Posts Tagged ‘privacy’
Sunday, January 13th, 2008
Here’s a case I blogged about amost exactly a year ago, but it is worth revisiting since the sentencing for the crime was just handed down and it was significant. If you haven’t already, put this in your file of actual examples to incorporate into your information security and privacy awareness and training activities and content.
On January 8 a federal court in Newark, New Jersey, sentenced Yung-Hsun “Andy” Lin, a former systems administrator for Medco Health Solutions Inc., to 30 months in prison for transmitting computer code intended to wipe out data stored on Medco’s network; composed of more than 70 servers.
(more…)
Tags:Andy Lin, awareness and training, computer crime, cybercrime, Information Security, insider threat, IT compliance, logic bomb, Medco, personal privacy, personally identifiable information, PII, policies and procedures, privacy, risk management, security awareness, security training
Posted in Information Security | No Comments »
Friday, January 11th, 2008
I just read this and found the implication that folks over 50 years of age are not terrorist threats rather odd.
Today the U.S. Department of Homeland Security released some new rules related to READ ID.
(more…)
Tags:awareness and training, DHS, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, REAL ID, risk management, security awareness, terrorist
Posted in government | 1 Comment »
Friday, January 11th, 2008
I’ve blogged several times, such as here, here and here, about how information posted to the Internet, such as on Facebook and other social networking sites, cannot be considered as being private or secure, have been used to make hiring and firing decisions, and how it has impacted lives in other ways.
Well, now information posted to social networking sites are being used by schools.
(more…)
Tags:awareness and training, Eden Prairie, facebook, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, protecting information, risk management, security awareness, security training, social networking
Posted in Privacy and Compliance | No Comments »
Tuesday, January 8th, 2008
Tags:awareness and training, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, risk management, security awareness, security training, Shirk
Posted in Privacy Incidents | No Comments »
Monday, January 7th, 2008
I’m still catching up on December news…and I ran across a significant e-discovery ruling. The U.S. District Court for the Central District of California ruled December 13, 2007, that Justin Bunnell/www.TorrentSpy.com was guilty of “willful spoliation of evidence” violating the E-Discovery Rule in the suit Columbia Pictures, Inc. brought against them for copyright infringement.
Reading through the court records, it is really amazing how blatantly the defendent violated what seemed to be almost every e-discovery rule possible in this situation. They…
(more…)
Tags:awareness and training, Bunnell, Columbia Pictures, data retention, democrats, e-discovery, electronic discovery, Information Security, Iowa caucus, IT compliance, policies and procedures, privacy, regulatory compliance, republicans, risk management, security awareness, security training, Torrentspy
Posted in Non-compliance Sanctions Examples | No Comments »
Sunday, January 6th, 2008
While doing some encryption research I ran across this Vermont ruling made on November 29, 2007.
It provides some good lessons about computer forensics and investigation and password management.
(more…)
Tags:5th Amendment, awareness and training, Boucher, computer forensics, democrats, encryption, Information Security, Iowa caucus, IT compliance, Niedermeier, password security, PGP, policies and procedures, privacy, republicans, risk management, security awareness, security training, Vermont
Posted in Laws & Regulations, Privacy and Compliance | 2 Comments »
Friday, January 4th, 2008
Well, after over a year of fervent campaigning by many presidential hopefuls, the Iowa caucuses are over! As I mentioned a couple of days ago I have never declared a party before, but this year I wanted to be part of the caucus experience. I wanted to participate and see first-hand what it was like and not just have some political pundits from the east or west coasts giving their inaccurate opinions of what really goes on.
(more…)
Tags:awareness and training, Barack Obama, Bill Richardson, democrats, Hillary Clinton, Information Security, Iowa caucus, IT compliance, John Edwards, policies and procedures, privacy, republicans, risk management, security awareness, security training, wired, YouTube
Posted in Miscellaneous | 1 Comment »
Thursday, January 3rd, 2008
I recently blogged about “6 “Scary Stuff” Privacy Terms IT, Info Sec and Privacy Folks Should Know.”
I was very pleasantly surprised to hear from Dr. Michael G. Michael and his wife Dr. Katina Michael a couple of days ago about the post! (Thank you Michael and Katina!) They provided some additional very interesting information about the term “√úberveillance.” With their permission, here is a large portion of the message they sent to me:
(more…)
Tags:ambient technology, awareness and training, Dr. Katina Michael, Dr. Michael G. Michael, employee privacy, employee tracking, GPS tracking, Information Security, IT compliance, policies and procedures, privacy, privacy law, RFID, risk management, security awareness, security training, social security number, SSN, uberveillance
Posted in Privacy and Compliance | No Comments »
Wednesday, January 2nd, 2008
I am happy to live in Iowa. I’ve enjoyed getting to see the presidential hopefuls in the state for the past 1+ years. I always vote during presidential elections, but I’ve never yet declared a party; I really don’t want to be listed in who knows how many places under such a label. However, this year I would really like to participate in the Iowa caucus.
(more…)
Tags:awareness and training, CNN, democrats, Howard Dean, Information Security, Iowa caucus, IT compliance, policies and procedures, privacy, republicans, risk management, security awareness, security training, YouTube
Posted in government | No Comments »
Thursday, December 27th, 2007
On December 10 the U.S. Federal Trade Commission (FTC) announced that the FTC commissioners voted unanimously to have principles to govern online behavioral advertising. At the same time they released their proposed principles to guide the development of self-regulation in this area.
(more…)
Tags:awareness and training, behavioral advertising, cookies, FTC, FTC Act, Information Security, IT compliance, policies and procedures, privacy, privacy policy, privacy principles, risk management, security awareness, security training, web bugs
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
