This past week one of my marketing friends made a statement I’ve heard far too many sales and marketing folks say over the years.
“The IT Security folks don’t have decision-making authority, and they aren’t concerned with anything beyond their network. I try not to spend too much time on them.”
It reminded me of when I was responsible for information security and privacy at a multi-national financial and healthcare organization throughout the 1990’s. I had (more…)
Tags:awareness, breach, compliance, data protection, IBM, Information Security, information technology, infosec, IT security, marketing, midmarket, monitoring, non-compliance, PHI, PII, policies, privacy, privacy laws, privacy practice, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, sales, security, social network, surveillance, systems security, training
Posted in Information Security | No Comments »
Someone recently commented that I write a lot of blog posts based on my work and what my clients, students and others I meet at conferences and training classes have said or done. Well, that’s because such interactions often create some very good teaching moments that many others could benefit from! And so, yes, now I have another such experience to share. One of my new Compliance Helper clients recently told me, “I still don’t know what I need to do for HIPAA/HITECH compliance that is not covered under the compliance activities of my business clients. How can I do anything more beyond what they are already doing?” (more…)
Tags:awareness, BA, breach, business associate, CE, compliance, covered entity, data protection, HIPAA, HITECH, IBM, Information Security, information technology, infosec, IT security, midmarket, monitoring, non-compliance, personal information, personal information identifier, personal information item, personally identifiable information, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy practice, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, sensitive personal information, social network, SPI, surveillance, systems security, training
Posted in BA, BA and Vendor Management, CE, HIPAA, HITECH | 1 Comment »
I’ve been getting the following question and comment increasingly more often in the past several months:
1) “If someone’s name (more…)
Tags:awareness, breach, compliance, data protection, Information Security, information technology, infosec, IT security, midmarket, monitoring, non-compliance, personal information, personal information identifier, personal information item, personally identifiable information, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy practice, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, sensitive personal information, social network, SPI, surveillance, systems security, training
Posted in HIPAA, privacy, Privacy and Compliance | 1 Comment »
“We Can’t Afford Security and Privacy!”
Recently I was speaking to a healthcare executive (a hospital Chief Financial Officer) at a conference where I had talked in one of the sessions about the needs for information security and privacy not only for compliance reasons, but also to mitigate risks to the business. He seemed a bit short with me when he approached.
Him: “I wish (more…)
Tags:audit, awareness, BAs, breach, budget, business associates, CEs, compliance, covered entities, customer service, data protection, employees, employment, exception management, HHS, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, midmarket, monitoring, non-compliance, OCR, Omnibus Rule, personal information, personally identifiable information, personnel, PHI, PII, policies, policy exception, policy management, privacy, privacy breach, privacy laws, privacy practice, privacy professor, privacyprof, Rebecca Herold, risk, risk assessment, risk management, security, sensitive personal information, social network, SPI, subcontractors, surveillance, systems security, third parties, training, vendor management, vendors, walk through
Posted in HIPAA, Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Last week one of my Compliance Helper clients that is a health insurance company asked me the following question (slightly modified to protect their identity):
For the past two years, we have tried to get business associate (BA) Agreements from some of our BAs. They will not (more…)
Tags:audit, awareness, BA, BA Agreement, BA contract, breach, business associate, compliance, customer service, data protection, e-mail, electronic mail, email, employees, employment, exception management, facebook, FINRA, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, insider threat, insider trading, IT security, job applicants, messaging, midmarket, monitoring, non-compliance, personal information, personally identifiable information, personnel, PHI, PII, policies, policy exception, policy management, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, Red Flags, risk, risk assessment, risk management, security, sensitive personal information, social media, social network, SPI, surveillance, systems security, training, twitter, walk through
Posted in BA, BA and Vendor Management | No Comments »
I’m getting a lot of déjà vu vibes lately with the old-ish Bruce Willis movie with the catch phrase “I see dead people.” (Remember that?) Only my twist on this phrase for the past few years is, “I see business associates.” A big problem is that (more…)
Tags:audit, awareness, BAs, breach, business associates, CEs, compliance, covered entities, customer service, data protection, employees, employment, exception management, HHS, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, midmarket, monitoring, non-compliance, OCR, Omnibus Rule, personal information, personally identifiable information, personnel, PHI, PII, policies, policy exception, policy management, privacy, privacy breach, privacy laws, privacy practice, privacy professor, privacyprof, Rebecca Herold, risk, risk assessment, risk management, security, sensitive personal information, social network, SPI, subcontractors, surveillance, systems security, third parties, training, vendor management, vendors, walk through
Posted in BA, BA and Vendor Management, HIPAA | No Comments »
A new data breach research report is out, and it is a good read. This is the annual Experian/Ponemon Institute “Is Your Company Ready for a Big Data Breach?” report. I want to focus on one of the findings in that report; that most organizations are not willing to assist those affected by a breach of their personal information. (more…)
Tags:audit, awareness, breach, breach notice, breach study, compliance, customer service, data protection, e-mail, electronic mail, email, employees, employment, Experian, facebook, FINRA, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, insider threat, insider trading, IT security, job applicants, messaging, midmarket, monitoring, non-compliance, personal information, personally identifiable information, personnel, PHI, PII, policies, policy management, ponemon, privacy, privacy breach, privacy laws, privacy practice, privacy professor, privacyprof, Rebecca Herold, Red Flags, risk, risk assessment, risk management, security, sensitive personal information, social media, social network, SPI, surveillance, systems security, training, twitter, walk through
Posted in Privacy and Compliance, Privacy Incidents | No Comments »
Allowing Wall Street privacy law exemption is crazy! Why, you ask? Why, I’m happy to explain. In March, 2012, I wrote “6 Good Reasons NOT To Ask for Facebook Passwords“. Since that time legislation prohibiting employers from requiring access to their employees’ protected areas of their social media accounts has been introduced or is pending in at least 35 states. Three states–Arkansas, New Mexico and (more…)
Tags:audit, awareness, breach, compliance, data protection, e-mail, electronic mail, email, employees, employment, exception management, facebook, FINRA, hiring, HR, human resources, IBM, Information Security, information technology, infosec, insider threat, insider trading, IT security, job applicants, messaging, midmarket, monitoring, non-compliance, personal information, personally identifiable information, personnel, PHI, PII, policies, policy exception, policy management, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, Red Flags, risk, risk assessment, risk management, security, sensitive personal information, social media, social network, SPI, surveillance, systems security, training, twitter, walk through
Posted in Laws & Regulations, privacy | No Comments »
We had a very interesting discussion on Twitter this morning about the practice of automatically photographing license plates to use for parking, tickets, etc…
Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy training, risk management, security awareness, security training, surveillance, twitter
Posted in Privacy and Compliance | No Comments »
Do any of you really think that there is a single place on earth that cannot be looked down upon from satellites too high in the sky to see with the naked eye? Google continues their march to know all and see all…
Tags:awareness and training, google, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training, surveillance
Posted in Miscellaneous, Privacy and Compliance | No Comments »
Subscribe to this site's RSS feed. However over icon to see which services are supported.
is proudly powered by WordPress
Entries (RSS) and Comments (RSS).