How did the following happen…there are many options…insider threat? Poor IT storage controls? Poor applications development controls? Perhaps using real personally identifiable information (PII) for test purposes? Hacker break-in? Through an outsourced company with access to the PII, but who also had poor controls? There are so many possibilities…
Posts Tagged ‘personally identifiable information’
FEMA Records Of 16,000 Katrina Victims Posted Online
Tuesday, December 23rd, 2008New Family Educational Rights and Privacy Act (FERPA) Regulations
Thursday, December 11th, 2008New FERPA Regulations were issued yesterday…
New Family Educational Rights and Privacy Act (FERPA) Regulations
Thursday, December 11th, 2008New FERPA Regulations were issued yesterday…
Cybercriminals Threaten To Post Millions Of PII Records For Express Scripts Customers
Friday, November 7th, 2008Just last month I blogged about the new Identity Theft Enforcement and Restitution Act of 2008. It covers extortion. I’m interested to see if it gets used for the latest extortion attempt…
State of New York Issues Guide For Protecting PII
Thursday, November 6th, 2008The State of New York just released a general guide to the protection of personally identifiable information (PII)…
Company Uses Negotiated Checks For Packing Material!
Thursday, August 21st, 2008Not much surprises me any more with regard to some of the silly things that organizations do with printed PII that put the involved individuals at risk.
However, I was surprised when I watched an ABC News report this morning…
Whose PII Is Covered Under the EU Data Protection Directive?
Tuesday, August 5th, 2008I got a great question from a business friend of mine, and I wanted to provide my answer here, too, because it is something all multi-national organizations need to think about. Eric Nelson, who heads Secure Privacy Solutions asked, “If a company collects and manages PII from another country, e.g., India or the U.S., and transfers that PII to the E.U. for some type of processing or storage or even just transit, does the E.U. Data Directive apply once that PII leaves a country within the E.U.?”
17 Info Security & Privacy Topics Call Center Staff Must Understand
Tuesday, July 29th, 2008Okay…back to my continuing lecture on the need to provide targeted training on specific information security and privacy topics to the various responsibility groups throughout your enterprise.
Consider this; what if you took a driver’s education class and all they told you to do, by showing you on a PowerPoint slide, is how to put the key in the ignition, turn the engine over, how to press the accelerator to move forward, and how to press the brakes to stop. Then they told you to go out there and drive…have it it! Would you be well prepared to get onto the road and deal with all the other things you need to know about driving? Most likely not. If you feel you would be well prepared, please tell me you will not be driving on the central Iowa roads… 🙂
People Need Periodic, Effective, Training And Ongoing Awareness To Truly Safeguard Information
Friday, July 25th, 2008Imagine this; what if you were given training just one time, in a 1-hour session with no hands-on practice, for how to do first aid and give CPR and then were never given more training or reminders about how to do first aid and CPR…two years later would you be able to competently perform first aid when someone needed it? Probably not. Probably not even 1 year later, or even 6 months later.
People need to have regularly scheduled training and ongoing awareness in how to do activities competently. You cannot expect to give a 1-hour, often poorly-constructed, training course about information security or privacy and the have the people taking the training know what to do weeks or months or even yeas later. However, this is the situation that occurs in a very large portion of organizations.
It is no wonder that the majority of security incidents and privacy breaches occur as a result of lack of knowledge and mistakes.
Here is the third part of the third article, “Providing Call Centers with Information Security and Privacy Education,” in my July issue of IT Compliance in Realtime, that speaks to this issue…
Call Center Folks Have Huge Amounts Of Access TO PII
Thursday, July 24th, 2008Need more reasons from my post from yesterday about why call centers need targeted training and ongoing awareness?
If so, then here is the second part of the third article, “Providing Call Centers with Information Security and Privacy Education,” in my July issue of IT Compliance in Realtime…
