Posts Tagged ‘Information Security’
Tuesday, December 26th, 2006
Today the FTC announced President G.W. Bush signed the US SAFE WEB Act into law.
“Statement by Federal Trade Commission Chairman Deborah Platt Majoras On US SAFE WEB Act Being Signed Into Law by President George W. Bush
I am grateful to President Bush for signing the US SAFE WEB Act into law. The Act will help the Federal Trade Commission fight a range of practices that harm
American consumers – including fraudulent spam, spyware, misleading health and safety advertising, privacy and security breaches, and telemarketing fraud.
These practices are increasingly global in nature, and the US SAFE WEB Act will improve the FTC’s ability to cooperate with its foreign counterparts to combat them.”
(more…)
Tags:awareness and training, government, Information Security, IT compliance, privacy, USA SAFE WEB Act
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Friday, December 22nd, 2006
On Wednesday the Queens Gazette ran a report on medical identity theft.
This certainly is an issue of concern. I blogged about medical identity theft earlier this year.
Combining identity theft with unauthorized access to medical information certainly can lead to magnified repercussions beyond wrecked credit ratings and hundreds of hours spent trying to clean up all the damage a criminal can do with personally identifiable information (PII). The potential increases for further abusing and horribly impacting the involved individuals, metally, physically and financially, by having access to their prescription information, insurance information, physician information, medical history, and everything else involved.
(more…)
Tags:awareness and training, government, HIPAA, Information Security, IT compliance, medical identity theft, patient privacy, privacy, smart card, World Privacy Forum
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Thursday, December 21st, 2006
Today it was widely reported, including on Computerworld, that Morgan Stanley claimed millions of their emails requested for arbitration were destroyed during the 9/11 terrorist attacks. The National Association of Securities Dealers (NASD) accused Morgan Stanley of in fact having the emails on backup media the entire time.
(more…)
Tags:awareness and training, corporate governance, e-discovery, email retention, Information Security, IT compliance, privacy, retention law
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Wednesday, December 20th, 2006
Yesterday the SEC issued a press release regarding a Public Company Accounting Oversight Board (PCAOB) proposal for a new auditing standard for Section 404 of the Sarbanes-Oxley (SOX) Act. The goal of the proposal will be to strengthen investor protection while getting rid of what is referenced as the “unduly expensive and inefficient auditing standard under Section 404.”
(more…)
Tags:awareness and training, corporate governance, Information Security, IT compliance, PCAOB, privacy, Sarbanes Oxley, Section 404, SOX
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Tuesday, December 19th, 2006
Yesterday USA Today ran a report, “Cybercrooks hold PC data captive.”
This is nothing new, I blogged about this type of ransom scheme earlier this year. The crooks are getting more creative.
(more…)
Tags:awareness and training, corporate governance, cybercrime, data backup, encryption, Information Security, IT compliance, malware, privacy, ransomware
Posted in Information Security, Privacy and Compliance, Privacy Incidents | 1 Comment »
Tuesday, December 19th, 2006
Yesterday USA Today ran a report, “Cybercrooks hold PC data captive.”
This is nothing new, I blogged about this type of ransom scheme earlier this year. The crooks are getting more creative.
(more…)
Tags:awareness and training, corporate governance, cybercrime, data backup, encryption, Information Security, IT compliance, malware, privacy, ransomware
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »
Monday, December 18th, 2006
Government Health IT published an interesting report today, “Most privacy complaints are not investigated.”
From the article:
“The Department of Health and Human Services investigated less than 25 percent of 22,964 privacy complaints submitted to HHS‚Äô Office for Civil Rights (OCR) from April 2003 through September 2006”
(more…)
Tags:awareness and training, CMS, False Claims Act, HIPAA, Information Security, IT compliance, OCR, patient privacy, policies and procedures, privacy
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Sunday, December 17th, 2006
The Longmont, CO Daily Times reported December 14 that a nurse’s laptop was stolen from her car whle she was parked at a restaurant, along with paper records containing personally identifiable information (PII): “students‚Äô names and dates of birth; the names of their schools and what grade they are in; the students‚Äô Medicaid numbers; and their parents‚Äô names.”
(more…)
Tags:awareness and training, data protection, health data privacy, Information Security, IT compliance, laptop theft, personal data breach, policies and procedures, privacy, privacy breach
Posted in Lost & Stolen Laptops, Privacy and Compliance, Privacy Incidents | No Comments »
Sunday, December 17th, 2006
The Longmont, CO Daily Times reported December 14 that a nurse’s laptop was stolen from her car whle she was parked at a restaurant, along with paper records containing personally identifiable information (PII): “students‚Äô names and dates of birth; the names of their schools and what grade they are in; the students‚Äô Medicaid numbers; and their parents‚Äô names.”
(more…)
Tags:awareness and training, data protection, health data privacy, Information Security, IT compliance, laptop theft, personal data breach, policies and procedures, privacy, privacy breach
Posted in Lost & Stolen Laptops, Privacy and Compliance, Privacy Incidents | No Comments »
Sunday, December 17th, 2006
On December 14 WCPO TV 9 News reported:
“A break-in in Springdale, Ohio is affecting thousands of people in Pennsylvania. The office of Electronic Registry Systems on Northland Boulevard was broken into Thanksgiving weekend and a computer was stolen. That computer had medical records on it for some 25,000 participants in a Pennsylvania health plan. Police don’t suspect I.D. theft. They say, in other recent cases, the thieves wiped the computer’s hard drive clean and then tried to re-sell it.”
(more…)
Tags:awareness and training, data protection, health data privacy, Information Security, IT compliance, laptop theft, personal data breach, policies and procedures, privacy, privacy breach
Posted in Privacy and Compliance, Privacy Incidents | No Comments »
