Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

November 28, 2009

Smart Grid Privacy: Possible Privacy Standards To Address Concerns

Sorry to be so tardy in getting a blog post out. As many of you know I've been working with the NIST Smart Grid Privacy Subgroup since late June. The work done for this group is through time volunteered by all involved.

As a quick recap, I led the privacy impact assessment (PIA) for the consumer-to-utility portion of the planned smart grid during the late June to late August/early September time frame. On Friday, 11/20, I provided an update on our NIST groups activities during the Gridwise Alliance phone conference; perhaps some of you were on that call?

Here are some links showing information about our NIST Smart Grid privacy group's work:

 
Continue reading Smart Grid Privacy: Possible Privacy Standards To Address Concerns...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

November 5, 2009

HIPAA And Surveillance In Hospitals

Over the years there have been many...too many...instances where doctors have performed the wrong types of surgeries on patients, and even the wrong surgeries on completely wrong patients...

 
Continue reading HIPAA And Surveillance In Hospitals...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

October 21, 2009

Smart Grid Privacy: Laws and Implications

I was recently asked several questions about my work with the NIST Smart Grid privacy group and associated issues. Here are a couple of those questions, and my answers to them...

 
Continue reading Smart Grid Privacy: Laws and Implications...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

October 14, 2009

6 Critical Factors for Effective Information Security & Privacy Policies

I've been feeling bad about not posting to my blog as often as I have historically...

 
Continue reading 6 Critical Factors for Effective Information Security & Privacy Policies...

Tags:                      
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

October 8, 2009

Who Are Your Business Associates?

Since just before HIPAA went actively into effect I've done a lot of HIPAA compliance work for covered entities (CEs). In the past few years I've done around 200 business associate (BA) information security and program reviews for just one CE, and these don't even scratch the surface for how many BAs each CE has...

 
Continue reading Who Are Your Business Associates?...

Tags:                      
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

October 2, 2009

Proposed HIPAA Privacy Rule Change Explicitly Makes Genetic Info PHI

An important element of data protection compliance is knowing, identifying and inventorying the applicable information...

 
Continue reading Proposed HIPAA Privacy Rule Change Explicitly Makes Genetic Info PHI...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

September 25, 2009

10 Smart Grid Consumer-to-Utility Privacy Concerns; Are There More?

I have had the great opportunity to participate in the NIST Smart Grid privacy standards group since July...

 
Continue reading 10 Smart Grid Consumer-to-Utility Privacy Concerns; Are There More?...

Tags:                                    
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (2) | TrackBacks (0)

September 23, 2009

Don't Throw Your Privacy Out The Window; Know How Your PII Is Used

A couple of week's ago I had the great opportunity and pleasure to speak with the both equally delightful and brilliant Anyck Turgeon and Scott Draughon on MyTechnologyLawyer.com about "Is encryption enough to achieve privacy?"

The feedback and followup to that show was spectacular! I got a ton of questions as a result. I will answer some of them here in the coming days. Here is the first...

 
Continue reading Don't Throw Your Privacy Out The Window; Know How Your PII Is Used...

Tags:                        
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

September 21, 2009

How To Do Privacy Impact Assessments

Last week I was very fortunate to be able to speak at the IAPP Privacy Academy in Boston...

 
Continue reading How To Do Privacy Impact Assessments...

Tags:                                
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

September 14, 2009

What Happens To Privacy During Pandemics?

I am talking to increasing numbers of privacy and information security pros who are concerned about not only getting their pandemic plans in place, but also wanting to know what kinds of privacy issues need to be addressed within the plans.

 
Continue reading What Happens To Privacy During Pandemics?...

Tags:                                  
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

Search

line

Library Resources

line
line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.