Posts Tagged ‘privacy law’
Tuesday, September 30th, 2014
Were you surprised to hear about the worker at the Chicago O’Hare airport last Friday? Certainly I was. Who would have ever thought someone working in the control center would light the hardware on fire, and then try to commit suicide? Unimaginable, right? However, what I was more surprised about was that there was no roll-over contingency operations center in place in the event something catastrophe took out the O’Hare operations center. After all, Chicago is in an area with a wide range of weather events, from blizzards and ice to severe storms and tornadoes, and everything in between. Not to mention that all airports are considered to be a target of a wide number of terrorist groups.
Just two days prior to the incident (more…)
Tags:BCP, business continuity, business resiliency, Chicago O’Hare, compliance documentation, data protection law, disaster recovery, documentation, DR, DR/BCP, facebook, IBM, Information Security, information security risks, infosec, marketing, midmarket, O’Hare fies, privacy, privacy law, privacy professor, privacy risks, privacyprof, Rebecca Herold, social media, twitter
Posted in Information Security | No Comments »
Monday, September 22nd, 2014
Most of the 250+ organizations I’ve audited, and the hundreds of others I’ve had as clients, hate documentation. At least creating documentation. So, they don’t do it, or they do it very poorly. Or, they document things they don’t need to, and fail to document the important things. And then, considering all that documentation, they often don’t retain it long enough, or forget where they put it.
Last year I wrote an article about legal retention length requirements. Now I’m focusing on the types of compliance activities organizations need to document, and then the need to retain that documentation for the appropriate periods of time. (more…)
Tags:BA management, compliance documentation, data protection law, documentation, facebook, HIPAA, Information Security, information security risks, infosec, marketing, midmarket, privacy, privacy law, privacy professor, privacy risks, privacyprof, Rebecca Herold, social media, twitter, vendor management
Posted in HIPAA, Privacy and Compliance | No Comments »
Friday, August 29th, 2014
Over the past few months I’ve been creating some social media marketing privacy guidelines and requirements for a couple of my large clients. Today I read a post from a fellow IBM Midsize Insider contributor, Jason Hannula, “Social Media: Enterprise Content or Customer Relationship Information?” It stated that “93% of marketers are using social media for business.” A large number of these are from small and midsize organizations. It is important for these organizations to not only keep Jason’s suggestions in mind, and follow the business’s data governance requirements, but also to make sure privacy is also appropriately addressed. Many, perhaps most, small to midsize businesses do not yet have social media privacy requirements in place. (more…)
Tags:data protection law, encryption, facebook, IBM, Information Security, information security risks, infosec, marketing, midmarket, privacy, privacy law, privacy professor, privacy risks, privacyprof, Rebecca Herold, social media, twitter
Posted in Marketing, privacy, Social Media | No Comments »
Monday, August 25th, 2014
Many marketing professionals have a common temptation; they want to send as many marketing messages to as many people as possible, and they would love to send it to all folks who have ever been customers or clients of their business, and often times actually want to simply send to everyone whose email address they can obtain in any way.
Privacy professionals make many efforts to guide marketers on what is acceptable and not acceptable. After all, (more…)
Tags:choice, data protection law, FIPs, GAPP, IBM, Information Security, information security risks, infosec, marketing, marketing privacy, midmarket, notice, OECD, PbD, privacy, Privacy by Design, privacy law, privacy principles, privacy professor, privacy risks, privacyprof, Rebecca Herold
Posted in Marketing, privacy | No Comments »
Thursday, July 31st, 2014
What is the difference between security and privacy?
Many of my clients are small and midsized businesses. They often express confusion over what each of these terms (neither of which have a universally-accepted definition) actually means, how they are different, and how they are similar. This is important for business leaders to understand so they can make appropriate decisions within their information security and privacy management programs. Especially in small and midsize businesses, where there may not be a specific position to address either of these important topics. Let’s start with considering at a high level the differences between information security and privacy. (more…)
Tags:data protection law, encryption, FIPs, GAPP, IBM, Information Security, information security risks, infosec, midmarket, OECD, PbD, privacy, Privacy by Design, privacy law, privacy principles, privacy professor, privacy risks, privacyprof, Rebecca Herold
Posted in privacy | No Comments »
Saturday, November 28th, 2009
Sorry to be so tardy in getting a blog post out. As many of you know I’ve been working with the NIST Smart Grid Privacy Subgroup since late June. The work done for this group is through time volunteered by all involved.
As a quick recap, I led the privacy impact assessment (PIA) for the consumer-to-utility portion of the planned smart grid during the late June to late August/early September time frame. On Friday, 11/20, I provided an update on our NIST groups activities during the Gridwise Alliance phone conference; perhaps some of you were on that call?
Here are some links showing information about our NIST Smart Grid privacy group’s work:
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, NIST, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training, Smart Grid, Smart Meter, SmartGrid
Posted in Information Security, Laws & Regulations, Privacy and Compliance | 1 Comment »
Monday, November 9th, 2009
I’ve had about half a dozen folks ask me how things are going with the work I’m doing with the NIST Smart Grid privacy group, and if I could provide an update since my last couple of posts on the topic here and here.
The time is going by much too quickly, and I am getting a bit nervous as we get closer to when we need to have the next draft of the NISTIR ready, tentatively set for December 31; there is so much more to do in this VOLUNTEER group effort…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, NIST, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training, Smart Grid, Smart Meter, SmartGrid
Posted in Privacy and Compliance | 3 Comments »
Thursday, November 5th, 2009
Over the years there have been many…too many…instances where doctors have performed the wrong types of surgeries on patients, and even the wrong surgeries on completely wrong patients…
(more…)
Tags:awareness and training, HIPAA, HITECH, Information Security, IT compliance, IT training, patient privacy, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, Rhode Island Hospital, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Thursday, October 29th, 2009
Tags:awareness and training, HIPAA, HITECH, Information Security, IT compliance, IT training, patient privacy, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training
Posted in Laws & Regulations, Privacy and Compliance | 2 Comments »
Wednesday, October 21st, 2009
I was recently asked several questions about my work with the NIST Smart Grid privacy group and associated issues. Here are a couple of those questions, and my answers to them…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, NIST, NISTIR 7628, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training, Smart Grid
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
