Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Workshop Coming Soon: Effectively Partnering Information Security and Privacy For Business Success | Main | FTC Act Noncompliance: Being an SMB Will Not Save You From Noncompliance Penalties »

Privacy Incident Example: PII Dumped At Recycling Center

Today it was reported in Australia that "sensitive medical records and personal health information" was dumped at a recycling center in Canberra.  This was an example of a privacy incident given within the annual report from the ACT Community and Health Services Complaints Commissioner.

The type of incident with the recycling center is not uncommon.  This highlights the huge problems within organizations with regard to information security and privacy programs:  Lack of policies, lack of procedures and lack of awareness. 

If personnel were told the risks and proper procedures to follow for disposing of personally identifiable information (PII) there would be many fewer silly types of incidents such as these.

The report itself has some interesting statistics about all aspects of healthcare, beyond information security and privacy; use the applicable portions as examples within your information security and privacy awareness and training efforts.  Although the report was specific to the healthcare industry, some of the lessons learned are applicable to all types of organizations. 

Some statistics I particularly found interesting include:

  • There was a "13 per cent spike in complaints about the health sector in 2005-06."
  • "The commissioner's office received 580 inquiries that resulted in 276 complaints in the past financial year - up 13 per cent on 2004-05."

The public is becoming more vocal about their concerns and are increasingly more likely to file formal complaints to the regulatory oversight agencies.

The report emphasizes the importance of awareness. 

You can never tell personnel or your consumers enough times, or in too many different ways, about information security and privacy.

Much of the report covers compliance and privacy concepts that are new to information security professionals, such as providing access to individuals' PII upon their request, allowing them to request corrections to their PII, and so on. 

Technorati Tags





 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on October 5, 2006 2:53 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/198

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.