Posts tagged: PII

NJ Supreme Court impacts privacy expectation

The New Jersey Supreme Court recently ruled that a company shouldn’t have read an ex-staffer’s private e-mails even though they were sent from her employer’s computer.    NorthJersey.com article. Interesting ruling which will certainly change some thoughts as to personal use of work computers.  While I’m a proponent of privacy rights, I’m torn on this particular [...]

Monday April 5th, 2010 in , , , , , , | No Comments »

2010 Information Security Predictions

I may as well get on the 2010 prediction bandwagon. 1.  With the rush to get into the “cloud” businesses will sacrifice security for the promise of efficiencies.  Attacks will be focused on the applications placed in the cloud, not necessarily the underlying OS infrastructure.  I predict there will be a large compromise of information [...]

Sunday January 3rd, 2010 in , , , , , | 2 Comments »

House passes Data Breach legislation… jury still out

The U.S. House of Representatives has passed HR 2221, the Data Accountability and Trust Act.  This sets nationwide breach notification requirements that trump the patchwork of State laws that have been in effect with California leading the way in 2002.   The passage was written about in a Federal Computer Week article “House passes bill to [...]

Monday December 14th, 2009 in , , , , | No Comments »

Learning From Someone Else’s Breach

A subsidiary of manged health care provider Health Net Inc, just reported the loss of personal information for 1.5 million customers that occurred six months ago according to a ComputerWorld article.  Without knowing all the details of the situation, I can only speculate as to some of the security controls and thoughts of the Health [...]

Friday November 20th, 2009 in , , , , , , , | No Comments »

The Cloud Does Not Absolve Responsibility

Cloud computing certainly offers cost management opportunities for organizations straining to maintain server infrastructure but there is more to consider than just server management.  Security in the cloud simply has not had an opportunity to mature.  Protecting servers, which no doubt cloud providers can do pretty effectively, is different than protecting information.   Those organizations that [...]

Tuesday November 17th, 2009 in , , , , , , | 1 Comment »

Ex-Lover Busted, But Not Totally to Blame

A 38-year-old Avon Lake, Ohio man is set to plead guilty to federal charges after spyware he allegedly meant to install on the computer of a woman he’d had a relationship with ended up infecting computers at Akron Children’s Hospital.   (Misdirected spyware infects Ohio hospital.  McMillan, Robert. 17 September 2009. ComputerWorld.) Graham certainly gets what [...]

Monday September 21st, 2009 in , , , , | No Comments »

It’s Just One Little E-mail…

How often is e-mail used to send documents and information that contains sensitive information?  I’ve seen consultants share sensitive information about clients this way as well as staff members just “trying to be helpful”.  I’m sure this happens all the time and it can be mitigated through training and providing staff the tools necessary to [...]

Thursday August 6th, 2009 in , , , , , | No Comments »

Nevada’s New Privacy Law

SB227 was passed into law and goes into effect in January 2010. It contains requirements for PCI compliance as well as encryption of personally identifiable information. Like any legislation it has both good and bad pieces to it with potential loopholes.

Friday July 10th, 2009 in , , , , , , | 1 Comment »