A portrait of Rebecca Herold

Rebecca Herold & Associates, LLC

Your trusted source for effective information security,
privacy and compliance tools, education and consulting.
The Privacy Professor

Articles on Privacy and Security Laws and Regulations

Effective Practices for HIPAA and HITECH Compliance Measurements

In this article Mahmood Sher-Jan and I discuss how to employ effective metrics to comply with health care regulations.

Collaboration: The Key To The Privacy and Security Balancing Act

This paper, published by Oxford University Press, discusses the need for privacy and security programs to collaborate.

Business Associate Security And Privacy Programs: HIPAA and HITECH

After performing many BA security and privacy program reviews, I identified 10 common indicators of serious problems with BA information security and privacy programs. Does your company have any of these problems?

U.S. Breach Notice Laws

This document contains a list of U.S. breach notification laws and the date in which they go into effect.
The list was updated on April 15, 2010

Keeping Up With The Breach Notice Laws

There are four common misconceptions about breach notice laws. Do you know what they are?

HIPAA Felony Convictions and Upcoming Trends

See the trends of non-compliance to HIPAA, especially in a weak economy.

You Will Be Judged By The Company You Keep

To help you justify business partner reviews, this article cites specific laws and contractual requirements that mandate such reviews.

USA Patriot Act

This article discusses the ramifications of the USA Patriot Act and advice on determining the affects on your organization.

Does COPPA Apply to Your Business?

This article discusses the act and highlights some of the act's requirements. For example, did you consider that children should be able to understand the required Privacy Notice?

Does CA Law SB 168 Apply to Your Business?

This article gives advice on complying with the California state law that helps reduce identity theft. Remember, the law could affect an organization that has a customer in that state.

Records Retention and Security Regulations... Think about It!

This article covers record retention that is required by many regulations.

It's Not The Size That Counts

This article discusses concerns and myths of security and privacy regulatory compliance of small and medium sized business. Links to tools to help these businesses protect their information resources are provided.

E-Discovery Quagmires

Is your organization prepared for e-discovery? Odds are it is not. Read an introduction to e-Discovery requirements and how to comply with the rules.