Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Business Info Fact Of The Day: Most Personnel Do Not Protect Laptop Information | Main | Business Info Fact Of The Day: 70% Of Top 100 Websites Link To Malicious Software »

New Guidelines for Safeguarding Personal Data

Happy U.S. presidential inauguration day! :) Did you take off a few minutes of work to watch the inauguration? I wasn't going to, was planning to just catch videos on the news sites or YouTube later, but then I did, and I'm glad; it was so historical and memorable!

To celebrate, how about I tell you that NIST just made a great new document available...

The National Institute of Standards and Technology (NIST) Special Publication 800-122, "Guide to Protecting the Confidentiality of Personally Identifiable Information," (January 14, 2009)

This was created to help government agencies best protect the information they retain. However, the advice is sound for ALL types of organizations.

The Guide makes several recommendations, including how to identify and categorize personally identifiable information (PII) within organizations, limiting PII retention to only what is necessary, applying a risk-based approach to data protection, and creating and implementing an incident and breach response plan for PII.

NIST is accepting public comment on the draft document through March 13, 2009.

Note that the Guide indicates that government agencies must report incidents to US CERT within an hour of finding out about them.

I'm a long-time advocate of the OECD privacy principles. They were published in 1980, and most of the data protection (read "privacy") laws and regulations are based upon their sound guidance. This NIST guide tips a hat to the OECD privacy principles.

Tags:                          
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on January 20, 2009 7:09 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/910

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.