Clik here to view.
6 Questions to Ask before Posting to Social Networks
Every day I see yet another (often another dozen) situation where employees misused, abused or otherwise accused social media sites to the chagrin of their employers. Businesses need to make a...
View ArticleClik here to view.
Privacy Scares from the Ghosts of Job Applicants Past
There is a topic that has been coming up, over and over and over again over the past 12 years, that I’ve never seen addressed in other publications. What does your organization do with all the...
View ArticleClik here to view.
A Cyber Bullying Victim Shares His Experience
Today is October 1st, which is also Blue Shirt Day™ World Day of Bullying Prevention©! Cyber bullying is a topic I cover in my Q3 2012 issue of Protecting Information Journal, and my youth reporter...
View ArticleClik here to view.
Please Don’t Tell Me You’re Still Using SSNs as IDs!
Okay, I just finished the 3rd conversation in just the past two weeks alone with an organization that is using Social Security Numbers (SSNs) as their primary form of customer and/or employee...
View ArticleClik here to view.
Repost From Social Media to Lose Customers and Friends Fast
Last week one of my Facebook friends started a “friends only” discussion on his wall. It was a very interesting discussion, and one of his friends took the discussion, pretty much verbatim, and posted...
View ArticleClik here to view.
ISMS Certification Does Not Equal Regulatory Compliance
Last week I got the following question: “By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are...
View ArticleClik here to view.
Implementing a Data De-Identification Framework
Growing numbers of organizations are trying to figure out the benefits of anonymizing, or as HIPAA (the only regulation that provides specific legal requirements for such actions) puts it...
View ArticleClik here to view.
Are You Faking It?
Are you faking it online? Or faking it at work? While faking it certainly has its benefits in both places, I want to touch upon a couple of concerns I have with using fake identities. Is real data...
View ArticleWork Area Reviews are Necessary for Effective Risk Management
There have been a lot online posts and talk lately about risk management and the “proper” or “acceptable” way to do risk assessments. It seems that the overwhelming talk, though, is only about the...
View ArticleClik here to view.
You Need to Actually Do What Your Policies Say!
This week I spoke with a small (~25 employees) organization (a business associate providing services to healthcare providers) that contacted me looking for help; they had purchased a whiz-bang “HIPAA...
View ArticleClik here to view.
Should You Rush to Execute a BA Agreement Today? Probably Not
The final HIPAA “mega rule” is going to be officially published on the Federal Register tomorrow, January 25, 2013. Currently the version available...
View ArticleClik here to view.
Why You Should Use a Right to Audit Clause
A Tale of Two Viewpoints When I was responsible for information security and privacy at a large financial and healthcare organization throughout the 1990’s I had literally hundreds of business partner...
View ArticleClik here to view.
Are You Ready to Pay for the Sins of Your Contracted Entities?
Over the years when working with a wide range of organizations, helping them to identify where all forms of their business information (including customer, client, patient and employee information) is...
View ArticleClik here to view.
How Physical Harm Impacts Can Drive Huge HIPAA Penalties
Are you a covered entity (CE) or business associate (BA) as defined by HIPAA? There are literally millions of organizations in the U.S. that fall under these definitions, and possibly additional...
View ArticleClik here to view.
Policy Exceptions are NOT a Taylor Swift Song: You can Never, Ever say Never
Over the past few months I’ve been in increasingly more discussions, online and at in-person group meetings, about information security policies and exceptions; often more like venting sessions. A...
View ArticleClik here to view.
How Long is the Liability Tail?
Don’t tell me it depends! Well, sorry, but… I’ve been involved in several interesting discussions (some with lawyers, some with security folks, some with privacy folks, and a few of the folks wearing...
View ArticleClik here to view.
The PHI PII Egg Hunt
Locate it to protect it I love speaking with folks about privacy, information security and compliance. I am sincerely interested in hearing about their challenges, and then also identifying common...
View ArticleClik here to view.
Good Intentions Often Lead to Bad Privacy Results
Allowing Wall Street privacy law exemption is crazy! Why, you ask? Why, I’m happy to explain. In March, 2012, I wrote “6 Good Reasons NOT To Ask for Facebook Passwords“. Since that time legislation...
View ArticleClik here to view.
Don’t Treat Privacy Breach Victims like a Spurned Lover
A new data breach research report is out, and it is a good read. This is the annual Experian/Ponemon Institute “Is Your Company Ready for a Big Data Breach?” report. I want to focus on one of the...
View ArticleClik here to view.
I See Business Associates…Do You See Yours?
I’m getting a lot of déjà vu vibes lately with the old-ish Bruce Willis movie with the catch phrase “I see dead people.” (Remember that?) Only my twist on this phrase for the past few years is, “I see...
View Article
