On March 29 the FTC published a proposed new routine use, (72 Fed. Reg. 14814, 3/29/07), that would allow FTC records governed by the Privacy Act to be disclosed to “appropriate” persons and entities when reasonably necessary to respond and prevent, minimize, or remedy harm resulting from a U.S. government agency data breach or compromise.
Posts Tagged ‘Information Security’
Privacy Act: FTC Proposes Allowing Disclosure of PII Records to Third Parties To Assist Data Breach Response Within Gov’t Agencies
Tuesday, April 3rd, 2007How Long Has It Been Since You’ve Done An Awareness Activity? Privacy and Security Week Starts April 8
Monday, April 2nd, 2007Awareness activities are an important and necessary component of an effective, layered, information assurance program. Too little time is spent on communicating information security and privacy requirements, threats, vulnerabilities, and other related issues within most organizations. Providing regular traning and ongoing awareness activities to all personnel, along with customized training to targeted groups with unique information security responsibilities, such as call centers, sales and marketing folks, and applications and systems developers, as is also very important.
What Businesses Need to Know About Reputation-Based Messaging Technology
Sunday, April 1st, 2007I first started hearing about reputation-based technologies used in conjunction with filtering messages a couple of years ago. What a great idea! It does make sense to analyze the characteristics of a message to help determine whether or not it is legitimate, spam, contains malware, or is likely to be some other type of message you do not want getting onto your corporate network, doesn’t it? Trying to determine the “reputation” of the message seems to be a good additional check. Banks and credit card companies have been doing similar types of activities for decades, looking at the reputation of their loan and card applicants, when generating credit scores. It seems as though this type of analysis, while not fool-proof, could also have the potential to greatly assist with keeping unwanted messages from clogging the enterprise networks and mailservers.
What Were They Thinking!? U.S. Marshals Put The PII of Thousands of People on a D.C. Street For Anyone To Take
Saturday, March 31st, 2007I read a lot of articles about incidents; it is hard to keep up with them all! However, one I ran across on the WUSA 9News Now site in Washington D.C. grabbed my attention.
Royal Academy of Engineering Releases Privacy Study Report: Emphasizes Importance of Engineering Security and Privacy Into Technology
Friday, March 30th, 2007The Royal Academy of Engineering, located in London, recently released a report, “Dilemmas of Privacy and Surveillance: Challenges of Technological Change.”
I just ran across it and haven’t had a chance to review it in depth yet, but a quick scan and reading the executive summary shows some interesting thoughts.
Study Reports The Companies Trusted Most For Privacy
Thursday, March 29th, 2007The Ponemon Institute puts out an annual survey asking anyone who wants to participate in their online survey who the companies are that they believe respect their customers most and do the best job of protecting their privacy.
U.S. ONDI and DOD Standardizing Security Policies
Wednesday, March 28th, 2007The Office of the National Director of National Intelligence (ONDI) and the Department of Defense (DoD) announced they are going to standardize their information security policies.
The work on the standardization started 8 months ago.
Government Compliance: FBI Director Says USA PATRIOT Act Doesn’t Need Changes; That FBI Is To Blame for Associated Problems
Tuesday, March 27th, 2007Today U.S. FBI Director Robert Mueller appeared before the Senate Judiciary Committee and testified that there are no problems with the USA PATRIOT Act, but that the FBI did not implement the Act appropriately.
U.S. Dept of Homeland Security Creates National Computer Forensic Institute
Monday, March 26th, 2007On March 9 the U.S. Department of Homeland Security (DHS) announced the creation of a National Computer Forensic Institute.
