This week I want to look at the concept of personally identifiable information (PII), and what types of items, in particular, are considered as such…
Posts Tagged ‘PII’
What is PII? How About IP Addresses?
Monday, July 13th, 2009Stolen Print Documents With PII Found On Crook; Otherwise UCM Would Not Have Known The Reports Were Stolen
Wednesday, July 1st, 2009Stolen Print Documents With PII Found On Crook; Otherwise UCM Would Not Have Known The Reports Were Stolen
Wednesday, July 1st, 2009South Carolina & Alaska Privacy Breach Notice Laws Go Into Effect July 1
Monday, June 29th, 2009This week two more U.S. breach notice laws go into effect…
5 Common, Dumb and Dangerous Privacy Assumptions
Wednesday, June 17th, 2009Today Kevin Beaver posted a nice article, “Dumb things IT consultants do” that included more than one warning about making assumptions. Kevin’s nice post made me think about all the dangerous assumptions consulants and practitioners often make when it comes to evaluating privacy practices…
Rights for Privacy Breach Victims
Wednesday, June 3rd, 2009I received a provacative question on Twitter last week from idExperts, “If you had a wish list of rights for identity theft victims, what would that be?”
Sounds like a great blog topic! 🙂 Here are my thoughts…
Breach Notices, Securing PHI & PHR Vendor Responsibilities Under HIPAA/HITECH Act
Tuesday, April 21st, 2009Last Friday the US Department of Health and Human Services (HHS) released, at the last possible moment to meet their deadline, their interim final regulations to require covered entities (CEs) under the Health Insurance Portability and Accountability Act (HIPAA) and their business associates (BAs) to provide for notification in the case of breaches of unsecured protected health information (PHI) as required by the HITECH Act.
If you’ve read any of the at least 47 U.S. state and territory beach notice laws you will get a strong sense of deja vu while reading this document. They borrowed HEAVILY from the various existing breach notice laws to estblished their proposed definitions of securing PHI, what constitutes a “breach” of PHI, and for doing breach notifications.
There are two major issues…
Most Laws Are Flawed, But It Is Up To Us To Make Them Better & Make Them Work
Friday, March 6th, 2009Rafal Los makes some very good points in his post “Analysis of the Stimulus Bill and Healthcare Privacy” from a few days ago. I started writing all my thoughts as a comment to him, but then decided it would work well as a blog post…
New Guidelines for Safeguarding Personal Data
Tuesday, January 20th, 2009Happy U.S. presidential inauguration day! 🙂 Did you take off a few minutes of work to watch the inauguration? I wasn’t going to, was planning to just catch videos on the news sites or YouTube later, but then I did, and I’m glad; it was so historical and memorable!
To celebrate, how about I tell you that NIST just made a great new document available…
Business Info Fact Of The Day: Smart Business Leaders Encrypt PII
Friday, January 16th, 2009If you are a business leader you must know and understand that encrypting personally identifiable information (PII) protects that PII from being used for identity theft and other crimes should it fall into the hands of a crook. Business leaders need to know this, but unfortunately too many do not really know what encryption is, let alone how it can be used to protect PII, along with the business.
