Outsourcing Breach Response Lowers Costs
By Doug Pollack, Chief Marketing Officer for ID Experts
The Ponemon Institute last month released their 5th annual 2009 Annual Study: Cost of Data Breach. This year, the report explored several new areas and came up with some interesting and in some cases surprising conclusions…
Afraid of the Cloud? Ask the Right Questions
By Greg George, Managing Partner of GTI Advisors
What if your vendor is acquired, are there assurances in your service agreement allowing you to opt out if you choose to – if so, will all your data be deleted? What if you vendor is acquired by a company based in a foreign country? Maybe the acquiring company ceo, also a peoples republic of china communist party official, will assure you your data has been deleted. All in all – right now, using SaaS simply comes down to a judgment call, what is in the best interest of your firms operations: ease of access, work flow and cost benefits vs. associated risks…
Perplexities of Enterprise Privacy Policies
By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI
An important consideration with information security incidents is identifying if personally identifiable information - PII - is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. I’m always interested in hearing the challenges and unique situations they run across as they not only create their plans, but also for how they execute them. Here are three of these situations, often overlooked and not planned for, but experienced by organizations.
On Privacy and Cloud Computing Challenges
By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI
Businesses need to scrutinize the information security and privacy programs and practices of vendors and other business partners, and the cloud computing tools, applications and services should be viewed no differently. If your business is entrusting critical processing and data to another entity, you should first ensure it is trustworthy, secure and will meet your organization’s compliance obligations…
On Managing Your Own Health Records
By Doug Pollack, Chief Marketing Officer for ID Experts
Microsoft HealthVault is designed to let us collect, store, and share health information critical to our family’s well-being and Google Health allows us to organize our health information all in one place, gather our medical records from doctors, hospitals, and pharmacies, and share our information securely with a family member, doctors or caregiver. For now, I probably won’t start trusting my medical history to either Microsoft or Google…
Healthcare Data Breaches Slow To Surface
By Doug Pollack, Chief Marketing Officer for ID Experts
The 2009 ITRC Breach Report had captured numerous healthcare data breaches since the September 23rd effective date for the HITECH Act. So, I’m perplexed as to why there aren’t any data breaches over 500 individuals yet listed by HHS. Surprisingly, there is nothing there.
Smart Grid Privacy Standards Proposed
By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI
Access to live energy use data can reveal if people are in the dwelling, what they are doing, where they are in the dwelling, and access to data use profiles that can reveal specific times and locations of electricity use in specific areas of the dwelling can also indicate the types of activities within the dwelling over a period of time. The information revealed is a type of surveillance. We need layers of privacy protections throughout the entire smart grid to effectively address privacy concerns and prevent privacy invasions and breaches.
Fifteen More Smart Grid Privacy Concerns
By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI
Wouldn’t it be a good idea to have privacy certifications for the organizations that are part of the large smart grid and for the smart meters to help ensure they are appropriately addressing privacy and providing households with informed decision-making capabilities for how the information collected from their homes through these devices are used?
HITECH Act and Protecting Health Privacy
By Doug Pollack, Chief Marketing Officer for ID Experts
These new regulations come at a time when healthcare breaches are on the rise; according to the 2009 ITRC Breach Stats Report healthcare breaches account for over 66 percent of all records breached this year, up from 20 percent in 2008. In fact, some of the largest names in healthcare suffered data breaches.
HIPAA and Video Surveillance of Surgery
By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI
A Rhode Island Hospital was fined $150,000 after a surgeon operated on the wrong finger of a patient, and now the hospital must install video cameras in all of its operating rooms. Of course video surveillance will not PREVENT such incidents from happening, but knowing such recordings are being made will likely make surgeons much more careful…
