Posts Tagged ‘privacy awareness’

HIPAA Sanctions and Convictions Will Increase with HITECH Act & New Administration

Tuesday, March 31st, 2009

Upon reading and researching HIPAA and the impact of the HITECH Act upon it, basically broadening its applicability as well as adding new requirements for privacy breach notifications, I recently was compelled to write an article about what I foresee as likelihood that, after a very frustratingly slow start (by several years!) of HIPAA enforcement, increasingly more HIPAA sanctions will be made in the coming months and years.
SearchCompliance printed my article in three parts in their Compliance Tips section…

(more…)

Don’t let differing authority levels damage info sec, privacy & compliance collaboration

Thursday, March 26th, 2009

I first realized the need for information security and legal compliance areas to closely collaborate on converging issues in the mid-1990’s while establishing the information security and privacy requirements for one of the first online banks. Over the past 5+ years I’ve been actively evangelizing through my 2-day classes, conference and meeting speeches, and many articles and other publications about the need for information security, privacy and legal compliance areas to collaborate, and pointing out the areas where these responsibilities converge.

(more…)

Carnegie Mellon’s CyLab Is A Great Resource

Wednesday, March 25th, 2009

I was very happy to be invited to Carnegie Mellon University (CMU) to speak about information security and privacy convergence last month at their CyLab research and education center. It was a great experience!

(more…)

Many Motivators For Identity Theft

Tuesday, March 24th, 2009

I’ve heard far too many business leaders in lesser-regulated industries, of organizations of all sizes, say something to the effect of, “Oh, we don’t have any information that hackers would find of any value.”

(more…)

There Are 47 US State & Territory Breach Notice Laws: 1-Page Listing

Monday, March 23rd, 2009

Over the weekend I did some research to make sure I am up to date with all the current U.S. state and U.S. territories breach notice laws…

(more…)

Avoid Information Overload In Your Information Security & Privacy Training!

Sunday, March 22nd, 2009

I’ve been reviewing some “canned” information security and privacy training offerings in the past few months, and I’m seeing that many of them are trying to dump TOO MUCH information on those taking them; learners can only absorb so much information within a short period of time and retain it for any significant amount of time!

(more…)

Cautionary Tales for Tweeting About Work

Thursday, March 19th, 2009

I’ve been using Twitter now (http://www.twitter.com/privacyprof) for three going on four weeks. I’ve found it to be a very great way to be in touch with the latest news and happenings, and also to get in touch with other folks who care about and want to discuss the same types of topics as I do. I also see using Twitter within business organizations as a very good awareness raising tool. More on that in another post. But for now I want to discuss some of the potential personal hazards of tweeting…

(more…)