Posts Tagged ‘Information Security’

Personnel Privacy, New I-9 Forms, Removal of SSN Requirements and IT Involvement

Sunday, November 18th, 2007

Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.

(more…)

Personnel Privacy, New I-9 Forms, Removal of SSN Requirements and IT Involvement

Sunday, November 18th, 2007

Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.

(more…)

A Lesson In IT Backup Media Management From Francis Ford Coppola

Friday, November 16th, 2007

As I was reading this week’s issue of Time magazine I found a backup lesson given by Francis Ford Coppola!

(more…)

HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements

Thursday, November 15th, 2007

My good friend Alec recently made me aware of a very interesting blog post made by a physician (thanks Alec!) that is frankly quite troubling.

(more…)

U.S. Federal Teleworking Report Reminds Us that Teleworking Saves Time and Resources, But Must Be Done With Safeguards In Place

Wednesday, November 14th, 2007

On November 6 there was a an interesting hearing held by the U.S. Subcommittee on Federal Workforce, Postal Service, and the District of Columbia about teleworking in the federal agencies.
Considering large numbers of privacy breaches occurring within government agences involving mobile computing devices and storage devices, this caught my eye.

(more…)

The Deputy Director of National Intelligence Does Not Understand Key Concepts Of Privacy

Monday, November 12th, 2007

I found a report yesterday, “Intelligence deputy to America: Rethink privacy” quite interesting. The impact on privacy…the actual definition, not the definition Donald Kerr, the principal deputy director of national intelligence, thinks it should be…would not only be a huge step backward for the country, but it would also increase the threats to personally identifiable information (PII) exponentially.

(more…)

French Supreme Court Decision Points Out Importance Of Using Monitoring Notices Wherever In The World You Have Personnel

Sunday, November 11th, 2007

I just read about a French Supreme Court decision made on October 10 (you can see a Google English rough translation of it here) that is significant to organizations who have employees in France, or anywhere worldwide for that matter, and the organization’s employee monitoring practices.

(more…)

FTC Continues Active Compliance Enforcement: Applies $7.7 Million In Fines To 6 Do-Not-Call Violators

Saturday, November 10th, 2007

This week the FTC once again demonstrated that they aggressively enforce compliance with those regulations for which they have responsibility.
In their press release, “FTC Announces Law Enforcement Crackdown on Do Not Call Violators” they detail their recent actions against six organizations for non-compliance with the Do Not Call (DNC) registry requirements. The involved settlements totaled close to $7.7 million in civil penalties. In addition to the following, actions against Global Mortgage Funding are pending.
Here is an overview of the non-compliance activities and associated fines/penalties:

(more…)

5 Things To Do Next Week To Improve Information Security & Privacy

Friday, November 9th, 2007

It seems like my to-do list never gets shorter each day; only longer. This was even more true when I was responsible for the information security and privacy program within a large multi-national financial and insurance organization. It seemed the squeakiest wheel to-do items often got done, while other to-do’s that were very important, and often not that time-consuming, got put by the way-side, always put off until another week.

(more…)

More Organizations Are Blocking Social Networking Sites To Address Information Security and Privacy Concerns

Thursday, November 8th, 2007

Over the past few months I’ve been keeping a fairly close eye on the evolution of social networks and the security and privacy impacts they have not only on the individuals participating, but also on the businesses that allow their personnel to use the sites from the company’s network. Or, what is more often the case, the large amount of employees using the sites from the company network during work hours unbeknownst to their bosses.

(more…)