Posts Tagged ‘privacy law’

Routine Personal Information Posting in the U.S. State Government Agencies

Monday, January 29th, 2007

NBC news ran a story about how many state government agencies post sensitive personally identifiable information (PII) on their websites. In this case an Ohio county court “routinely posted traffic tickets and other public records on its Web site.”

(more…)

What IT Leaders Need to Know About Using Production Data for Testing

Friday, July 14th, 2006

There are many issues involved with using live production data, particularly real personally identifiable information (PII), for test and demo purposes.  For many years it has been the norm within organizations to use copies of production data for testing during applications and systems development.  However, over the past few years this practice is becoming more and more of a bad idea with all the new privacy laws and regulations, identity theft cases, insider instigated fraud, increased customer awareness, and the growing number of companies using outsourced companies to manage applications development, testing and quality assurance. 

In my latest podcast I discuss the importance of and reasons for using data that does not include real, production PII for test and development purposes.



MP3: Rebecca Herold – What IT Leaders Need to Know About Using Production Data for Testing

Demystifying Privacy Laws: What You Need to Know to Protect Your Business

Friday, June 30th, 2006

We are undergoing a data protection renaissance.  New laws have considerably expanded corporate obligations regarding security and privacy for information in all forms.  A significant obligation of the laws is applicable to basically all organizations; the duty to provide reasonable security for all corporate information.  Bottom line, generally all organizations have some legal obligation to establish effective information security programs.  It is important to realize that in most cases there are no hard and fast rules regarding which specific security measures a company should implement to satisfy its legal and privacy law obligations. In this podcast I discuss what you need to know to protect your business when trying to comply with the multitude of privacy laws, and I describe a unified, process oriented best practice approach organizations can use to address the requirements of such laws as HIPAA, GLBA, Canada’s PIPEDA, the EU Data Protection Directive, among many, many others.



MP3: Rebecca Herold – Demystifying Privacy Laws: What You Need to Know to Protect Your Business