Posts Tagged ‘PIA’

Organizations Must Consider Privacy Harms

Tuesday, May 12th, 2015

The expanding use of smart gadgets in the Internet of Things (IoT) is creating many more privacy risks than ever before encountered. Many businesses are also (finally!) starting to address privacy. And interest in how to establish privacy programs and how to perform privacy impact assessments (PIAs) to identify privacy risks are increasing. The privacy risks to the business that can occur include such things as: (more…)

Privacy Awareness: Moving from “I have nothing to hide” to “Oh dear!”

Wednesday, December 10th, 2014

The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.

When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would (more…)

Choose: $50 Credit Card Fraud Limit or Unlimited Privacy Damage?

Friday, June 6th, 2014

So today AT&T announced plans to test a service allowing payment card providers to access the location of a customer’s phone to improve the accuracy of fraud prevention systems for transactions made abroad. AT&T customers will have to opt-in to the fraud protection service, which will also be me made available to enterprise customers later this year.

Antone Gonsalves asked me for my opinions about the privacy implications, which he included some of within his article he published on CSO Online today.  However, I wanted to make several more points to follow-on to his article. (more…)

Privacy Lessons from Snapchat

Tuesday, June 3rd, 2014

There are many new small and mid-size business start-ups who are offering a wide range of online services, mobile apps, and smart devices. There are also many businesses that have been around a long time that see an opportunity and so are expanding into these areas.  I’ve spoken with many such businesses, and they often make two common privacy mistakes: (more…)

2011 Information Security, Privacy and Compliance Soothsaying

Monday, December 20th, 2010

Looking ahead to what will happen in the coming year is always an interesting exercise.  Just like within a great novel, foreshadowing occurs every day in our lives to drop the hints of things that are likely to come.  The trick is to separate out the valuable hints from the extraneous breadcrumbs that are dropped by dozens of other inconsequential sources that mislead us and cause us to fail in our predictions.   We shall see at the end of the year how close I am with the following predictions… (more…)

Smart Grid Privacy: Possible Privacy Standards To Address Concerns

Saturday, November 28th, 2009

Sorry to be so tardy in getting a blog post out. As many of you know I’ve been working with the NIST Smart Grid Privacy Subgroup since late June. The work done for this group is through time volunteered by all involved.
As a quick recap, I led the privacy impact assessment (PIA) for the consumer-to-utility portion of the planned smart grid during the late June to late August/early September time frame. On Friday, 11/20, I provided an update on our NIST groups activities during the Gridwise Alliance phone conference; perhaps some of you were on that call?
Here are some links showing information about our NIST Smart Grid privacy group’s work:

(more…)

15 Smart Grid Privacy Concerns + Other Smart Grid Thoughts

Monday, November 9th, 2009

I’ve had about half a dozen folks ask me how things are going with the work I’m doing with the NIST Smart Grid privacy group, and if I could provide an update since my last couple of posts on the topic here and here.
The time is going by much too quickly, and I am getting a bit nervous as we get closer to when we need to have the next draft of the NISTIR ready, tentatively set for December 31; there is so much more to do in this VOLUNTEER group effort…

(more…)

HIPAA And Surveillance In Hospitals

Thursday, November 5th, 2009

Over the years there have been many…too many…instances where doctors have performed the wrong types of surgeries on patients, and even the wrong surgeries on completely wrong patients…

(more…)

CEs and BAs: Be HIPAA/HITECH Compliant Or Pay A Hefty Penalty

Thursday, October 29th, 2009

The HHS released HITECH Act Enforcement Interim Final Rule today…

(more…)

Smart Grid Privacy: Laws and Implications

Wednesday, October 21st, 2009

I was recently asked several questions about my work with the NIST Smart Grid privacy group and associated issues. Here are a couple of those questions, and my answers to them…

(more…)