Posts Tagged ‘social media’

It is Time to Set Social Media Rules

Sunday, June 28th, 2015

Over the past couple of weeks, I have spent a lot of time speaking with one of my clients about social media and posts from employees and contractors that may have a negative impact on the business. And the client is right to be concerned.

Most businesses are now using social media sites to communicate with their customers, potential customers, patients, employees, and everyone in between. However, such communications can often go awry at best, and result in privacy and security violations at worst. Here are just a few examples of what can go wrong. (more…)

Every Business Must Be Prepared for the Unimaginable

Tuesday, September 30th, 2014

Were you surprised to hear about the worker at the Chicago O’Hare airport last Friday? Certainly I was. Who would have ever thought someone working in the control center would light the hardware on fire, and then try to commit suicide? Unimaginable, right? However, what I was more surprised about was that there was no roll-over contingency operations center in place in the event something catastrophe took out the O’Hare operations center. After all, Chicago is in an area with a wide range of weather events, from blizzards and ice to severe storms and tornadoes, and everything in between. Not to mention that all airports are considered to be a target of a wide number of terrorist groups.

Just two days prior to the incident (more…)

If Compliance Isn’t Documented It Didn’t Happen

Monday, September 22nd, 2014

Most of the 250+ organizations I’ve audited, and the hundreds of others I’ve had as clients, hate documentation. At least creating documentation. So, they don’t do it, or they do it very poorly. Or, they document things they don’t need to, and fail to document the important things. And then, considering all that documentation, they often don’t retain it long enough, or forget where they put it.

Last year I wrote an article about legal retention length requirements. Now I’m focusing on the types of compliance activities organizations need to document, and then the need to retain that documentation for the appropriate periods of time. (more…)

Address Privacy During Social Media Marketing

Friday, August 29th, 2014

Over the past few months I’ve been creating some social media marketing privacy guidelines and requirements for a couple of my large clients. Today I read a post from a fellow IBM Midsize Insider contributor, Jason Hannula, “Social Media: Enterprise Content or Customer Relationship Information?” It stated that “93% of marketers are using social media for business.” A large number of these are from small and midsize organizations. It is important for these organizations to not only keep Jason’s suggestions in mind, and follow the business’s data governance requirements, but also to make sure privacy is also appropriately addressed. Many, perhaps most, small to midsize businesses do not yet have social media privacy requirements in place. (more…)

I Don’t Need No Stinkin’ BA Agreement…or Do I?

Friday, May 31st, 2013

Last week one of my Compliance Helper clients that is a health insurance company asked me the following question (slightly modified to protect their identity):

For the past two years, we have tried to get business associate (BA) Agreements from some of our BAs. They will not (more…)

Don’t Treat Privacy Breach Victims like a Spurned Lover

Wednesday, May 1st, 2013

A new data breach research report is out, and it is a good read.  This is the annual Experian/Ponemon Institute “Is Your Company Ready for a Big Data Breach?” report.  I want to focus on one of the findings in that report; that most organizations are not willing to assist those affected by a breach of their personal information. (more…)

Good Intentions Often Lead to Bad Privacy Results

Monday, April 29th, 2013

Allowing Wall Street privacy law exemption is crazy! Why, you ask? Why, I’m happy to explain. In March, 2012, I wrote “6 Good Reasons NOT To Ask for Facebook Passwords“.  Since that time legislation prohibiting employers from requiring access to their employees’ protected areas of their social media accounts has been introduced or is pending in at least 35 states. Three states–Arkansas, New Mexico and (more…)

Work Area Reviews are Necessary for Effective Risk Management

Monday, December 17th, 2012

There have been a lot online posts and talk lately about risk management and the “proper” or “acceptable” way to do risk assessments. It seems that the overwhelming talk, though, is only about the right and wrong way to do a risk assessment whenever considering a risk management program. Certainly, using the best risk assessment method to fit your business environment is very important; one size, and one method, does not fit all! However, there are so many more activities necessary within a risk management program than just occasionally doing a risk assessment.  Regulatory agencies are (more…)

Are You Faking It?

Thursday, November 29th, 2012

Are you faking it online? Or faking it at work?  While faking it certainly has its benefits in both places, I want to touch upon a couple of concerns I have with using fake identities. (more…)

Repost From Social Media to Lose Customers and Friends Fast

Monday, October 22nd, 2012

Last week one of my Facebook friends started a “friends only” discussion on his wall. It was a very interesting discussion, and one of his friends took the discussion, pretty much verbatim, and posted within a “public” (as in meant for the world to see) popular blog site. So the information on the Facebook page, where around 250 – 300 people could see the posts were now in a location where the bazillion (possibly a bit fewer) blog readers could see all the posts and the full names of those who made them. This is not the first time a situation like this has occurred.  A lot of the information posted on people’s social media pages are really tempting to take and use as examples, or for business activities such as for marketing and promotions. However, doing so could get you into some personal and/or legal hot water.  As organizations and individuals consider taking information they find on social media sites, they need to consider the reasons why doing so may not be a good idea after all.

Reason #1: It will (more…)