Posts Tagged ‘personally identifiable information’
Tuesday, September 18th, 2007
Today the U.S. Federal Trade Commission (FTC) released a report, “Combating Identity Theft: Implementing a Coordinated Plan.”
(more…)
Tags:awareness and training, cybercrime, cyberfraud, FTC, identity theft, Information Security, insider threat, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy breach
Posted in government, identity theft, Privacy and Compliance, Training & awareness | No Comments »
Monday, September 17th, 2007
Last year I had a couple of different identity theft insurance vendors contact me wanting me to endorse their products as they were trying to sell the packages to employers to offer to their employees as part of their total benefits packages.
(more…)
Tags:awareness and training, FTC, identity theft, identity theft insurance, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy breach
Posted in identity theft | 1 Comment »
Thursday, September 13th, 2007
Yesterday yet another incident occurred where a business partner / vendor lost the personally identifiable information (PII) for which they had been entrusted. Americhoice sent a CD containing the PII of 67,000 individuals to TennCare via overnight UPS delivery.
(more…)
Tags:Americhoice, awareness and training, Information Security, IT compliance, outsourcing risks, personally identifiable information, PII, policies and procedures, privacy, privacy incident, risk management, TennCare, UPS, vendor management
Posted in Information Security, Laws & Regulations, Privacy and Compliance, Privacy Incidents | No Comments »
Monday, September 10th, 2007
There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.
(more…)
Tags:awareness and training, CMS, Computer Fraud and Abuse Act, Council of Community Health Clinics, HHS, HIPAA, Information Security, insider threat, IT compliance, Jon P. Oson, OCR, patient privacy, personally identifiable information, PHI, PII, policies and procedures, privacy, privacy rule, protected health information, security rule
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »
Monday, September 10th, 2007
There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.
(more…)
Tags:awareness and training, CMS, Computer Fraud and Abuse Act, Council of Community Health Clinics, HHS, HIPAA, Information Security, insider threat, IT compliance, Jon P. Oson, OCR, patient privacy, personally identifiable information, PHI, PII, policies and procedures, privacy, privacy rule, protected health information, security rule
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »
Tuesday, August 28th, 2007
Well, if you look at the results of my very unscientific poll from last week, it appears there is a very wide range of opinions about the use of social networking sites at work.
(more…)
Tags:awareness and training, facebook, Information Security, IT compliance, MySpace, personally identifiable information, PII, policies and procedures, privacy, risk management, social networking, YouTube
Posted in Information Security, Privacy and Compliance | 2 Comments »
Monday, August 27th, 2007
Tags:awareness and training, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, risk management
Posted in government, Privacy and Compliance | 2 Comments »
Sunday, August 26th, 2007
I’ve talked several times on this blog about my sons, and how they’ve really resonated with the information security and privacy discussions and information I’ve given them. They notice privacy risks and security problems when we’re out in stores or traveling. They point out problems on the Internet. They won’t let me watch their fingers when they enter their passwords on their membership sites so I won’t discover their passwords…even though they know my parent account has access to change them. 🙂
(more…)
Tags:awareness and training, Howie Day, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, risk management, social networking sites, social psychology
Posted in Training & awareness | 2 Comments »
Friday, August 24th, 2007
on 8/22/2007 a very interesting and useful report was released by the European Network and Information Security Agency (ENISA), “Information security awareness initiatives: Current practice and the measurement of success.”
(more…)
Tags:awareness and training, data protection law, ENISA, EU Data Protection Directive, European Union, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, PricewaterhouseCoopers, privacy, privacy law, risk management
Posted in Information Security, Privacy and Compliance, Training & awareness | 3 Comments »
Monday, August 20th, 2007
Over the weekend I read yet another news article about social networking sites and the related risks. This time it was about how schools are implementing rules to address cyber bullying on the Internet; “Students To Be Punished For MySpace Postings.”
(more…)
Tags:awareness and training, facebook, Information Security, IT compliance, MySpace, personally identifiable information, PII, policies and procedures, privacy, risk management, social networking
Posted in Information Security, Privacy and Compliance | 2 Comments »
