Posts Tagged ‘privacy policy’

How to Avoid Common Privacy Notices Mistakes

Wednesday, March 23rd, 2016

Most organizations have posted privacy notices on their websites. Great, right? Well consider that a 2012 study showed that the average reader would need 25 days simply to read the privacy policies for all websites accessed in a year. Website privacy notices are often very poorly written. And that’s not the only problem, as I’ve discovered over the past couple of decades reviewing privacy notices. In the past year in the privacy impact assessments (PIAs) I’ve done, I’ve found two consistent problems with them all. (more…)

Strong security controls are necessary for more than just preventing hack attempts

Tuesday, February 25th, 2014

Recently I’ve heard in various discussion venues the argument that information security controls are an impediment to technology use, and that instead we should look at demotivating the hackers. With specific regard to medical devices, one commenter stated that generally, the best “bet in defending medical devices (as well as financial systems) is making the information useless/pointless for the attackers.”  This is a dangerous attitude, and minimizes the true value of data on the devices.

Considering data on any type of computing device is considered (more…)

Mobile Device Security Continues to get More Complicated

Saturday, February 1st, 2014

I first started working on truly easily mobile computing device (not counting the first programmable pocket calculator, or the luggable computers that could not be hidden in your pocket) security in the workplace when the IT folks in my company at the time started bringing Psion devices to meetings somewhere around 1992 – 1993.  They presented some serious information security risks to the company. If the information security risks were considered to be significant 20 years ago, now the new additional information security and privacy risks are comparatively staggering.

Where is it?

Probably the number one risk back then was the tendency to lose or misplace the device.  It seemed like these little gadgets would be forgotten the moment they were laid down, despite how highly prized they were by their owners. Mobile computing devices today (more…)

Time to Focus on Privacy Every Day

Friday, January 31st, 2014

This week January 28 was recognized around the world at International Data Privacy Day. Data Privacy Day is the perfect time to think about all things privacy. For example, consider all the computing devices and gadgets you use, including smartphones and tablets.  Many folks don’t realize these devices are continually collecting personal information about (more…)

Yes, You Still Need Policies for Your Outsourced Activities!

Friday, December 27th, 2013

Here’s a statement I’ve answered over 100 times (seriously!) in the past few years.

“We’ve outsourced that IT activity, so we don’t we don’t need a policy for it.”

The one word reply to this statement is, (more…)

Do Your Legal Contracts Conflict with Your Web Site Privacy Policy?

Friday, October 3rd, 2008

Over the years I’ve found while doing website privacy policy reviews and gap analyses that a large portion of organizations make promises within their posted web site privacy policies that they do not support by internal procedures, and that they do not provide internal personnel training and awareness communications for; a huge risk!
I’ve also found that many organizations have online contracts for their web site customers that are in conflict with their posted privacy policies.


Do Your Legal Contracts Trick Web Site Visitors into Installing Spyware?

Tuesday, September 30th, 2008

Over the past few years I’ve done a lot of research and reviewed a lot of privacy policies, and it’s really been amazing to see how the wording in many of them are not providing any privacy protections to website visitors or customers at all! In fact, some of them are downright tricking people into agreeing to share their personally identifiable information (PII) having software installed on their computers that they probably really do not want to have…


Phisherthieves Like Banks Best

Wednesday, February 13th, 2008

Here’s a pretty good mainstream news story from CNN to give to your business leaders to raise their awareness and understanding about phishing…


$54 Million Lawsuit Against Best Buy For Losing Laptop

Wednesday, February 13th, 2008

I knew the civil suits for lost laptops would start soon. Thanks so much to my buddy Alec for pointing out this story to me!
Raelyn Campbell took a laptop computer to Best Buy to get fixed, and three months later, after giving Campbell the run-around, Best Buy admitted to her that they lost the computer.


Give a Hoot, Don’t Privacy Pollute!

Tuesday, February 12th, 2008

I just saw a term that can be used really well with non-technical folks, “data pollution.”
I wish I had thought of that term!