I love my iPod and my iTunes. I have always liked to pick and choose the tunes I wanted to hear and not have to listen to the entire album/CD if there were some songs that I didn’t care for. Plus, I like to listen to a variety of singers, all mixed together. I’ve created dozens of playlists for various events and activites I do. I have an eclectic taste in music which I am broadening all the time while listening to what I think is one of the top radio stations in the entire country, located right here in the Des Moines, Iowa area. Add to this the many great podcasts that continue to be churned out, and you can imagine how many weeks of total play time are stored on my computer within my MP3s.
Posts Tagged ‘Podcast’
Trends In Allowing MP3 Downloads to Corporate Networks
Thursday, September 20th, 2007How the HIPAA Enforcement Rule Impacts the Compliance Efforts of Covered Entities
Wednesday, August 16th, 2006In this episode, I speak with two highly experienced HIPAA compliance experts, Kevin Beaver and Brad Smith to get their views and opinions about this much discussed but often debated regulation. In particular we discuss the relatively new HIPAA Administrative Simplification Enforcement Final Rule, and how it impacts providers and payers. We explore and try to determine what, if any, impact the HIPAA Enforcement Rule has on Covered Entities.
Instead of clarifying compliance enforcement issues for covered entities (CEs), the Enforcement Rule has seemed to confuse and mislead many CEs into believing that they really don’t need to do much with regard to HIPAA compliance unless the Department of Health and Human Services (HHS), the Office for Civil Rights (OCR) or the Centers for Medicare and Medicaid Services (CMS) come knocking at their door and tell them they specifically need to do something.
Not all CEs are lackadaisical, though; Kevin, Brad and I discuss some of the CEs that have been very diligent in their HIPAA compliance efforts. However, we also discuss some examples of blatent disregard for HIPAA, and the resulting risks to organizations from such action. We also discuss the importance of addressing compliance through partnering information security, privacy, legal and compliance areas.
What IT Leaders Need to Know About Using Production Data for Testing
Friday, July 14th, 2006There are many issues involved with using live production data, particularly real personally identifiable information (PII), for test and demo purposes. For many years it has been the norm within organizations to use copies of production data for testing during applications and systems development. However, over the past few years this practice is becoming more and more of a bad idea with all the new privacy laws and regulations, identity theft cases, insider instigated fraud, increased customer awareness, and the growing number of companies using outsourced companies to manage applications development, testing and quality assurance.
In my latest podcast I discuss the importance of and reasons for using data that does not include real, production PII for test and development purposes.
MP3: Rebecca Herold – What IT Leaders Need to Know About Using Production Data for Testing
Demystifying Privacy Laws: What You Need to Know to Protect Your Business
Friday, June 30th, 2006We are undergoing a data protection renaissance. New laws have considerably expanded corporate obligations regarding security and privacy for information in all forms. A significant obligation of the laws is applicable to basically all organizations; the duty to provide reasonable security for all corporate information. Bottom line, generally all organizations have some legal obligation to establish effective information security programs. It is important to realize that in most cases there are no hard and fast rules regarding which specific security measures a company should implement to satisfy its legal and privacy law obligations. In this podcast I discuss what you need to know to protect your business when trying to comply with the multitude of privacy laws, and I describe a unified, process oriented best practice approach organizations can use to address the requirements of such laws as HIPAA, GLBA, Canada’s PIPEDA, the EU Data Protection Directive, among many, many others.
MP3: Rebecca Herold – Demystifying Privacy Laws: What You Need to Know to Protect Your Business
Information Security and Privacy Professionals MUST Work Together to be Successful
Tuesday, June 6th, 2006A few weeks ago I discussed the need for Information Security and Privacy professionals to work together to be successful. Yesterday I posted a new podcast that expands upon this topic, and I also describe 14 business trends that information security and privacy professionals must collaborate with each other to address. If you get a chance to listen, please let me know what you think!
How Encryption Supports Compliance
Sunday, April 30th, 2006In this episode I discuss how encryption supports compliance as well as effectively protects personal information. Encryption is an under-utilized security tool. Considering the infinite number of today’s risks, threats and vulnerabilities, encryption can effectively keep unauthorized individuals and systems from accessing sensitive information and thwart many types of attacks. In today’s business environment with sensitive information being stored in multiple locations, many of them mobile, encrypting information is an effective privacy safeguard organizations can add to their arsenal of safeguard tools. I also discuss incidents that occurred and how the laws, regulations, and regulatory bodies encourage the use of encryption.
How to Effectively Address Privacy in Business
Sunday, March 26th, 2006In this episode I briefly discuss the current privacy concerns and business activities regarding the safeguarding of personal information and the types of impact incidents have upon business; the challenges associated with protecting personal information (both consumer and employee), and ways to address these challenges to avoid ending up in the newspaper as the next privacy incident headline; and the need to address privacy issues within business processes, not only to meet regulatory requirements but also to demonstrate due diligence, support business goals and build business value.