Afraid of the Cloud? Ask the Right Questions

February 11, 2010 by ADMIN · 2 Comments

By Greg George, Managing Partner of GTI Advisors

What if your vendor is acquired, are there assurances in your service agreement allowing you to opt out if you choose to – if so, will all your data be deleted? What if you vendor is acquired by a company based in a foreign country? Maybe the acquiring company ceo, also a peoples republic of china communist party official, will assure you your data has been deleted. All in all – right now, using SaaS simply comes down to a judgment call, what is in the best interest of your firms operations: ease of access, work flow and cost benefits vs. associated risks…

Perplexities of Enterprise Privacy Policies

February 8, 2010 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

An important consideration with information security incidents is identifying if personally identifiable information - PII - is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. I’m always interested in hearing the challenges and unique situations they run across as they not only create their plans, but also for how they execute them. Here are three of these situations, often overlooked and not planned for, but experienced by organizations.

Effective Compliance Training Development

January 24, 2010 by ADMIN · Leave a Comment

By Thomas R. Fox, Attorney at Tom Fox Law

Conducting effective training programs is listed in the 2005 Federal Sentencing Guidelines as one of the factors the Department of Justice will take into account when a company, accused of an Federal Corrupt Practices Act violation, is being evaluated for a sentence reduction. But what is an effective training program?

On Privacy and Cloud Computing Challenges

January 20, 2010 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Businesses need to scrutinize the information security and privacy programs and practices of vendors and other business partners, and the cloud computing tools, applications and services should be viewed no differently. If your business is entrusting critical processing and data to another entity, you should first ensure it is trustworthy, secure and will meet your organization’s compliance obligations…

Effective Enterprise Compliance Systems

January 14, 2010 by ADMIN · Leave a Comment

By Thomas R. Fox, Attorney at Tom Fox Law

In his excellent FCPA Blog, Richard Cassin has written about an effective compliance program. He notes that the purpose of an effective compliance program is to prevent and detect criminal conduct. Mr. Cassin based his guidance on the United States Federal Sentencing Guidelines. In the coming weeks, we will review each of these suggested guidelines and provide nuts and bolts recommendations for you to use in crafting your own effective compliance program.

Smart Grid Privacy Standards Proposed

November 30, 2009 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Access to live energy use data can reveal if people are in the dwelling, what they are doing, where they are in the dwelling, and access to data use profiles that can reveal specific times and locations of electricity use in specific areas of the dwelling can also indicate the types of activities within the dwelling over a period of time. The information revealed is a type of surveillance. We need layers of privacy protections throughout the entire smart grid to effectively address privacy concerns and prevent privacy invasions and breaches.

Fifteen More Smart Grid Privacy Concerns

November 15, 2009 by ADMIN · 2 Comments

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Wouldn’t it be a good idea to have privacy certifications for the organizations that are part of the large smart grid and for the smart meters to help ensure they are appropriately addressing privacy and providing households with informed decision-making capabilities for how the information collected from their homes through these devices are used?

Protecting Your Privacy After You Die

October 25, 2009 by ADMIN · 2 Comments

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Do surviving relatives have a right to read their deceased son’s, daughter’s, husband’s or wife’s communications with other people whose lives could then subsequently be completely altered as a result? What would your email service providers do with all your messages? Who should make that decision, and when should that decision be made?

Key Elements of Security and Privacy Policies

October 14, 2009 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

The first major hurdle that must be addressed to ensure information security and privacy policies are implemented and managed properly is that of upper management support. Beyond upper management buy-in, there are six other critical factors that will determine whether or not security policies are effective.

Top Ten Smart Grid Privacy Concerns

September 29, 2009 by ADMIN · Leave a Comment

By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI

Establish energy industry standards that require each utility to perform at least annual PIAs for their area of responsibility on the Smart Grid, in addition to performing PIAs when significant operations changes occur, to show the privacy vulnerabilities and threats for consumer meter and power collection points.