, GLBA, herold, HIPAA, HITECH, incident, Information Security, privacy, privacy professor, privacy training, Rebecca Herold, risk, risk management, security training, training
Posted in Information Security, Laws & Regulations, privacy, Privacy and Compliance, Training & awareness | No Comments »
Wednesday, March 30th, 2011
Earlier today following my online seminar, “Effective Training and Awareness: The Key to Information Security Success” (http://gocsi.com/Training2011/OD/Awareness), I received the following question:
Where might I locate a summary breakdown of training regulations by industry? i.e. Pharma
(more…)
Tags:awareness, awareness training, CFAA, CSI, DMCA, education, FCRA, FISMA, FOIA, GLBA, HIPAA, HITECH, Information Security, OMB, privacy, Rebecca Herold, Red Flags, regulations, SOX, training
Posted in HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Training & awareness | 3 Comments »
Monday, December 20th, 2010
Looking ahead to what will happen in the coming year is always an interesting exercise. Just like within a great novel, foreshadowing occurs every day in our lives to drop the hints of things that are likely to come. The trick is to separate out the valuable hints from the extraneous breadcrumbs that are dropped by dozens of other inconsequential sources that mislead us and cause us to fail in our predictions. We shall see at the end of the year how close I am with the following predictions… (more…)
Tags:compliance, GLBA, HIPAA, HITECH, Information Security, meaningful use, PIA, privacy, privacy impact assessment, privacy training, risk assessments, security training, smar meter, Smart Grid
Posted in GLBA, Information Security, Laws & Regulations, privacy, Privacy and Compliance, Social Media, Training & awareness | 2 Comments »
Tuesday, June 16th, 2009
Today the FTC issued a consent order against mortgage lender James B. Nutter & Company for GLBA Privacy Rule and Safeguards Rule violations resulting from having an inadequte information security program and safeguards. The requirements will result in, among other actions, 20 years of ongoing activities by James B. Nutter & Company; much more costly than it would have been to have established appropriate information security safeguards to begin with…
(more…)
Tags:awareness and training, GLBA, Gramm Leach Bliley Act, Information Security, IT compliance, IT training, policies and procedures, privacy rule, privacy training, risk management, Safeguards Rule, security training
Posted in Information Security, Laws & Regulations, Non-compliance Sanctions Examples, Privacy and Compliance | No Comments »
Monday, November 10th, 2008
I anticipate that with the big $700 billion “rescue” plan the government is going to continue the increased compliance activities…
(more…)
Tags:awareness and training, FTC Act, GLBA, Information Security, IT compliance, IT training, policies and procedures, Premier Capital, privacy rule, privacy training, risk management, Safeguards Rule, security training
Posted in Non-compliance Sanctions Examples | No Comments »
Monday, July 7th, 2008
The FTC has long provided a great role model for other government oversight and enforcement agencies with regard to their activities in ensuring organizations follow data protection laws and also ensure organizations actually fulfill the promises they make within their published information security and privacy policies. It is too bad most of the other government agencies are not as diligent or nearly as effective in helping to ensure organizations sufficiently protect personally identifiable information (PII).
While doing some research today I compiled a list of the actions the FTC has taken, which I thought may be useful to some of you as well…
(more…)
Tags:awareness and training, FTC, FTC Act, GLBA, Gramm Leach Bliley, Information Security, IT compliance, policies and procedures, privacy training, risk management, Safeguards Rule, security training
Posted in Laws & Regulations, Privacy and Compliance | 1 Comment »
Wednesday, December 26th, 2007
Tags:American United Mortgage Company, awareness and training, disposal rule, FACTA, FCRA, FTC, FTC Act, GLBA, Information Security, IT compliance, policies and procedures, privacy, privacy incident, privacy policy, privacy rule, risk management, security awareness, security training
Posted in Information Security, Non-compliance Sanctions Examples, Privacy and Compliance | No Comments »
Wednesday, December 19th, 2007
For the past 10 years I have been driving the same, reliable, non-troublesome car. It still looks good enough (I don’t really worry about driving an “it” kind of car). However, it is getting a bit rattly, and my friends have been increasingly giving me a hard time about continuing to drive it past the 200,000 mile mark. I never really cared much until my starter went out a couple of months ago. I wondered, what if this had happened to me while I was in a neighboring state at a client site? Sure, I have AAA, but it would still be a hassle. So, I decided if I saw a car I really liked and that had all the features I wanted, I would splurge and get a new car.
Well…I just happened to find a car I absolutely loved after seeing and driving it. I was at the dealer paying for it yesterday, and the sales person asked for my Social Security Number (SSN).
(more…)
Tags:awareness and training, FERPA, GLBA, HIPAA, identity theft, Information Security, Iowa law, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy policy, risk management, security awareness, security training, social security number, SSN
Posted in Privacy and Compliance | 1 Comment »
