Posts Tagged ‘personally identifiable information’
Wednesday, February 13th, 2008
I knew the civil suits for lost laptops would start soon. Thanks so much to my buddy Alec for pointing out this story to me!
Raelyn Campbell took a laptop computer to Best Buy to get fixed, and three months later, after giving Campbell the run-around, Best Buy admitted to her that they lost the computer.
(more…)
Tags:awareness and training, Best Buy, Information Security, IT compliance, lost laptop, personal privacy, personally identifiable information, PII, policies and procedures, privacy, privacy policy, Raelyn Campbell, risk management, security awareness, security training
Posted in Privacy Incidents | 1 Comment »
Tuesday, February 12th, 2008
I just saw a term that can be used really well with non-technical folks, “data pollution.”
I wish I had thought of that term!
(more…)
Tags:awareness and training, data pollution, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy policy, risk management, security awareness, security training
Posted in Privacy Incidents | No Comments »
Thursday, February 7th, 2008
Here’s one more thing for IT, Information Security and Privacy folks to put on their list of things to worry about…
(more…)
Tags:awareness and training, Google Apps, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy policy, risk management, security awareness, security training
Posted in Information Security | No Comments »
Tuesday, February 5th, 2008
It seems all business leaders would understand by now, after literally thousands of privacy incidents in recent years, that they need to encrypt personally identifiable information (PII) stored on mobile computers and mobile storage devices, and when sending PII through networks.
Even the bad guys understand this.
(more…)
Tags:awareness and training, encryption, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy policy, risk management, security awareness, security training, surveillance, terrorist
Posted in Information Security | No Comments »
Tuesday, January 22nd, 2008
Last month I finished the second issue of my Protecting Information publication and the topic couldn’t be more timely: social engineering.
Just today I have already read in my daily news items 5 articles about social engineering! One in particular, “CUNA Mutual Warns on Costly HELOC Scam,” provides not only a great example of a current social engineering scam, but it would also make a great case study for social engineering training and within your awareness communications and activities. Here’s a quick overview…
(more…)
Tags:awareness and training, CUNA Mutual, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy policy, risk management, security awareness, security training, social engineering
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »
Sunday, January 13th, 2008
Here’s a case I blogged about amost exactly a year ago, but it is worth revisiting since the sentencing for the crime was just handed down and it was significant. If you haven’t already, put this in your file of actual examples to incorporate into your information security and privacy awareness and training activities and content.
On January 8 a federal court in Newark, New Jersey, sentenced Yung-Hsun “Andy” Lin, a former systems administrator for Medco Health Solutions Inc., to 30 months in prison for transmitting computer code intended to wipe out data stored on Medco’s network; composed of more than 70 servers.
(more…)
Tags:Andy Lin, awareness and training, computer crime, cybercrime, Information Security, insider threat, IT compliance, logic bomb, Medco, personal privacy, personally identifiable information, PII, policies and procedures, privacy, risk management, security awareness, security training
Posted in Information Security | No Comments »
Friday, January 11th, 2008
I just read this and found the implication that folks over 50 years of age are not terrorist threats rather odd.
Today the U.S. Department of Homeland Security released some new rules related to READ ID.
(more…)
Tags:awareness and training, DHS, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, REAL ID, risk management, security awareness, terrorist
Posted in government | 1 Comment »
Friday, January 11th, 2008
I’ve blogged several times, such as here, here and here, about how information posted to the Internet, such as on Facebook and other social networking sites, cannot be considered as being private or secure, have been used to make hiring and firing decisions, and how it has impacted lives in other ways.
Well, now information posted to social networking sites are being used by schools.
(more…)
Tags:awareness and training, Eden Prairie, facebook, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, protecting information, risk management, security awareness, security training, social networking
Posted in Privacy and Compliance | No Comments »
Tuesday, January 8th, 2008
Tags:awareness and training, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, risk management, security awareness, security training, Shirk
Posted in Privacy Incidents | No Comments »
Sunday, December 30th, 2007
Tags:Authorities Principles of Business, awareness and training, FSA, identity verification, Information Security, IT compliance, Norwich Union Life, personally identifiable information, PII, policies and procedures, pretexting, risk management, security awareness, security training
Posted in Non-compliance Sanctions Examples | No Comments »
