Posts Tagged ‘privacy’

Thank Goodness For Backup Planning!

Friday, August 24th, 2007

We had some horrendous storms here in Iowa this week. Last night was a doozy! The lightning unrelenting, the winds horrific, and tornado spottings were peppered across the southern half of Iowa.

(more…)

EU Data Protection Audits Active and Anticipated

Thursday, August 23rd, 2007

As a follow-up to my blog posting yesterday, I wanted to point out that the European Union (EU) Data Protection Authorities (DPAs) have been very active in pursuing data protection law compliance.

(more…)

EU Data Protection Directive 95/46/EC: Member Countries

Wednesday, August 22nd, 2007

Multi-national organizations doing business in Europe must know and understand not only their obligations to protect personally identifiable information (PII) under the European Union (EU) Data Protection Directive 95/45/EC, but they must also know and understand the data protection laws within each of the EU member countries.

(more…)

The Pursuit…or Not…of ISO 27001/ISMS/BS7799 Certification

Tuesday, August 21st, 2007

Last week my blog poll was, “Is your organization planning to pursue ISO 27001 certification in 2007 or 2008?”
I asked this after reading an SC Magazine article that I recently blogged about, “Are the U.S. Numbers Planning For ISMS (ISO 27001) Certification Really At 80%?”
As I had indicated, based upon my many discussions with a very wide range of CISOs, I thought this number was way too high.
And now for the results of my *ADMITTEDLY UNSCIENTIFIC WEBPOLL*…drum roll, please; Thhuudddrrrrrrrrrrrrr…

(more…)

Speaking of Social Networking Sites…

Monday, August 20th, 2007

Over the weekend I read yet another news article about social networking sites and the related risks. This time it was about how schools are implementing rules to address cyber bullying on the Internet; “Students To Be Punished For MySpace Postings.”

(more…)

Social Security Number No Match Rule: Employers Will Need to Prove Compliance

Monday, August 20th, 2007

The new U.S. Social Security number (SSN) No Match Rule was published August 15 in the Federal Register. You can also see it here.
This new regulation provides directives for the letters the U.S. Social Security Administration (SSA) issues to employers when the SSA discovers that an SSN does not match the information provided by the employer.

(more…)

Facebook, and Other Social Networking Sites, Will Always be Risky to Use

Friday, August 17th, 2007

Just because a social networking site says it is secure, and even if it has “TRUSTe,” “Hacker Safe” or other security and privacy assurance stamps on the site, it does not mean that bad things cannot happen. Take Facebook as a case in point.

(more…)

ISMS/ISO27001 Certification Poll…Ending Sunday

Friday, August 17th, 2007

If you have not yet clicked a button on my poll regarding ISMS/ISO27001 certification (see right side of page and scroll down a little) please do so! I’m finding it interesting that a large portion (36%) of those who have clicked for the poll so far are not aware of the certification. This perhaps calls to question the folks at BSI who forecast that 80% of U.S. companies will be pursuing certification in the next couple of years.
See my original post for more information about it.

SMB PCI DSS Issues at the State Fair

Thursday, August 16th, 2007

Yesterday I was at the Iowa State Fair literally all day; from 8am to around 8:30pm. Despite the 95 degree extremely humid weather it was such a fun day! The cloudy skies and nice breezes helped a lot. We didn’t get to probably half of the exhibits and activities. And I was *VERY* disappointed I didn’t see any of the at least 4 presidential hopefuls who were on the grounds; the place is so big I guess we were always in the wrong place at the right time.

(more…)

U.S. Dept. of Homeland Security Makes 14 Privacy Impact Assessments Available

Wednesday, August 15th, 2007

I am a huge proponent of privacy impact assessments (PIAs); basically risk assessments for privacy. PIAs can reveal gaps in privacy practices, along with the information security practices used to protect privacy. They are important and effective exercises for all organizations that handle personally identifiable information (PII).

(more…)