A new data breach research report is out, and it is a good read. This is the annual Experian/Ponemon Institute “Is Your Company Ready for a Big Data Breach?” report. I want to focus on one of the findings in that report; that most organizations are not willing to assist those affected by a breach of their personal information. (more…)
Posts Tagged ‘social network’
Don’t Treat Privacy Breach Victims like a Spurned Lover
Wednesday, May 1st, 2013Tags:audit, awareness, breach, breach notice, breach study, compliance, customer service, data protection, e-mail, electronic mail, email, employees, employment, Experian, facebook, FINRA, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, insider threat, insider trading, IT security, job applicants, messaging, midmarket, monitoring, non-compliance, personal information, personally identifiable information, personnel, PHI, PII, policies, policy management, ponemon, privacy, privacy breach, privacy laws, privacy practice, privacy professor, privacyprof, Rebecca Herold, Red Flags, risk, risk assessment, risk management, security, sensitive personal information, social media, social network, SPI, surveillance, systems security, training, twitter, walk through
Posted in Privacy and Compliance, Privacy Incidents | No Comments »
Good Intentions Often Lead to Bad Privacy Results
Monday, April 29th, 2013Allowing Wall Street privacy law exemption is crazy! Why, you ask? Why, I’m happy to explain. In March, 2012, I wrote “6 Good Reasons NOT To Ask for Facebook Passwords“. Since that time legislation prohibiting employers from requiring access to their employees’ protected areas of their social media accounts has been introduced or is pending in at least 35 states. Three states–Arkansas, New Mexico and (more…)
Tags:audit, awareness, breach, compliance, data protection, e-mail, electronic mail, email, employees, employment, exception management, facebook, FINRA, hiring, HR, human resources, IBM, Information Security, information technology, infosec, insider threat, insider trading, IT security, job applicants, messaging, midmarket, monitoring, non-compliance, personal information, personally identifiable information, personnel, PHI, PII, policies, policy exception, policy management, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, Red Flags, risk, risk assessment, risk management, security, sensitive personal information, social media, social network, SPI, surveillance, systems security, training, twitter, walk through
Posted in Laws & Regulations, privacy | No Comments »
Repost From Social Media to Lose Customers and Friends Fast
Monday, October 22nd, 2012Last week one of my Facebook friends started a “friends only” discussion on his wall. It was a very interesting discussion, and one of his friends took the discussion, pretty much verbatim, and posted within a “public” (as in meant for the world to see) popular blog site. So the information on the Facebook page, where around 250 – 300 people could see the posts were now in a location where the bazillion (possibly a bit fewer) blog readers could see all the posts and the full names of those who made them. This is not the first time a situation like this has occurred. A lot of the information posted on people’s social media pages are really tempting to take and use as examples, or for business activities such as for marketing and promotions. However, doing so could get you into some personal and/or legal hot water. As organizations and individuals consider taking information they find on social media sites, they need to consider the reasons why doing so may not be a good idea after all.
Reason #1: It will (more…)
Tags:awareness, breach, compliance, copyright, Creepshots, customers, data protection, e-mail, electronic mail, email, employees, employment, facebook, Gawker, hiring, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, LinkedIn, messaging, Michael Brutsch, midmarket, non-compliance, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, Reddit, reputation, risk, security, sensitive personal information, social media, social network, SPI, systems security, training, twitter, Violentacrez
Posted in Social Media | 2 Comments »
6 Good Reasons NOT To Ask For Facebook Passwords
Friday, March 23rd, 2012In case you’ve not paid attention to the news in the past week, there has been a barrage of stories (over 1500 turned up in a quick online search) about organizations asking job applicants and employees for their Facebook, Twitter, LinkedIn and other social networking passwords. It’s a hot topic folks! I’ve listed a bunch of them at the end of this post. Compelled password disclosure is a very bad idea for organizations to do for many reasons. Here are six that should be compelling to business management: (more…)
Tags:employee privacy, employment practice, facebook, LinkedIn, midmarket, password, policies, privacy, privacy professor, privacyprof, Rebecca Herold, security, social media, social network, twitter, YouTube
Posted in privacy, Social Media | 3 Comments »
Is Information Found Online Legally Fair Game To Use For Marketing?
Tuesday, January 24th, 2012Social media sites are booming. The amount of personal information folks are choosing to post to them, such as photos, videos, original stories, thoughts, gossip, and so on, is exploding. Marketers are drooling at the prospect of using all that “free” information. Well, it’s really not free, folks. (more…)
Tags:CAN-SPAM, COPPA, facebook, marketing, privacy, privacy professor, privacyprof, Rebecca Herold, social marketing, social media, social network, spam, VPPA
Posted in Marketing | No Comments »
Who Would Want to Be a CISO or CPO for a Social Networking Site?
Friday, October 5th, 2007This morning I spoke with a reporter from billingworld.com about social networking sites, innovation and partnering established businesses with new sites such as this and the risks involved. After the call I continued to think about this and jotted down a few notes…
Tags:awareness and training, billingworld, facebook, Information Security, IT compliance, new york attorney general, orkut, policies and procedures, privacy, protecting information, risk management, security awareness, social network
Posted in Information Security, Privacy and Compliance | No Comments »
Facebook, and Other Social Networking Sites, Will Always be Risky to Use
Friday, August 17th, 2007Just because a social networking site says it is secure, and even if it has “TRUSTe,” “Hacker Safe” or other security and privacy assurance stamps on the site, it does not mean that bad things cannot happen. Take Facebook as a case in point.
Tags:andyitguy, awareness and training, facebook, hacker safe, Information Security, infosecblog, IT compliance, policies and procedures, privacy, risk management, social network, truste
Posted in Information Security, Privacy and Compliance, Privacy Incidents | 2 Comments »
