Posts Tagged ‘privacy law’

Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction

Monday, November 5th, 2007

Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.

(more…)

Do Something To Change Information Security, Privacy and Compliance…Contact Congress!

Sunday, November 4th, 2007

I, along with a very large number of other bloggers, writers and instructors, often pick apart data protection and privacy laws and regulations, and point out how certain portions of them are infeasible for most organizations to implement, and talk about the types of laws that should be inacted to protect personally identifiable information (PII) and privacy. But how many of us actually do something about it and contact our lawmakers to communicate this information?

(more…)

Do Something To Change Information Security, Privacy and Compliance…Contact Congress!

Sunday, November 4th, 2007

I, along with a very large number of other bloggers, writers and instructors, often pick apart data protection and privacy laws and regulations, and point out how certain portions of them are infeasible for most organizations to implement, and talk about the types of laws that should be inacted to protect personally identifiable information (PII) and privacy. But how many of us actually do something about it and contact our lawmakers to communicate this information?

(more…)

New Nevada Law Explicitly Requires Organizations to Encrypt PII Sent Through Networks

Tuesday, October 9th, 2007

To date there have been several laws that direct organizations in certain industries to consider using encryption as one way to protect data based upon the organization’s considered risks, and laws that make encryption a factor in decisions regarding breach notifications, but until now no laws that I’m aware of explicitly required personally identifiable information (PII) to be encrypted. The state of Nevada has now changed that!

(more…)

Information Security Awareness in Europe…The Issues Are the Same Worldwide

Friday, August 24th, 2007

on 8/22/2007 a very interesting and useful report was released by the European Network and Information Security Agency (ENISA), “Information security awareness initiatives: Current practice and the measurement of success.”

(more…)

EU Data Protection Audits Active and Anticipated

Thursday, August 23rd, 2007

As a follow-up to my blog posting yesterday, I wanted to point out that the European Union (EU) Data Protection Authorities (DPAs) have been very active in pursuing data protection law compliance.

(more…)

EU Data Protection Directive 95/46/EC: Member Countries

Wednesday, August 22nd, 2007

Multi-national organizations doing business in Europe must know and understand not only their obligations to protect personally identifiable information (PII) under the European Union (EU) Data Protection Directive 95/45/EC, but they must also know and understand the data protection laws within each of the EU member countries.

(more…)

Privacy Act: FTC Proposes Allowing Disclosure of PII Records to Third Parties To Assist Data Breach Response Within Gov’t Agencies

Tuesday, April 3rd, 2007

On March 29 the FTC published a proposed new routine use, (72 Fed. Reg. 14814, 3/29/07), that would allow FTC records governed by the Privacy Act to be disclosed to “appropriate” persons and entities when reasonably necessary to respond and prevent, minimize, or remedy harm resulting from a U.S. government agency data breach or compromise.

(more…)

Legislation Passed to Strengthen Bush’s Privacy and Civil Liberties Oversight Board

Tuesday, February 27th, 2007

On February 15 the Senate Homeland Security and Governmental Affairs Committee approved legislation with provisions to strengthen President Bush’s Privacy and Civil Liberties Oversight Board. The provisions were part of a bill, the “Improving America’s Security Act of 2007” (S. 4), aimed at implementing unfulfilled recommendations of the 9/11 Commission. Full text of the 227-page S. 4 bill is available online.

(more…)

U.S. Privacy Related Bills Introduced February 15 & 16

Monday, February 26th, 2007

Before the U.S. House adjourned Febuary 16 and the Senate adjourned February 17 for a week-long recess, they submitted some bills with privacy impacts.

(more…)