Many organizations dangerously change their posted privacy policies often, and often without giving notice to their customers. It is important to always keep in mind that your posted privacy policy is a legally binding contract with your customers. You cannot agree to do one thing with your customers’ personally identifiable information (PII) when they start doing business with you and then change that agreement without notifying and allowing your customers to agree to that change.
Posts Tagged ‘policies and procedures’
Avoid Being Sued And Losing Customers: Don’t Go Changing Your Privacy Policy Willy-Nilly!
Friday, August 10th, 2007You Will Be Judged By The Company You Keep: 4 Good Reasons (And More) To Ensure Your Business Partners Have Good Information Security Programs
Thursday, August 9th, 2007Over the past few years I have done well over a hundred business partner security program reviews for organizations who wanted to ensure that the organizations to whom they were entrusting their sensitive data, or other business processing, had appropriate security and privacy policies, practices, training and were generally trustworthy.
Boiling Down PCI DSS Compliance; It’s Really Just Common Sense Information Security
Wednesday, August 8th, 2007I subscribe to many (sometimes I think too many) assorted email newsletters that cover a wide range of compliance issues. One came through today from the IT Compliance Institute with the subject line, “PCI fails, Fidelity breach, death by upgrade, more‚Ķ”
PCI fails? Sounded interesting so I went to their story about it.
(Title corrected on 8/9; thanks Grit!)
77% Polled Believe Privacy Is Possible
Tuesday, August 7th, 200777% of those participating in my completely unscientific blogsite poll from last week indicated privacy is still possible.
Wii Need To Be Creative With Information Security and Privacy Awareness
Monday, August 6th, 2007No, I didn’t misspell in the title… 🙂
My youngest son recently celebrated his birthday. Both my sons are the greatest kids I could ever have dreamed of. They both always do their chores and homework with very little prodding, are healthy, smart, considerate, loveable…well, I could go on and on. I am very thankful for them.
Privacy in the 21st Century is Captured Well in This Year’s GSW Logo Competition Winner
Sunday, August 5th, 2007Global Security Week (GSW) is September 3 – 7 this year, and the topic is Privacy in the 21st Century.
All the GSW logo entries were nice, but I think the winner of the GSW logo competition, Emily Hoelscher, captures the essence of privacy quite well. I really like how Emily incorporated both physical and data issues into her design.
The Many Languages of Security and Privacy
Friday, August 3rd, 2007I’ve done a lot of information security and privacy awareness and training work since 1990. I continue to do a lot; not only because of the *REAL* importance it has to the success of security and privacy efforts, but also because it is something I love doing.
Privacy Poll Closing *SUNDAY*…Please Click a Button!
Thursday, August 2nd, 2007Thanks to those of you who have taken the privacy poll on the right-hand side of this page! If you haven’t yet…please, pretty please, do! I had planned for this to close on Friday, but now it will close on Sunday. I’ll post a new poll weekly to run from Monday through Sunday, and each week afterwards.
Insider Threat: Contractor Sabotages Space Shuttle Endeavour
Wednesday, August 1st, 2007It feels like I’ve been writing a lot about the insider threat lately, but then again, it seems I read about a new incident caused by insiders almost daily. So much time, effort and money is spent on keeping the outsiders from getting to systems and data, but a comparatively little amount is spent on addressing, and trying to prevent, insiders from doing bad things. Folks who are trusted and have authorized access can do so much harm. The technologies focusing on the outsiders are not going to do much to protect your information from insiders.
Insider Threat and Cowboys: The Wall Street Journal Tells Your Personnel How To Get Around Your Security
Tuesday, July 31st, 2007Oh, boy, reading this Wall Street Journal story, “Ten Things Your IT Department Won’t Tell You” brought back some memories of personnel who went to great lengths to get around security requirements!
