Posts Tagged ‘privacy incident’

Website Privacy and Security Lessons From the USPS

Monday, October 30th, 2006

Last Friday (10/27) Washington Technology published an interesting article, “USPS site is much more than just a presence on the Web” about the privacy challenges of the United States Postal Service (USPS) website.
It is interesting and revealing to see how the concerns and threats have evolved from primarily worrying about web defacements and hackers to now needing to address information security and privacy protections throghout the entire enterprise, right on out to the user endpoints (desktop computers, laptops, etc.).
How often do organizations re-evaluate the adequacy of their information security and privacy programs? If they depend completely upon their own personnel to do this, it is likely it is not often enough. Except for those comparatively few security/privacy stellar organizations, such evaluation activities often take back seat to other activities and day-to-day security/privacy fire-fighting activities.
If you cannot reliably use your own personnel to perform periodic evaluation of the adequacy of your organization’s information security and privacy efforts because they cannot realistically fit such activities in with their other job responsibilities (which is all too common), then seriously consider hiring an independent third party to perform such evaluation. You should have a third party occasionally perform independent reviews anyway to provide a level of objectivity you cannot get with your own personnel, and also to catch vulnerabilities and identify new threats that your personnel may not have the experience or up-to-date knowledge to identify.

Technorati Tags





How to Effectively Address Privacy in Business

Sunday, March 26th, 2006

In this episode I briefly discuss the current privacy concerns and business activities regarding the safeguarding of personal information and the types of impact incidents have upon business; the challenges associated with protecting personal information (both consumer and employee), and ways to address these challenges to avoid ending up in the newspaper as the next privacy incident headline; and the need to address privacy issues within business processes, not only to meet regulatory requirements but also to demonstrate due diligence, support business goals and build business value.