Posts Tagged ‘personal information’
Monday, June 18th, 2012
June 22 update to this topic: Today the judge refused to block the release of the emails as Sebring and her lover requested. See http://www.desmoinesregister.com/article/20120622/NEWS/120622012/Judge-announces-decision-on-Sebring-email-release
In the past few weeks the use of emails at work has been in the news a lot in central Iowa, and the news quickly spread around the globe because of the sex and intrigue involved. Basically, approximately four months before the end of school, the Des Moines Superintendent of Schools at the time, Dr. Sebring, started sending what would end up being over 40 very personal and sexually explicit messages to
(more…)
Tags:awareness, breach, compliance, Des Moines, e-mail, electronic mail, email, IBM, Information Security, information technology, infosec, Iowa, IT security, messaging, midmarket, non-compliance, Omaha, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, public school, Rebecca Herold, Sebring, security, sensitive personal information, SPI, systems security, training
Posted in Information Security, Training & awareness | 4 Comments »
Thursday, May 31st, 2012
A couple of weeks ago I was doing a consulting call with a small startup business (that in a short span of time is already performing outsourced cloud processing for a number of really huge clients) about information security and privacy. They had implemented just the basic firewall and passwords, but otherwise had no policies, procedures, or documented program in place. I provided an overview of the need for information security and privacy controls to be in place throughout the entire information lifecycle; from creation and collection, to deletion and disposal. They were on board with everything I was describing until we got to (more…)
Tags:big data, breach, compliance, data analytics, data mining, degauss, disposal, disposal rule, facebook, FACTA, frictionless sharing, IBM, Information Security, information technology, infosec, IT security, midmarket, Netflix, non-compliance, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, SB 3159, security, Senate Bill 3159, sensitive personal information, shred, SPI, systems security, trash
Posted in Laws & Regulations | 5 Comments »
Wednesday, May 2nd, 2012
My 12-year-old son said to me yesterday after getting home from school, “Hey, Mommy, did you know that Wal-Mart can tell when you’re pregnant? And so can Target! Even before anyone else knows! They got a girl in trouble when they sent her dad coupons for baby stuff and congratulated her!”
Me, “That’s pretty incredible, isn’t it? Companies are able to discover things like that about people more than ever before through analyzing what is called ‘Big Data’.”
Son, “That’s really creepy. I think you should (more…)
Tags:audit, big data, breach, breach response, change controls, compliance, data analytics, data mining, encryption, IBM, Information Security, information technology, infosec, IT security, midmarket, non-compliance, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, SPI, systems security, Target, Wal-Mart
Posted in privacy | 1 Comment »
Tuesday, April 17th, 2012
Last week I provided Howard Anderson at HealthInfosecurity.com with some of my thoughts about the recent Utah Department of Health breach of the files of 900,000 individuals, and counting. He included some of my thoughts in his blog post, along with thoughts from others. I wanted to provide my full reply here, along with some expanded thoughts.
As background, for those of you who may not have heard of this hack yet, in a nutshell: (more…)
Tags:audit, breach, breach response, change controls, compliance, DTS, encryption, IBM, Information Security, information technology, infosec, IT security, Medicaid, midmarket, non-compliance, personal information, personally identifiable information, PHI, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, SPI, systems security, Utah
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Privacy Incidents | No Comments »
Tuesday, January 3rd, 2012
Happy New Year! I hope your year is starting out great. Have you made it to day 3 without breaking any of your resolutions? How about adding one more… (more…)
Tags:awareness, compliance, education, HIPAA, Information Security, personal information, PHI, PII, privacy, privacyprof, Rebecca Herold, training
Posted in privacy, Training & awareness | No Comments »
Thursday, December 11th, 2008
New FERPA Regulations were issued yesterday…
(more…)
Tags:awareness and training, FERPA, Information Security, IT compliance, IT training, personal information, personally identifiable information, PII, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance | 1 Comment »
Thursday, December 11th, 2008
New FERPA Regulations were issued yesterday…
(more…)
Tags:awareness and training, FERPA, Information Security, IT compliance, IT training, personal information, personally identifiable information, PII, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Tuesday, August 5th, 2008
I got a great question from a business friend of mine, and I wanted to provide my answer here, too, because it is something all multi-national organizations need to think about. Eric Nelson, who heads Secure Privacy Solutions asked, “If a company collects and manages PII from another country, e.g., India or the U.S., and transfers that PII to the E.U. for some type of processing or storage or even just transit, does the E.U. Data Directive apply once that PII leaves a country within the E.U.?”
(more…)
Tags:awareness and training, cross border data flow, EU Data Protection Directive, Information Security, IT compliance, IT training, personal information, personally identifiable information, PII, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Wednesday, October 10th, 2007
In the past week the two largest universities in Iowa provided examples of both great and poor security practices. Let’s see…how about the bad example first?
(more…)
Tags:awareness and training, CyberDefense Competition, encryption, Information Security, Iowa State University, IT compliance, lost laptop, personal information, PII, policies and procedures, privacy, privacy breach, risk management, security training, stolen laptop, University of Iowa
Posted in Information Security, Privacy and Compliance, Privacy Incidents, Training & awareness | No Comments »
