Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

June 16, 2009

FTC Issued Consent Order for GLBA Privacy Rule and Safeguards Rule Violations

Today the FTC issued a consent order against mortgage lender James B. Nutter & Company for GLBA Privacy Rule and Safeguards Rule violations resulting from having an inadequte information security program and safeguards. The requirements will result in, among other actions, 20 years of ongoing activities by James B. Nutter & Company; much more costly than it would have been to have established appropriate information security safeguards to begin with...

 
Continue reading FTC Issued Consent Order for GLBA Privacy Rule and Safeguards Rule Violations...

Tags:                        
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

May 26, 2009

Memorial Day & ID Theft Using Info Of Deceased

Every year since probably my first year on this world I've visited cemetaries on the Sunday right before Memorial Day. My parents' reasoning was that we could get the graves and headstones decorated (Memorial Day is also known as Decoration Day) so that those visiting on Monday would see them. Probably where I got my habit of always arriving to meetings and events WAY too early! :)

This past Sunday my family drove my father out to three cemetaries to once more continue this tradition...

 
Continue reading Memorial Day & ID Theft Using Info Of Deceased...

Tags:      
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

March 31, 2009

HIPAA Sanctions and Convictions Will Increase with HITECH Act & New Administration

Upon reading and researching HIPAA and the impact of the HITECH Act upon it, basically broadening its applicability as well as adding new requirements for privacy breach notifications, I recently was compelled to write an article about what I foresee as likelihood that, after a very frustratingly slow start (by several years!) of HIPAA enforcement, increasingly more HIPAA sanctions will be made in the coming months and years.

SearchCompliance printed my article in three parts in their Compliance Tips section...

 
Continue reading HIPAA Sanctions and Convictions Will Increase with HITECH Act & New Administration...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

February 19, 2009

2ND HIPAA Sanction: CVS Must Pay $2.25 Million And Improve Info Sec Practices For Improper Disposal

The 2nd ever to date HIPAA sanction has been handed down by the Department of Health and Human Services (HHS)...

 
Continue reading 2ND HIPAA Sanction: CVS Must Pay $2.25 Million And Improve Info Sec Practices For Improper Disposal...

Tags:                          
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

February 9, 2009

HIPAA Company-Applied Sanction: Hospital Employee Fired For Snooping Through 431 Patient Files

I thought it would be a good follow-up to my post from Saturday to point out a recent instance for how HIPAA covered entities (CEs) are applying their own organizational sanctions against personnel who violate their information security and privacy policies that are also violations of the HIPAA requirements...

 
Continue reading HIPAA Company-Applied Sanction: Hospital Employee Fired For Snooping Through 431 Patient Files...

Tags:                              
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

February 7, 2009

Another HIPAA Felony Conviction; 8 To Date

Yesterday a lawyer asked me if there had been any more HIPAA sanctions or convictions from the list I posted a few months ago in August.

I hadn't seen any, but I thought I'd do a bit of checking since it piqued my curiosity.

 
Continue reading Another HIPAA Felony Conviction; 8 To Date...

Tags:                                  
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

February 2, 2009

Don't Be A Dodo; Follow Privacy Requirements!


I just ran across a privacy law non-compliance fine news report from Australia that was published October 22, 2008...

 
Continue reading Don't Be A Dodo; Follow Privacy Requirements!...

Tags:                      
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

January 27, 2009

Iowa Takes Compliance Very Seriously...

"Woman Jailed for Overdue Book"

Tags:    
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

December 15, 2008

Example Of Why Business Leaders MUST Ensure Third Party Security

Below is a good example of why organizations need to do third party (vendor, outsourcers, business partners, etc.) information security and privacy program reviews. A very important sentence to show your business leaders who don't think they need to ensure third party security is, "The lender made the data vulnerable, the complaint alleges, by allowing a third-party home seller to access the data without taking reasonable steps to protect it."

 
Continue reading Example Of Why Business Leaders MUST Ensure Third Party Security...

Tags:                    
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (1) | TrackBacks (0)

November 10, 2008

FTC Applies GLBA & FTC Act Sanctions To Mortgage Lender

I anticipate that with the big $700 billion "rescue" plan the government is going to continue the increased compliance activities...

 
Continue reading FTC Applies GLBA & FTC Act Sanctions To Mortgage Lender...

Tags:                          
 Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold | Permalink | Comments (0) | TrackBacks (0)

Search

line

Library Resources

line
line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.