Perplexities of Enterprise Privacy Policies

February 8, 2010 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

An important consideration with information security incidents is identifying if personally identifiable information - PII - is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. I’m always interested in hearing the challenges and unique situations they run across as they not only create their plans, but also for how they execute them. Here are three of these situations, often overlooked and not planned for, but experienced by organizations.

On Privacy and Cloud Computing Challenges

January 20, 2010 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Businesses need to scrutinize the information security and privacy programs and practices of vendors and other business partners, and the cloud computing tools, applications and services should be viewed no differently. If your business is entrusting critical processing and data to another entity, you should first ensure it is trustworthy, secure and will meet your organization’s compliance obligations…

Smart Grid Privacy Standards Proposed

November 30, 2009 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Access to live energy use data can reveal if people are in the dwelling, what they are doing, where they are in the dwelling, and access to data use profiles that can reveal specific times and locations of electricity use in specific areas of the dwelling can also indicate the types of activities within the dwelling over a period of time. The information revealed is a type of surveillance. We need layers of privacy protections throughout the entire smart grid to effectively address privacy concerns and prevent privacy invasions and breaches.

Fifteen More Smart Grid Privacy Concerns

November 15, 2009 by ADMIN · 2 Comments

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Wouldn’t it be a good idea to have privacy certifications for the organizations that are part of the large smart grid and for the smart meters to help ensure they are appropriately addressing privacy and providing households with informed decision-making capabilities for how the information collected from their homes through these devices are used?

HIPAA and Video Surveillance of Surgery

November 9, 2009 by ADMIN · 1 Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

A Rhode Island Hospital was fined $150,000 after a surgeon operated on the wrong finger of a patient, and now the hospital must install video cameras in all of its operating rooms. Of course video surveillance will not PREVENT such incidents from happening, but knowing such recordings are being made will likely make surgeons much more careful…

Protecting Your Privacy After You Die

October 25, 2009 by ADMIN · 2 Comments

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Do surviving relatives have a right to read their deceased son’s, daughter’s, husband’s or wife’s communications with other people whose lives could then subsequently be completely altered as a result? What would your email service providers do with all your messages? Who should make that decision, and when should that decision be made?

Key Elements of Security and Privacy Policies

October 14, 2009 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

The first major hurdle that must be addressed to ensure information security and privacy policies are implemented and managed properly is that of upper management support. Beyond upper management buy-in, there are six other critical factors that will determine whether or not security policies are effective.

Top Ten Smart Grid Privacy Concerns

September 29, 2009 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Establish energy industry standards that require each utility to perform at least annual PIAs for their area of responsibility on the Smart Grid, in addition to performing PIAs when significant operations changes occur, to show the privacy vulnerabilities and threats for consumer meter and power collection points.

Protecting Your Privacy During a Pandemic

September 16, 2009 by ADMIN · 1 Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Companies are requiring huge amounts of personal information for quarantine events, and not only about workers, but also family members and non-family individuals who share the same living quarters. What kind of information is your company requiring for quarantines?

Photo of Operating Room a HIPAA Violation?

September 8, 2009 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

It is possible that, if such policies exist and were created specifically for HIPAA compliance, your organization is viewing this policy noncompliance as being a HIPAA infraction because of the HIPAA requirements to have security/privacy policies and enforce them.

Next Page »