Think for a few moments about the area in your company that has the most, or close to the most, direct contact with your customers and consumers…
Posts Tagged ‘personally identifiable information’
The Area With The Most Customer Contact Usually Has The Least Information Security and Privacy Training
Wednesday, July 23rd, 2008Internal Threat Example: Lending Tree Privacy Breach And Civil Suit
Sunday, June 1st, 2008Last month (May 2008…yes, it is June already!) Lending Tree got slapped with a civil suit alleging their personnel allowed mortgage lenders access to customer’s personally identifiable information (PII) and other confidential information.
The suit charges that Lending Tree did not have appropriate or adequate information safeguards in place, resulting in the employees using names, addresses, phone numbers, Social Security numbers, income information, and assorted other personal information, to market their own mortgage loans to the LendingTree customers.
The class-action lawsuit, (this is from a subscription site) represents all Lending Tree customers who submitted loan request forms to the company between Jan. 1 2006 and May 1, 2008.
From the case file…
Let Your Personnel And Family Know About This Phishing Scheme That Spoofs Amazon
Thursday, May 29th, 2008When was the last time you warned your family members, friends and/or personnel about the new phishing schemes that are being launched?
There are many phishing scams going on right now, and they are widely reported and talked about. I want to talk about a new one spoofing Amazon, a popularly spoofed company in phishing messages, because I’ve already had a couple of other folks I know who are not in the info sec biz asking me about it today. I also got it in my email box today, so it will make a good example to discuss…
Business Leader Primer for Effective Information Disposal
Wednesday, May 28th, 2008I’ve been talking a lot lately about the need for business leaders to more effectively address the secure disposal of information, particularly personally identifiable information (PII). Why? Because it seems like more and more attention is being given to security technologies to protect day-to-day business…attention is good and MUST be done…but often it seems it is at the expense of then overlooking, or perhaps shrugging off, how to securely dispose of PII, systems, applications and hardware when they are no longer needed in the business. This has led to many information security incidents and privacy breaches.
I address the reasons why business leaders must give attention to information disposal in the second article of my May issue of IT Compliance in Realtime, “Business Leader Primer for Effective Information Disposal.”
Download a PDF version to get a much nicer-looking copy, the super-duper graphic I put into the article, plus the sidebar information and facts. Here is an unformatted version of the article…
Insider Threat Example: Bank Worker Sentenced To 36 Months In Prison; + Prison Terms For Others In Cahoots
Sunday, May 25th, 2008I’ve been doing some research for insider threat training content I’m creating, and I ran across a recent judgment against a bank employee for identity theft. This provides some good lessons to organizations for the insider threat, and would make a great case study for any organization to help personnel improve the ability to better protect personally identifiable information (PII).
Here’s the news release from the The United States Attorney’s Office for the Southern District of Texas…
Iowa Privacy Breach Bill Has Much Of Its Teeth Pulled
Monday, March 10th, 2008Iowa introduced a new bill, SSB 3200, on February 20 to establish a state privacy breach notification law.
As originally worded it would have also required merchants to follow credit and debit card industry data security rules and make them liable to banks for costs they incurred after a breach of payment card transaction data not retained in compliance with those rules. However, in the past week SSB 3200 was amended in committee to remove the retailer liability provisions.
A companion bill, HSB 721, was introduced February 26.
3rd HIPAA Criminal Indictment; Another Insider Job
Sunday, March 2nd, 2008Will Bad News Come in 3’s For Health Net?
Saturday, March 1st, 2008In the past several days Health Net made the news…in ways they would rather not have…
First this on 2/22:
Great Information Security and Awareness Event Coming In April
Tuesday, February 26th, 2008There’s a great information security and privacy awareness event coming up, Internet Safety Night on April 23, 2008, 6:30-8:30 p.m.
Have You Reviewed the FTC’s Proposed Privacy Principles Yet?
Monday, February 25th, 2008If you are responsible for information security or privacy at your organization, and your organization does marketing, here is something you need to know about and discuss with your marketing folks. I blogged about this in December.
