Posts Tagged ‘personal privacy’

Don’t Manage Employee Online Activities By Requiring Their IDs & Passwords!

Thursday, June 18th, 2009

I read a story about a city government agency actually asking job applicants to provide their IDs and passwords for any online social networking type of site they participate in…


Where And How Do You Dispose Of Your Cell Phones and Paper Documents?

Monday, June 30th, 2008

Something I’m planning to do this summer with my sons is to do some dumpster diving, with the advice of my police and security services company owner friends, to see just how much personal information is left out for just anyone walking by to pick up and use, or misuse. We’ll also see about any cell phones that were just dropped in the dumpster or trash can…
How do you dispose of your cell phones? At work, and at home? And what do you do with the papers that contain personally identifiable information (PII) and other sensitive information when you throw them away? Are you more diligent at work? Or at home?
With this in mind, here’s another section from the third article in my June issue of “IT Compliance in Realtime“…


Where And How Do You Dispose Of Your Computers, CDs, USB Drives, Etc.?

Sunday, June 29th, 2008

In the past few years I’ve performed over 100 information security and privacy program reviews for the vendors and business partners of my clients, and I have often found these contracted organizations have lax to non-existent to outragiously irresponsible computer and electronic storage device disposal practices. One of the “information security” policies for one of the vendors actually directed their personnel to try to sell their old computers and storage devices on e-Bay or other online sites in order to recoup some of the costs…this was in their “Information Disposal Security Policy”! It had absolutely no mention of removing the data before trying to sell the devices; the main intent was to recoup as much of the investment as possible.
With this in mind, here’s another section from the third article in my June issue of “IT Compliance in Realtime“…


$54 Million Lawsuit Against Best Buy For Losing Laptop

Wednesday, February 13th, 2008

I knew the civil suits for lost laptops would start soon. Thanks so much to my buddy Alec for pointing out this story to me!
Raelyn Campbell took a laptop computer to Best Buy to get fixed, and three months later, after giving Campbell the run-around, Best Buy admitted to her that they lost the computer.


Potty Pics Poo-Poo Privacy

Tuesday, February 12th, 2008

This is a sad example of how others take it upon themselves to invade the privacy of others and don’t understand that they’re doing anything wrong…


Insider Threat Example: Programmer Sentenced To 30 Months In Jail And $81,200 Fine

Sunday, January 13th, 2008

Here’s a case I blogged about amost exactly a year ago, but it is worth revisiting since the sentencing for the crime was just handed down and it was significant. If you haven’t already, put this in your file of actual examples to incorporate into your information security and privacy awareness and training activities and content.
On January 8 a federal court in Newark, New Jersey, sentenced Yung-Hsun “Andy” Lin, a former systems administrator for Medco Health Solutions Inc., to 30 months in prison for transmitting computer code intended to wipe out data stored on Medco’s network; composed of more than 70 servers.


Terrorists Over 50 Don’t Fly According To The DHS

Friday, January 11th, 2008

I just read this and found the implication that folks over 50 years of age are not terrorist threats rather odd.
Today the U.S. Department of Homeland Security released some new rules related to READ ID.


13 Minnesota Students Disciplined For Facebook Photos

Friday, January 11th, 2008

I’ve blogged several times, such as here, here and here, about how information posted to the Internet, such as on Facebook and other social networking sites, cannot be considered as being private or secure, have been used to make hiring and firing decisions, and how it has impacted lives in other ways.
Well, now information posted to social networking sites are being used by schools.


Egregious Privacy Infringment: Fire Chief Emails Photo Of Topless Crash Victim

Tuesday, January 8th, 2008

Here is an example of how personnel can take photos and videos and completely invade the privacy of others, particularly those who have no voice to say stop.
A Central Florida fire chief will likely lose his job for widely emailing photos from a crash scene of a female victim that included view of her exposed breasts as paramedics were attending to her.


International PII Data Transfers: New Requirements from Spain

Monday, July 30th, 2007

In this global economy it is important for you to know, understand and follow the data protection laws in all the countries where you have offices, have customers, store personally identifiable information (PII) and from where PII is accessed. Each country has nuances within their laws that could create quite a big obstacle if you are doing business there and find you must suddenly stop because you are out of compliance with their data protection laws.