I subscribe to many (sometimes I think too many) assorted email newsletters that cover a wide range of compliance issues. One came through today from the IT Compliance Institute with the subject line, “PCI fails, Fidelity breach, death by upgrade, more‚Ķ”
PCI fails? Sounded interesting so I went to their story about it.
(Title corrected on 8/9; thanks Grit!)
Posts Tagged ‘PII’
Boiling Down PCI DSS Compliance; It’s Really Just Common Sense Information Security
Wednesday, August 8th, 2007International PII Data Transfers: New Requirements from Spain
Monday, July 30th, 2007In this global economy it is important for you to know, understand and follow the data protection laws in all the countries where you have offices, have customers, store personally identifiable information (PII) and from where PII is accessed. Each country has nuances within their laws that could create quite a big obstacle if you are doing business there and find you must suddenly stop because you are out of compliance with their data protection laws.
Confusing Folks: PHR, PHI, PII, NPPI, and Dozens of Other Acronyms…It’s Still All Personal Information
Wednesday, July 25th, 2007I really enjoy reading survey results. I can’t help myself. Whether the surveys are well-done, sloppy, long, short, statistically accurate or obviously statistically invalid, I still find them interesting. Especially when they cover what the general public and non-IT/non-infosec person thinks or knows about information security and privacy, or some industry-specific issue.
Privacy Initiatives Sincere Or Marketing Ploy?
Tuesday, July 24th, 2007Insider Threat Example: Payroll Employee Threatens To Illegally Use Other Employees’ PII If Not Given a Good Review
Sunday, July 22nd, 2007Here’s another example of the insider threat similar to situations that I’ve heard of happening many times throughout the years through conversations with folks at conferences and other professional meetings.
Norman Borlaug: A Great Role Model for the Power of One
Thursday, July 19th, 2007I have heard many information assurance (IA) professionals, when they are feeling frustrated, angry, or whatever other negative feelings we all have at one time or another, say what they are doing is not making a difference, or say they feel they are looked down upon by others in their organization as a “necessary evil.” They often feel that one person cannot make a difference.
HIPAA Violation in Divorce Proceeding?
Friday, July 13th, 20075 Security Lessons from Non-Compliance with UK Data Protection Law
Monday, July 2nd, 2007I speak with many organizations who have customers throughout the world, often via their ecommerce websites, and an alarmingly large number of these organizations are completely unaware of the data protection laws they must follow in the countries where their customers are from. When the privacy commissioners from these other countries discover the organizations not following the laws, the organizations can have substantial financial impact on their businesses from not only fines, but typically more significantly from bad press, and orders to discontinue business within the country until they have their business activities, policies and processes in compliance with the requirements.
HIPAA: More Changes and Initiatives by HHS
Thursday, April 26th, 2007I’ve been reading so much about HIPAA lately; no enforcement actions yet, but a lot of changes, proposals and initiatives.
Two more I read about recently:
HIPAA: Advisory Workgroup Proposes PHI Security and Privacy Requirements Should Apply to All Organizations
Monday, April 23rd, 2007The Department of Health and Human Services (HHS) has a Confidentiality, Privacy, and Security Workgroup, also known as the American Health Information Community, that is made up of practitioners, IT folks, lawyers and other leaders outside of the government who want a say in how protected health information (PHI) is safeguarded, shared, and otherwise handled.
