Late last week I communicated with Linda McGlasson about a story she was putting together for bankinfosecurity that was published today, “Bank of New York Mellon Investigated for Lost Data Tape: 4.5 Million Customers Potentially Exposed.”
It’s a good and interesting article; check it out.
In Linda’s article there was a quote from Bank of New York (BONY) Mellon’s spokesperson Ron Sommer,
Posts Tagged ‘policies and procedures’
BONY Loss Of Backup Tape With Unencrypted PII Is Disappointing…But Not Surprising
Tuesday, May 27th, 2008Insider Threat Example: Bank Worker Sentenced To 36 Months In Prison; + Prison Terms For Others In Cahoots
Sunday, May 25th, 2008I’ve been doing some research for insider threat training content I’m creating, and I ran across a recent judgment against a bank employee for identity theft. This provides some good lessons to organizations for the insider threat, and would make a great case study for any organization to help personnel improve the ability to better protect personally identifiable information (PII).
Here’s the news release from the The United States Attorney’s Office for the Southern District of Texas…
Insider Threat Example: Bank Worker Sentenced To 36 Months In Prison; + Prison Terms For Others In Cahoots
Sunday, May 25th, 2008I’ve been doing some research for insider threat training content I’m creating, and I ran across a recent judgment against a bank employee for identity theft. This provides some good lessons to organizations for the insider threat, and would make a great case study for any organization to help personnel improve the ability to better protect personally identifiable information (PII).
Here’s the news release from the The United States Attorney’s Office for the Southern District of Texas…
More On The HHS HIPAA Compliance Activities
Friday, May 23rd, 2008Today I communicated with Sue Marquette Poremba at SC Magazine for an article she published this afternoon, “Proliferating HIPAA complaints and medical record breaches”
She had seen my blog posting from yesterday, “HIPAA Complaints And Associated Resolutions Since 2003” and asked me some follow-up questions.
Here is the full reply I sent to her, much of which she used within her article, but with some other points I want to note as well…
HIPAA Complaints And Associated Resolutions Since 2003
Thursday, May 22nd, 2008The U.S. Health Insurance Portability and Accountability Act (HIPAA) has required compliance from covered entities (CEs) since 2003. The Department of Health and Human Services (HHS) is the Federal agency with regulatory oversight for compliance; with the Office of Civil Rights (OCR) responsible for Privacy Rule enforcement and the Centers for Medicare and Medicaid Services (CMS) responsible for Security Rule enforcement. Why two different offices to perform enforcement activities? No good reason was ever given.
I was just out looking on the HHS’s HIPAA compliance and enforcement site.
On May 12, 2008, they provided some interesting statistics from their enforcement activities from the past 5 years. Looks like they love Excel and the graphing capabilities! 🙂 I want to share some of the statistics with you…
45 U.S. Breach Notice Laws…And Still Counting
Wednesday, May 21st, 2008Yesterday I posted a link to my quick reference list of breach notice laws.
I created that document at the beginning of this month, and Doug Markiewicz told me today in a comment to that post that there are two additional laws, one signed since I created my most recent list; thanks Doug!
43 U.S. Breach Notice Laws…And Counting
Tuesday, May 20th, 2008There are currently 43 breach response laws in the U.S.; this includes the District of Columbia and Puerto Rico.
SEC Regulation S-P Proposals To Improve The Security Of Customer Information Within Brokerage Shops
Friday, May 16th, 2008Do you work for a brokage house, have a subsidiary that is a brokerage house, or do any type of work with a brokerage house? If so, then you should be aware of the Securities and Exchange Commission (SEC) proposed changes to Regulation S-P in March of this year.
In general, the proposed amendments to Regulation S-P…
CAN-SPAM: Record Judgment Along With Updated Rules
Thursday, May 15th, 2008I was at the Secure360 conference (a fabulous event, btw) this week, and I’m just getting to an important current topic: CAN-SPAM.
On Monday (5/12) the FTC announced an update to the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) law.
