To date we have at least 37 U.S. states that have enacted breach notice laws, (Maryland’s new breach notice law was signed May 17th), but these address how to react AFTER personally identifiable information (PII) has been compromised. Multiple federal-level bills proposed but none yet passed.
Posts Tagged ‘privacy’
More Reason to Strengthen Information Security: New MN Law Restricts How Long Merchants Can Retain Purchase Information
Monday, May 28th, 2007SEC Approved Multiple Compliance Guidance and Rules Documents For SOX, SMBs and Credit Rating Agencies
Thursday, May 24th, 2007Yesterday the U.S. Securities and Exchange Commission (SEC) approved new guidance documents for SOX Section 404 compliance, modernization of smaller company capital — raising and disclosure requirements, and voted to adopt final rules to implement the Credit Rating Agency Reform Act of 2006.
Insider Threat Example: Ex-Coca-Cola Employees Sentenced to Prison For Trying To Sell Trade Secrets To Pepsi
Thursday, May 24th, 2007An article broke yesterday that closely mirrors one of the discussion topics within the Human Factors seminar that I teach for the Norwich University MSIA program.
Inefficient Compliance Activities Costs $$: Survey Says SOX Compliance Costs Were Down In 2006, But They Should Have Been Down More
Wednesday, May 23rd, 2007On May 16 Financial Executives International (FEI) announced the results of their sixth Sarbanes-Oxley (SOX) compliance survey, based upon a poll of 200 companies subject to SOX. They’ll charge you $99 for the report if you aren’t an FEI member.
However, they give you some teasers on their site:
Many New U.S. State and Federal Privacy Bills Introduced, and Some New State Data Protection Laws Signed
Monday, May 21st, 2007Boy oh boy, do we ever need a comprehensive federal data protection law in the U.S.! Each week more and more state level laws are introduced, many of them passed, all dealing with different aspects of data protection, and all impacting and complicating an information security and privacy professional’s responsibilities.
This past week was a busy one with a flurry of new and updated bills related to protecting privacy introduced, and a few new state laws.
The Need to Build Security In: Poor Implementation of Indianapolis Public Schools Website Allows Viewing of PII For 7000+ Students and Teachers
Friday, May 18th, 2007Today Monsters and Critics reported, “Indianapolis Public Schools exposes thousands to risk of identity theft.”
Apparently the Indianapolis Public Schools (IPS) website “that allows teachers to post reviews, student-writing samples, grades, and other confidential material to the IPS network” was implemented and configured without much attention to security.
Does Using “Certified” Software Products Improve Compliance?
Thursday, May 17th, 2007It seems the term “certified” is being used more and more…for professionals, hardware, software, you name it.
You see software vendors touting that their products have been certified and that they will help companies meet “compliance,” but I have found very little research into what this really means, or if it means anything at all.
Know What You’re Buying…for Computer Service Contracts as Well as Security and Privacy Products
Wednesday, May 16th, 2007This morning I was watching Good Morning America (GMA) with my sons before they left for school. Noah said, “Hey, they’re talking about my computer!”
Information Security and Privacy Professionals Must Partner on Over 15…no wait…Over 20 Different Enterprise Issues
Wednesday, May 16th, 2007Not too long ago I blogged about the need for information security and privacy professionals to work together to address safeguarding sensitive and personally identifiable information (PII). Within it I talked about how a workshop Chris Grillo and I created and give, “Handling Complex and Difficult Privacy and Information Security Issues,” discusses over 15 common issues that these professionals need to partner on.
Great New Site for Data Loss Statistics
Tuesday, May 15th, 2007There is a great new site, etiolated.org, that takes the privacy breach data accumulated by attrition.org and parses it into some very interesting statistics, trends charts, provides areas for commentary, and lots of other interesting and useful information.
