Posts Tagged ‘privacy law’
Saturday, January 3rd, 2009
A big thank you to Brandon Dunlap and Brett Myers for catching an error I made in my January 1 post…
(more…)
Tags:awareness and training, data protection law, Information Security, IT compliance, IT training, Massachusetts law, policies and procedures, privacy law, privacy training, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Thursday, January 1st, 2009
Happy New Year!
Several news laws go into effect today. Here are just a few of them…
(more…)
Tags:AB 211, awareness and training, data protection law, FMLA, Information Security, IT compliance, IT training, Massachusetts law, policies and procedures, privacy law, privacy training, risk management, SB 541, security training
Posted in Laws & Regulations, Privacy and Compliance | 2 Comments »
Friday, October 17th, 2008
If you must comply with the Red Flags Rule, which is a rule that falls under the umbrella of the Fair and Accurate Credit Transactions Act (FACTA), which most organizations in the U.S. who process payments from their customers must comply with, for which compliance is required by November 1 of this year, then you should review the recently released guidance documents that will be used by the government oversight examiners…
(more…)
Tags:awareness and training, FDIC, federal reserve, identity theft, Information Security, IT compliance, IT training, policies and procedures, privacy law, privacy training, Red Flags rule, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Monday, September 29th, 2008
There is a growing trend in laws that require personally identifiable information (PII) to be encrypted.
Encryption in past laws have been directed to be considered based upon risk, but now they are more explicitly required in some laws.
(more…)
Tags:awareness and training, data protection law, encryption, Information Security, IT compliance, IT training, Massachusetts, Nevada, policies and procedures, privacy law, privacy training, risk management, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Wednesday, March 19th, 2008
This morning I took a little time to update my long listing of world-wide data protection (privacy) laws.
Here are some of them you may find helpful:
(more…)
Tags:awareness and training, data protection law, Information Security, IT compliance, policies and procedures, privacy law, risk management, security awareness, security training
Posted in Laws & Regulations | No Comments »
Friday, February 1st, 2008
Another country appears to be on the verge of passing a privacy breach notice law…
(more…)
Tags:Australia, awareness and training, breach notice law, Information Security, IT compliance, Karen Curtis, policies and procedures, privacy, privacy law, privacy policy, risk management, security awareness, security training
Posted in Laws & Regulations | No Comments »
Thursday, January 3rd, 2008
I recently blogged about “6 “Scary Stuff” Privacy Terms IT, Info Sec and Privacy Folks Should Know.”
I was very pleasantly surprised to hear from Dr. Michael G. Michael and his wife Dr. Katina Michael a couple of days ago about the post! (Thank you Michael and Katina!) They provided some additional very interesting information about the term “√úberveillance.” With their permission, here is a large portion of the message they sent to me:
(more…)
Tags:ambient technology, awareness and training, Dr. Katina Michael, Dr. Michael G. Michael, employee privacy, employee tracking, GPS tracking, Information Security, IT compliance, policies and procedures, privacy, privacy law, RFID, risk management, security awareness, security training, social security number, SSN, uberveillance
Posted in Privacy and Compliance | No Comments »
Tuesday, November 6th, 2007
Here’s a case I found interesting…the U.S. District Court for the Eastern District of Tennessee ruled on October 24th that providing a group of record company plaintiffs with student personally identifiable information (PII) does not violate the U.S. Family Educational Rights and Privacy Act (FERPA).
(more…)
Tags:awareness and training, congress, data protection law, FERPA, government, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy law, risk management, security law, security training, University of Tennessee at Knoxville
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Tuesday, November 6th, 2007
Here’s a case I found interesting…the U.S. District Court for the Eastern District of Tennessee ruled on October 24th that providing a group of record company plaintiffs with student personally identifiable information (PII) does not violate the U.S. Family Educational Rights and Privacy Act (FERPA).
(more…)
Tags:awareness and training, congress, data protection law, FERPA, government, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy law, risk management, security law, security training, University of Tennessee at Knoxville
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Monday, November 5th, 2007
Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.
(more…)
Tags:awareness and training, cybercrime, data protection law, Global Crossing, identity theft, Information Security, insider threat, IT compliance, policies and procedures, privacy, privacy law, risk management, security law, security training, Steven William Sutcliffe
Posted in identity theft, Information Security, Privacy and Compliance | 5 Comments »
