IT compliance Archives - Page 51 of 87 -

Posts Tagged ‘IT compliance’

Sending Cleartext IM and Email Is NOT Secure Even If Your Doc Says It Is…Part 1

Monday, November 19th, 2007

I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.

(more…)

Tags:awareness and training, email security, encryption, Health Insurance Portability and Accountability Act, HIPAA, IM security, Information Security, instant messaging, IT compliance, patient privacy, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »

Sending Cleartext IM and Email Is NOT Secure Even If Your Doc Says It Is…Part 1

Monday, November 19th, 2007

(more…)

Personnel Privacy, New I-9 Forms, Removal of SSN Requirements and IT Involvement

Sunday, November 18th, 2007

Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.

(more…)

Tags:awareness and training, DHS, employment issues, I-9 forms, Illegal Immigration Reform and Immigrant Responsibility Act of 1996, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training, social security numbers, SSN, U.S. Citizenship and Immigration Services
Posted in Laws & Regulations | 3 Comments »

Personnel Privacy, New I-9 Forms, Removal of SSN Requirements and IT Involvement

Sunday, November 18th, 2007

(more…)

A Lesson In IT Backup Media Management From Francis Ford Coppola

Friday, November 16th, 2007

As I was reading this week’s issue of Time magazine I found a backup lesson given by Francis Ford Coppola!

(more…)

Tags:awareness and training, backup, disaster recovery, Francis Ford Coppola, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security | No Comments »

HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements

Thursday, November 15th, 2007

My good friend Alec recently made me aware of a very interesting blog post made by a physician (thanks Alec!) that is frankly quite troubling.

(more…)

Tags:awareness and training, encryption, Health Insurance Portability and Accountability Act, HIPAA, Information Security, IT compliance, patient privacy, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security, Privacy and Compliance | 6 Comments »

U.S. Federal Teleworking Report Reminds Us that Teleworking Saves Time and Resources, But Must Be Done With Safeguards In Place

Wednesday, November 14th, 2007

On November 6 there was a an interesting hearing held by the U.S. Subcommittee on Federal Workforce, Postal Service, and the District of Columbia about teleworking in the federal agencies.
Considering large numbers of privacy breaches occurring within government agences involving mobile computing devices and storage devices, this caught my eye.

(more…)

Tags:awareness and training, Daniel A. Green, Department of Labor, Information Security, International Trade Commission, IT compliance, Office of Personnel Management, policies and procedures, privacy, remote computing, risk management, security training, teleworking, Veterans Affairs
Posted in government, Information Security, Privacy and Compliance | No Comments »

The Deputy Director of National Intelligence Does Not Understand Key Concepts Of Privacy

Monday, November 12th, 2007

I found a report yesterday, “Intelligence deputy to America: Rethink privacy” quite interesting. The impact on privacy…the actual definition, not the definition Donald Kerr, the principal deputy director of national intelligence, thinks it should be…would not only be a huge step backward for the country, but it would also increase the threats to personally identifiable information (PII) exponentially.

(more…)

Tags:awareness and training, Donald Kerr, FISA, Foreign Intelligence Surveillance Act, Information Security, IT compliance, national intelligence, policies and procedures, privacy, privacy training, risk management, security training
Posted in government, Privacy and Compliance | No Comments »

French Supreme Court Decision Points Out Importance Of Using Monitoring Notices Wherever In The World You Have Personnel

Sunday, November 11th, 2007

I just read about a French Supreme Court decision made on October 10 (you can see a Google English rough translation of it here) that is significant to organizations who have employees in France, or anywhere worldwide for that matter, and the organization’s employee monitoring practices.

(more…)

Tags:awareness and training, court decision, employee monitoring, French Supreme Court, Information Security, IT compliance, logging, monitoring, policies and procedures, privacy, privacy training, risk management, security training
Posted in government, Laws & Regulations, Privacy and Compliance | No Comments »

FTC Continues Active Compliance Enforcement: Applies $7.7 Million In Fines To 6 Do-Not-Call Violators

Saturday, November 10th, 2007

This week the FTC once again demonstrated that they aggressively enforce compliance with those regulations for which they have responsibility.
In their press release, “FTC Announces Law Enforcement Crackdown on Do Not Call Violators” they detail their recent actions against six organizations for non-compliance with the Do Not Call (DNC) registry requirements. The involved settlements totaled close to $7.7 million in civil penalties. In addition to the following, actions against Global Mortgage Funding are pending.
Here is an overview of the non-compliance activities and associated fines/penalties:

(more…)

Tags:ADT, Alarm King, Ameriquest, awareness and training, Craftmatic, Do Not Call, DSS, FTC, Global Mortgage Funding, Guardian Communications, Information Security, IT compliance, policies and procedures, privacy, privacy training, risk management, security training
Posted in Laws & Regulations, Non-compliance Sanctions Examples, Privacy and Compliance | No Comments »

Posts Tagged ‘IT compliance’

Sending Cleartext IM and Email Is NOT Secure Even If Your Doc Says It Is…Part 1

Sending Cleartext IM and Email Is NOT Secure Even If Your Doc Says It Is…Part 1

A Lesson In IT Backup Media Management From Francis Ford Coppola

HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements

U.S. Federal Teleworking Report Reminds Us that Teleworking Saves Time and Resources, But Must Be Done With Safeguards In Place

The Deputy Director of National Intelligence Does Not Understand Key Concepts Of Privacy

French Supreme Court Decision Points Out Importance Of Using Monitoring Notices Wherever In The World You Have Personnel

FTC Continues Active Compliance Enforcement: Applies $7.7 Million In Fines To 6 Do-Not-Call Violators

Search Privacyguidance

Categories

Archives

Blogroll

Meta

Syndicate