Posts Tagged ‘government’

UK Annual Privacy Report: Businesses Need To Give Individuals Access to Their PII, and More Awareness and Training Is Needed

Wednesday, July 18th, 2007

Monday I talked about France’s 2006/2007 CNIL privacy report. The United Kingdom (UK) also recently released their 2006/2007 data protection report.


Data Protection & Privacy Noncompliance Fines Increasing in France

Monday, July 16th, 2007

The French Data Protection Authority (CNIL) made some interesting statements last week in their annual report, covering June 2006 through June 2007, about some fines they’ve given during the past 12 months for non-compliance with their data protection laws.


HIPAA Violation in Divorce Proceeding?

Friday, July 13th, 2007

During a divorce case in Illinios, K.S. Kim claimed a hospital violated HIPAA by sending her health records to her ex-husband’s attorney.


OMB Sets Security Configuration Contracts Language for Acquisitions

Wednesday, June 13th, 2007

On June 1 the U.S. Office of Management and Budget (OMB) released recommended language for all federal government chief information officers for required common security configurations for Windows computer operating systems that should be included in acquisitions solicitations to information technology providers.


“Getting Tough” With Information Security Is Really Just Getting Smart

Tuesday, June 5th, 2007

Today I saw the headline, “Energy gets tough on laptop use” in Government Computer News and I was curious to see that the story was about how the U.S. Department of Energy (DOE) is going to start actually enforcing their security practices by accurately inventorying and tracking their mobile computing devices after having “lost” 1,415 laptops in the past 6 years. The DOE also indicates they are going to start enforcing their security policies and procedures.


New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status

Sunday, June 3rd, 2007

I recently did a very interesting project doing a data flow analysis and risk assessment of I-9 documents processing for a large multi-national company.


It’s Hard to Keep Secrets When You Entrust Them To Others

Friday, June 1st, 2007

When you entrust sensitive information to a contracted company or individual, you are also accepting risk. If you do not perform due diligence to ensure your contractor has effective safeguards in place, and understands that your information is sensitive, and if you do not have specific security requirements within your contract, you are opening yourself up to a major embarassment, major incident, or both.
The U.S. State Department entrusts many of their secrets to many different contractors. They have found themselves with yet some more bad press as a result of one of their contractors.


Outsourced Company’s Unsecure Application Makes U.K. Passport Applicant PII Available to Everyone On the Internet

Wednesday, May 30th, 2007

On May 18 the U.K. Data Protection Commissioner said in a Channel 4 news report he’s going to investigate why an online visa application system allowed the personally identifiable information (PII) of around 50,000 applicants from India who had applied for U.K. passports viewable on the Internet.


A Twist Within a New State Breach Notice Law: Maryland’s Also Requires Information Security Safeguards

Monday, May 28th, 2007

Here’s something that you don’t see in other states…
On May 17, Maryland Governor Martin O’Malley signed into law two identical bills, one from the House and one from the Senate, that require businesses to notify state residents if their unencrypted or unredacted personal information, whether in electronic or paper form, is breached. In addition to mandating breach notification, the new law contains data security and data destruction requirements for companies doing business in the state.


More Reason to Strengthen Information Security: New MN Law Restricts How Long Merchants Can Retain Purchase Information

Monday, May 28th, 2007

To date we have at least 37 U.S. states that have enacted breach notice laws, (Maryland’s new breach notice law was signed May 17th), but these address how to react AFTER personally identifiable information (PII) has been compromised. Multiple federal-level bills proposed but none yet passed.