Posts Tagged ‘policies and procedures’

Do Something To Change Information Security, Privacy and Compliance…Contact Congress!

Sunday, November 4th, 2007

I, along with a very large number of other bloggers, writers and instructors, often pick apart data protection and privacy laws and regulations, and point out how certain portions of them are infeasible for most organizations to implement, and talk about the types of laws that should be inacted to protect personally identifiable information (PII) and privacy. But how many of us actually do something about it and contact our lawmakers to communicate this information?

(more…)

Definitions For the Identity Theft Prevention Program Rule Under FACTA & Questions For Your Organization

Friday, November 2nd, 2007

In addition to some great followup questions I got from Andy in response to my blog posting yesterday, “FTC Now Requires Organizations to Have an Identity Theft Prevention Program” I have also received some interesting questions from others about the new Identity Theft Prevention Program Rule, along with having the opportunity to have some interesting discussions with several folks today, such as Linda McGlasson at bankinfosecurity.com.

(more…)

Definitions For the Identity Theft Prevention Program Rule Under FACTA & Questions For Your Organization

Friday, November 2nd, 2007

In addition to some great followup questions I got from Andy in response to my blog posting yesterday, “FTC Now Requires Organizations to Have an Identity Theft Prevention Program” I have also received some interesting questions from others about the new Identity Theft Prevention Program Rule, along with having the opportunity to have some interesting discussions with several folks today, such as Linda McGlasson at bankinfosecurity.com.

(more…)

FTC Now Requires Organizations to Have an Identity Theft Prevention Program

Thursday, November 1st, 2007

Did you know that if you are a U.S. financial organization, *AND/OR* if you have information about your U.S. customers with which identity theft could occur, you are now legally required to have a documented Identity Theft Prevention Program to help prevent identity theft in connection with new and existing accounts?

(more…)

Will A “Do Not Track” List Materialize?

Wednesday, October 31st, 2007

Today it was widely reported that several privacy groups were banding together to demand the creation of a “Do Not Track” list, similar to the FTC’s “Do Not Call” list.

(more…)

Email Security and Privacy: NY Hospital Retention Ruling Points Out Importance of Policies and Awareness

Wednesday, October 31st, 2007

On October 17, 2007, there was a very interesting ruling regarding a doctor’s email communications sent to an attorney and the associated attorney privilege. In the matter of Scott v Beth Israel Med. Ctr. Inc. the New York Supreme Court found that the doctor’s email messages to his attorneys using the hospital network were not privileged and could be retained by the hospital even though the doctor wanted the hospital to stop retaining his messages and delete all emails related to his communications with his lawyers.

(more…)

40 State Level Breach Notice Laws…And Counting

Monday, October 29th, 2007

Did you know that there are now 40 state level breach notice laws in the U.S., including the District of Columbia?
Many different websites provide information about the state breach notice laws, but most of them do not list all the current breach notice laws, or they provide information in a way that is not easy to quickly find specifically what I’m looking for.

(more…)

5-Point Checklist for Info Sec and Privacy Pros to Use for Data Protection and Privacy Law Compliance

Sunday, October 28th, 2007

One of the basic privacy principles is to limit the collection of personally identifiable information (PII) to only that which is necessary for the business purpose for which it is being collected. These privacy principles, built largely around the OECD privacy principles, are the basis for most data protection and privacy laws throughout the world.

(more…)

APEC Privacy Framework: Viewpoints from the FTC, TRUSTe & Marty Abrams

Saturday, October 27th, 2007

One of the sessions I attended at the IAPP Privacy Academy this past week was “APEC Update – Self Regulatory Approaches to Cross Border Transfers of Personal Data.” The presenters were: Pamela Jones Harbour, Commissioner, Federal Trade Commission (FTC), Marty Abrams, Executive Director, Center for Information Policy Leadership, and Fran Maier, Executive Director and President, TRUSTe.

(more…)

Many Kinds of Identity Theft Cause Many Types of Long Lasting Negative Impacts

Friday, October 26th, 2007

I want to revisit the blog posting I made a few days ago, “Average Cost of ID Theft Per Victim is $31,356
Some folks gave me some feedback, saying that they thought this cost was way too high based upon their own experiences when someone had used their credit cards and “it only took a matter of minutes to call the credit card company and report it, cancel the card/number, and get a new card, along with the $50” that they were responsible for.

(more…)