Most folks are looking at what’s coming in 2008. Heck, let’s go a bit further and look at some potentially big changes slated for 2009!
I just read an interesting Business Week story, “Just Ahead: A Wider Wireless World.”
In February, 2009 analog television broadcasting will be terminated.
Posts Tagged ‘privacy policy’
New Wireless = New Vulnerabilities = More Incidents?
Thursday, December 20th, 2007Information Security Survey for Financials
Thursday, December 20th, 2007I just learned about a new survey that’s going on, “The State of Information Security Survey 2008.”
Bankinfosecurity is using it to try to get the best picture of how financial institutions are doing when it comes to information security at their institutions.
Supporting Compliance With ITIL
Tuesday, December 18th, 2007Organizations have faced legal and regulatory requirements for literally decades. However, IT compliance is relatively young.
U.S. healthcare organizations reacted with alarm over the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The U.S. financial organizations soon followed suit with their reaction to the passage of the Gramm Leach Bliley Act (GLBA), also known as the Financial Modernization Act, of 1999. But probably the biggest whammy felt by the largest numbers of organizations was the passage of the Sarbanes Oxley (SOX) Act of 2002.
18 IT Compliance, Info Sec & Privacy Links to Fortune’s 101 Dumbest Business Moments in 2007
Monday, December 17th, 2007Tis the season for lists upon lists upon lists. However, Fortune’s “101 Dumbest Moments in Business” for 2007 caught my eye for being rather unique-sounding. There were *MANY* dumb information security and privacy business moments in 2007; I wondered, did Fortune recognize any of them?
I took the time to flip through them quickly…ah, yes! Quite a fun exercise! And here at least 18 IT compliance, info sec and/or privacy links to the Fortune 101 list:
18 IT Compliance, Info Sec & Privacy Links to Fortune’s 101 Dumbest Business Moments in 2007
Monday, December 17th, 2007Tis the season for lists upon lists upon lists. However, Fortune’s “101 Dumbest Moments in Business” for 2007 caught my eye for being rather unique-sounding. There were *MANY* dumb information security and privacy business moments in 2007; I wondered, did Fortune recognize any of them?
I took the time to flip through them quickly…ah, yes! Quite a fun exercise! And here at least 18 IT compliance, info sec and/or privacy links to the Fortune 101 list:
2 Years Following Major Privacy Breach, Bahamas Puts Up Data Protection Web Site
Sunday, December 16th, 2007A couple of years ago I finally took my family on a vacation to the Bahamas after not going on any type of vacation for several years. Five months later I learned…from my friends and not from the hotel…that a major breach occurred at the hotel; the credit card files for tens of thousands of their customers had been compromised.
I never did get a notification of the breach from the hotel. However, I did confirm through the Bahamas government, and subsequent widely published reports, that the breach did indeed occur.
“Awards” Given For E-Commerce Site Privacy Policies…The Best And The Worst
Friday, December 14th, 2007I ran across some interesting e-commerce site “awards” recently published by CyberStreetSmart.org. They identified the recipients of their “screen door” (the award retailers DON’T want) and “steel door” (retailers want this) awards based upon the privacy protections the sites had in place for customer personally identifiable information (PII).
Avoid Being Sued And Losing Customers: Don’t Go Changing Your Privacy Policy Willy-Nilly!
Friday, August 10th, 2007Many organizations dangerously change their posted privacy policies often, and often without giving notice to their customers. It is important to always keep in mind that your posted privacy policy is a legally binding contract with your customers. You cannot agree to do one thing with your customers’ personally identifiable information (PII) when they start doing business with you and then change that agreement without notifying and allowing your customers to agree to that change.
Privacy Not Only Requires Securing PII, It Also Requires Keeping the Trust of Your Customers
Tuesday, July 10th, 2007Recently I was speaking with a client about a new Internet e-commerce application they were testing, and I asked them to give a demonstration. One of the questions I asked while watching was whether there were any ways in which someone could get information about customers’ orders. After doing some various tests, a screen popped up showing a database of names, item descriptions, and other information related to the orders. The billing information, such as credit card number, was *NOT* within this database, but the names and mailing addresses were; these were used for the indexing links to the database.
