Posts Tagged ‘laws’

Implementing a Data De-Identification Framework

Wednesday, November 21st, 2012

Growing numbers of organizations are trying to figure out the benefits of anonymizing, or as HIPAA (the only regulation that provides specific legal requirements for such actions) puts it “de-identifying,” personal information. Healthcare organizations see benefits for improving healthcare. Their business associates (BAs) see benefits in the ways in which they can minimize the controls around such data. Of course marketing organizations salivate at the prospects of doing advanced analysis with such data to discover new trends and marketing possibilities.  The government wants to use it for investigations. Historians want to use it for, yes, marking historical events. And the list (more…)

ISMS Certification Does Not Equal Regulatory Compliance

Wednesday, October 31st, 2012

Last week I got the following question:

“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements?  Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”

This is not the first time I’ve gotten this question, and others similar. As new technology businesses, cloud services and other businesses are popping up to provide services to large regulated organizations, start-ups are increasingly looking for a way to differentiate themselves from their competitors, and also prove that they have not only effective security controls in place, but that they also (more…)

Repost From Social Media to Lose Customers and Friends Fast

Monday, October 22nd, 2012

Last week one of my Facebook friends started a “friends only” discussion on his wall. It was a very interesting discussion, and one of his friends took the discussion, pretty much verbatim, and posted within a “public” (as in meant for the world to see) popular blog site. So the information on the Facebook page, where around 250 – 300 people could see the posts were now in a location where the bazillion (possibly a bit fewer) blog readers could see all the posts and the full names of those who made them. This is not the first time a situation like this has occurred.  A lot of the information posted on people’s social media pages are really tempting to take and use as examples, or for business activities such as for marketing and promotions. However, doing so could get you into some personal and/or legal hot water.  As organizations and individuals consider taking information they find on social media sites, they need to consider the reasons why doing so may not be a good idea after all.

Reason #1: It will (more…)

3 Privacy Mistakes For Social Media And Marketing

Tuesday, November 23rd, 2010

I love marketing and sales folks. Our businesses would be lost (well, at least have less revenues) without them! I’ve worked with many different sales and marketing folks throughout the past couple of decades, and I appreciate their enthusiasm and creativity to find ways in which they can help their organizations make more revenue. (more…)

Six U.S. Bills Related To Data Protection Introduced Dec. 5 – 7

Monday, December 11th, 2006

Last week was a busy one for data protection bills for the end of the 109th U.S. Congress. Prior to adjourning, they introduced at least six bills related to data protection.

(more…)