The recent Consumer Electronics Show (CES) in Las Vegas was overflowing with new types of gadgets and devices that will become part of the Internet of Things (IoT). A business friend of mine attended the show and when he filled me in on all that he saw, he expressed amazement at what he estimated to be hundreds of wearable gadgets that he found there; they literally “dominated” the show. I had asked him prior to his attendance if he could check with some of the vendors on an important privacy topic while he was there, and so he had a lot to tell me about what he found, as well as what the vendors he spoke with wouldn’t tell him, that are directly related to privacy. (more…)
Posts Tagged ‘privacy’
Data Collection Must be Limited for Internet of Things Privacy
Friday, January 30th, 2015TV Ratings Should Not Trump Patient Privacy
Saturday, January 3rd, 2015Yesterday I read a news story about how a woman, Mrs. Anita Chanko, saw an episode of the Dr. Oz show “NY Med” that included video of her husband, who had died 16 months earlier, in the hospital receiving care after being hit by a truck while crossing the street. She did not know that such a video even existed.
The picture was blurred, but the woman knew it was her recently deceased husband because she recognized his voice when he spoke, the conversation topic, the hospital where the care was occurring, along with other visual indicators. She heard her husband ask about his wife; her. She then watched his last moments of life, and then his death on television. (more…)
Addressing Mobile Risks in 2015
Wednesday, December 24th, 2014Last week fellow IBM Midsize blogger Jason Hannula wrote about Gartner’s prediction that by 2018 more than 50% of all folks will use their mobile computing devices in the workplace before, or instead of, using a desktop or laptop. That’s just three short years away. We already have an abundance of mobile devices being used in a wide range of industries. (more…)
Improve Information Security and Privacy Now!
Monday, December 22nd, 2014Too many businesses have poor information security controls in place (e.g,. demonstrably Sony, Staples, and a seemingly infinite number of other companies) and are basically giving their intellectual property, and the personal information they are responsible for, away.
A recent Sailpoint survey reveals that: (more…)
5 Effective Ways to Raise Privacy Awareness
Thursday, December 18th, 2014Have you made plans for Data Privacy Day (DPD) yet? What, you’ve never heard of DPD? You can see more about it here. Or, have you heard about DPD, but you’ve not yet had time to plan for it? Well, I love doing information security and privacy awareness activities and events! I’ve been doing them for 2 ½ decades, and have written about them often, and included a listing of 250 awareness activities in my Managing an Information Security and Privacy Awareness and Training Program book.
Here are five of the ways that I’ve found to be very effective for raising privacy awareness throughout the years. (more…)
This is Protected Health Information
Thursday, December 18th, 2014Once or twice a week I get a question from an organization that is considered to be a healthcare covered entity (CE) or business associate (BA) under HIPAA (a U.S. regulation) asking about the types of information that is considered to be protected health information (PHI). Last week a medical devices manufacturer, that is also a BA, asked about this. I think it is a good time to post about this topic again.
If information can be (more…)
The 3 Necessary Elements for Effective Information Security Management
Thursday, December 11th, 2014Seeing all these really bad information security incidents and privacy breaches, often daily, are so disappointing. Let’s consider these four in particular.
- The Sony hack that seems to continue to get worse as more details are reported.
- An ER nurse using the credit cards of patients.
- Breaches of Midwest Women’s Healthcare patient records due to poor disposal practices at the Research Hospital.
- TD Bank’s outsourced vendor losing two backup tapes containing data about 260,000 of their customers.
And the list could continue for pages.
These incidents, and most others, probably could have been prevented if an effective information security and privacy management program existed that was built around three primary core elements: (more…)
Every Organization with Personal Information Needs to Do a Privacy Impact Assessment
Thursday, December 11th, 2014Today I had a great meeting with Sarah Cortes, with whom I am doing a session at the North America CACS ISACA conference in March. (I see I need to ask them to add Sarah’s name!)
I’m also going to teach a 2-day workshop (~4 hours each day), “Conducting A Privacy Impact Assessment” on March 18 & 19.
Every organization that handles personal information (PI) of any kind or form needs to know how to do a privacy impact assessment (PIA). And if you have PI from any type of individual, be it a customer, patient, employee, contractor, job applicant, etc., you need to make sure you are protecting, using and sharing the PI appropriately. A PIA will reveal where you are at risk with meeting your privacy obligations. Attend my PIA class in March and I will be happy to help you know how, or improve upon how you perform PIAs!
Can’t go to the conference for some reason? I can still help you! I have a PIA Toolkit you can use.
Any questions? Let me know!
“Privacy Information” Depends upon Context
Wednesday, December 10th, 2014This year Admiral Mike Rogers, the current Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service, gave the luncheon keynote address at the U.S. Chamber of Commerce’s Third Annual Cybersecurity Summit, “Sharing Cyber Threat Information to Protect Business and America.” You can find it at: (more…)
Privacy Awareness: Moving from “I have nothing to hide” to “Oh dear!”
Wednesday, December 10th, 2014The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.
When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would (more…)