Search Realtime IT Compliance
Entries from Realtime Community | IT Compliance tagged with 'encryption'
Don't Throw Your Privacy Out The Window; Know How Your PII Is Used
A couple of week's ago I had the great opportunity and pleasure to speak with the both equally delightful and brilliant Anyck Turgeon and Scott Draughon on MyTechnologyLawyer.com about "Is encryption enough to achieve privacy?" The feedback and followup to...
Is Encryption Enough to Achieve Privacy?
Of course the answer is no. But there are many reasons! Tune in this afternoon at 4:00pm Pacific time to hear Anyck Turgeon, Scott Draughon and me discuss this topic and talk about encryption laws and the impacts to privacy....
Nevada's New Encryption Law; Made Moot By Its Own Data Breach Law?
On May 30, 2009, Nevada enacted a new law, SB 227, which will basically replace NRS 597.970 in January 2010. In many ways the new law is an improvement over the much more vague, and brief, NRS 597.970. I want...
Encryption Solution Reviews
Here are some encryption solution reviews, from David Strom at PC World, that anyone who wants to protect their laptop data, as well as information security, and yes privacy, practitioners should find useful......
Employee Suing Starbucks For Poor Security & Laptop Theft
Here's an interesting progression in how to address the growing data breaches that occur largely from ignored, overlooked, and/or inadequate security practices......
Massachusetts Encryption Law Pushed Back Once More
Monday I received messages almost at the same time from Brandon Dunlap and Brett J. Byers; thanks Brandon and Brett! They were notifying me of yet another delay in the Massachusetts law, "201 CMR 17.00: STANDARDS FOR THE PROTECTION OF...
Business Info Fact Of The Day: Most Personnel Do Not Protect Laptop Information
The Ponemon Institute seems to have been busy doing surveys throughout the world recently! According to three separate research surveys they did in the U.S., Canada and the U.K. they report within the BNA Privacy and Security Law Reports (subscription...
Business Info Fact Of The Day: Smart Business Leaders Encrypt PII
If you are a business leader you must know and understand that encrypting personally identifiable information (PII) protects that PII from being used for identity theft and other crimes should it fall into the hands of a crook. Business leaders...
Commerce Department Issues New Rule For Encryption Exports
Remember all the talk in the 1990's that surrounded the legalities, and largely restrictions, surrounding how encryption could be used for data sent outside the U.S.? Or how encryption tools and algorithms could be exported? It's been a significantly more...
PII Encryption Required by New Massachusetts and Nevada Laws
There is a growing trend in laws that require personally identifiable information (PII) to be encrypted. Encryption in past laws have been directed to be considered based upon risk, but now they are more explicitly required in some laws....
FISA Change Gives Telecoms Immunity; Headaches Ahead For Businesses?
In case you didn't hear about it yet, President Bush just signed into law changes to the U.S. Foreign Intelligence Surveillance Act (FISA) that, among other things, grants immunity to telecom companies that cooperate with the secret warrantless wiretap program....
Yet Another Stolen Laptop With Clear Text Patient PII
Yet another in a long procession of laptop thefs, "Stolen laptop contains personal info of 2,500 patients". Here are the first few paragraphs......
Encryption So Easy Even A Terrorist Can Use It
It seems all business leaders would understand by now, after literally thousands of privacy incidents in recent years, that they need to encrypt personally identifiable information (PII) stored on mobile computers and mobile storage devices, and when sending PII through...
A Stolen Health Insurer's Laptop With PII Is Not Necessarily A HIPAA Violation
While scanning the news blurb summaries today, the statement, "This is a violation of HIPAA." caught my eye. Hmm...let's see what this is about... This statement was actually within the reader comments to the story, "Blue Cross reports theft of...
Privacy, The 5th Amendment And PGP Passwords
While doing some encryption research I ran across this Vermont ruling made on November 29, 2007. It provides some good lessons about computer forensics and investigation and password management....
7 More Reasons Why Sending Cleartext IM and Email Is *NOT* Secure Even If Your Doc Says It Is...Part 2
As a continuation of my blog posting from Monday, here are 7 additional reasons to add to the previous 4 for why sending cleartext instant messages (IMs) and email is not secure:...
Sending Cleartext IM and Email Is *NOT* Secure Even If Your Doc Says It Is...Part 1
I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, "HIPAA: Beware Doctors Who Claim They Don't Have To Follow Safeguard and Privacy Requirements" so I...
HIPAA: Beware Doctors Who Claim They Don't Have To Follow Safeguard and Privacy Requirements
My good friend Alec recently made me aware of a very interesting blog post made by a physician (thanks Alec!) that is frankly quite troubling....
The World is Miffed About Spam & Phishing
Several weeks ago I got spam from an information security company about a seminar they are putting on. I did not respond; I wasn't interested. Since that time I have received many messages, all with the same content, from various...
Data Will Always Be Less Safe In The Future...I Don't Want To Get Gussied Up To Talk On The Phone
I have a blog problem...there are way too many things I want to blog about and not enough hours in the day to do it! Throughout each day I note news items from the TV, or website news articles, or...
Iowa Universities Provide Examples of Good and Bad Information Security and Privacy
In the past week the two largest universities in Iowa provided examples of both great and poor security practices. Let's see...how about the bad example first?...
New Nevada Law Explicitly Requires Organizations to Encrypt PII Sent Through Networks
To date there have been several laws that direct organizations in certain industries to consider using encryption as one way to protect data based upon the organization's considered risks, and laws that make encryption a factor in decisions regarding breach...
Lack of testing, lack of built-in security, and inadequate protection for stored data lead list of PCI noncompliance items
I figured that since the PCI DSS compliance deadline for Level 1 merchants was this past Sunday that there would probably be a ton of published news reports about it on Monday. There were...and today as well! One that caught...
ABN Amro PII Breached Through P2P: Lessons Learned
Much is written about the risks P2P presents to organizations, but many organizations continue to implement P2P technologies, or more accurately allow their personnel to implement them on computers used for business, because they are willing to risk that the...
Privacy Poll Closing *SUNDAY*...Please Click a Button!
Thanks to those of you who have taken the privacy poll on the right-hand side of this page! If you haven't yet...please, pretty please, do! I had planned for this to close on Friday, but now it will close on...
Do You Think Privacy Is Really Dead?
I occasionally post to the Cutter Consortium blog, and the recent topics there have involved privacy....
Improve Security to Make the Planet Greener
This weekend there was a lot of attention on the environmental crisis facing the planet. There was the Live Earth concert on 07/07/07. Tonight the news was filled with more talk of new laws and initiatives, such as banning bottled...
Insider Threat Example: Engineer Leaks U.S. Military Secrets
There has been a lot of talk and blogging recently about whether or not there is a need for an information security industry/profession. Um sure, and there is no need for the physical security industry/profession either, is there? As long...
Don't Be A Security Slacker
Today I woke up to a beautiful, gorgeous spring morning...sunny, low 60's (abnormally high for March), gentle breeze, the grass seemed to have gotten green over night, the birds are singing, the geese and ducks have come back after being...
Vulnerabilities of Transport Services & Privacy Incident Example: Wellpoint CD Containing PII of 75,000 People, Lost During UPS Transport, Found
A CD containing the clear text personal information of 75,000 WellPoint Empire Blue Cross and Blue Shield New York members that was reported lost on February 9 while being transported by UPS has been found. The CD was lost when...
Maine Seed Company Website Hacked: Demonstrates SMB Vulnerability & Questions Hacker Safe Seals
This is the time of the year that thoughts turn to gardening as seed catalogs start filling the mailboxes. I enjoy having fresh-grown vegetables from my garden; nothing is better than a deep red, ripe, juicy Big Boy Beefsteak tomato...
Vermont State Privacy Breach Follow-up: Penetration Testing Reveals No Additional Vulnerabilities
After the January Vermont State privacy breach through a remote attack that compromised Social Security numbers and bank account numbers for nearly 70,000 people, Governor Jim Douglas ordered a security review of the computer systems....
Punitive Actions Pursued Against Professor in Japan Who Had PII About 8,800 on Disk That Was Stolen
The differences throughout the world with which personally identifiable information (PII) privacy breaches are penalized is always interesting to me. Today it was reported that the...
VA Suspends Medical Research Following Most Recent Breach Until Security Certification Is Obtained
Saturday, 2/17/07, it was widely reported that the U.S. Veterans Affairs (VA) was suspending "activities at seven specialized research centers across the country after an unprotected computer hard drive disappeared from one of the facilities in Alabama last month."...
Awareness and Training Example: Privacy Impacts Throughout the Day
There was a very interesting article in the Washington Post today, "Enjoying Technology's Conveniences But Not Escaping Its Watchful Eyes" This documentary of the day in the life of a woman shows how privacy issues are encountered throughout the day,...
Laptop Incident: N.C. Dept of Revenue Laptop Theft Puts 30,000 Residents At Risk
Today the North Carolina Charlotte Observer reported a laptop was stolen from the car of an N.C. Department of Revenue employee in December. They mailed letters to all 30,000 individuals this week. According to the report this is the first...
HIPAA Mobile and Remote Computing Security Guidance from CMS
Today I received notice that the Centers for Medicare & Medicaid Services (CMS) just issued a new publication, "Security Guidance for Remote Use” which is actually dated 12/28/2006. "This document is intended to provide HIPAA covered entities with general information...
Data Ransom Story: Crooks Targeting Small Businesses and Individuals
Yesterday USA Today ran a report, "Cybercrooks hold PC data captive." This is nothing new, I blogged about this type of ransom scheme earlier this year. The crooks are getting more creative....
Laptop Theft: PII About 1,000 W.Va. Air National Guard Members
A report in the Air Force Times indicates a laptop containing personally identifiable information (PII) about 1,000 West Virginia Air National Guard members was stolen during a training trip in November. The spokesperson for the Air National Guard indicated: "The...
Security OOPS! PII For School Employees Accidentally Mailed by School's Contractor
On November 27 the Chicago Tribune reported: "A printing contractor for the Chicago Public Schools said Sunday that it mistakenly mailed a list of names, Social Security numbers and home addresses of nearly 1,740 former school employees as part of...
Information Assurance: Make a Perspective Adjustment; It's All About the Business
Last week I was at the Computer Security Institute 33rd Annual Computer Security Conference & Exhibition where Chris Grillo and I also gave our post-conference seminar, "Effectively Partnering InfoSec and Privacy For Business Success". It was interesting to hear the...
Computer Stolen from Insurance Provider Has Personal Information About 1,200 Villanova University students and staff members
And yes...still another example of a laptop with clear text personally identifiable information (PII) being stolen. Villanova University confirmed on 11/2 that a laptop with information about 1,200 of their students and staff members, along with other individuals not part...
Broadcasting Company Laptop With Employee Personal Information Stolen
The Boston Herald reported a laptop "holding Social Security numbers of current and former staffers was stolen out of Greater Media’s Philadelphia offices." Greater Media is offering credit monitoring to the impacted individuals "if staffers sign up by the end...
Another U.S. Veterans Affairs Computer Stolen: This One With Personal Information About 1,600 Vets
Thursday, 11/2, the VA confirmed a computer containing data about 1,600 U.S. military veterans was stolen from their Manhatten hospital. According to the report, it was stolen from "a locked room in a locked hallway at the VA hospital. The...
Encryption...Just Do It!
I am a big advocate of encryption. It is such a great tool for protecting sensitive and personally identifiable information (PII), particularly for such data that moves...while on mobile devices, storage devices, and while being transmitted through networks. Historically it...
GPS Tracking Urged As a Laptop Security Measure
A solution for addressing laptop thefts and losses was described in a press release today. The product uses GPS in combination with encryption to locate stolen and lost laptops quickly in addition to being able to delete sensitive files from...
How Encryption Supports Compliance
In this episode I discuss how encryption supports compliance as well as effectively protects personal information. Encryption is an under-utilized security tool. Considering the infinite number of today’s risks, threats and vulnerabilities, encryption can effectively keep unauthorized individuals and systems...