In addition to some great followup questions I got from Andy in response to my blog posting yesterday, “FTC Now Requires Organizations to Have an Identity Theft Prevention Program” I have also received some interesting questions from others about the new Identity Theft Prevention Program Rule, along with having the opportunity to have some interesting discussions with several folks today, such as Linda McGlasson at bankinfosecurity.com.
Posts Tagged ‘security training’
Definitions For the Identity Theft Prevention Program Rule Under FACTA & Questions For Your Organization
Friday, November 2nd, 2007FTC Now Requires Organizations to Have an Identity Theft Prevention Program
Thursday, November 1st, 2007Did you know that if you are a U.S. financial organization, *AND/OR* if you have information about your U.S. customers with which identity theft could occur, you are now legally required to have a documented Identity Theft Prevention Program to help prevent identity theft in connection with new and existing accounts?
Will A “Do Not Track” List Materialize?
Wednesday, October 31st, 2007Today it was widely reported that several privacy groups were banding together to demand the creation of a “Do Not Track” list, similar to the FTC’s “Do Not Call” list.
Email Security and Privacy: NY Hospital Retention Ruling Points Out Importance of Policies and Awareness
Wednesday, October 31st, 2007On October 17, 2007, there was a very interesting ruling regarding a doctor’s email communications sent to an attorney and the associated attorney privilege. In the matter of Scott v Beth Israel Med. Ctr. Inc. the New York Supreme Court found that the doctor’s email messages to his attorneys using the hospital network were not privileged and could be retained by the hospital even though the doctor wanted the hospital to stop retaining his messages and delete all emails related to his communications with his lawyers.
40 State Level Breach Notice Laws…And Counting
Monday, October 29th, 2007Did you know that there are now 40 state level breach notice laws in the U.S., including the District of Columbia?
Many different websites provide information about the state breach notice laws, but most of them do not list all the current breach notice laws, or they provide information in a way that is not easy to quickly find specifically what I’m looking for.
5-Point Checklist for Info Sec and Privacy Pros to Use for Data Protection and Privacy Law Compliance
Sunday, October 28th, 2007One of the basic privacy principles is to limit the collection of personally identifiable information (PII) to only that which is necessary for the business purpose for which it is being collected. These privacy principles, built largely around the OECD privacy principles, are the basis for most data protection and privacy laws throughout the world.
Training Info Sec and Privacy For Incident Response; Many Issues Overlap
Tuesday, October 23rd, 2007It has been great talking in-depth about privacy issues over the past two days here at the IAPP Privacy Academy.
We had a great turnout for the pre-conference seminar; the room was filled to the 60-person capacity. It was good to hear the concerns and common practices of the diverse organizations for how they are providing privacy training and awareness.
Helping Privacy Pros Deliver Effective Privacy Training and Awareness
Monday, October 22nd, 2007Today I am co-delivering training with 4 other privacy education pros at the IAPP Privacy Academy pre-conference seminar, “Training 360¬∞: How to Educate the Enterprise.”
Best privacy advisers in 2007
Saturday, October 20th, 2007On Thursday, 10/18, Computerworld released their list of “The best privacy advisers in 2007”
How To Answer Four Questions Executives Have About Data Leakage
Friday, October 19th, 2007Last week I had the opportunity to discuss what executives need to know about preventing data leakage with Richard Swart at bankinfosecurity.com for a podcast that was posted earlier this week.
