CISA Bill Highlights Privacy vs. Security Tensions

by Doug Pollack

You have to feel for the Cyber Information Sharing Act, or CISA, the latest version of cybersecurity legislation to make news. Every time a new version of this legislation emerges—including in 2012 and again in 2013—it stirs up a hornet’s nest of privacy versus security concerns.

Read More »

How “Near Misses” Can Inform your Security Strategy and Reduce Data Breach Risk

by Doug Pollack

Organizations across industries are facing increased public attention and regulatory scrutiny in light of high profile data breach incidents. While the Target’s of the world get more publicity than they’d ever hoped for, what lies beneath all of this is that for every one very public Target security incident, there are hundreds, if not thousands, of security incidents involving regulated data (specifically personal information) that are “near misses”. The one’s that happened, but due to good fortune or effective efforts did not result in an incident that is categorized as a “data breach”, which then requires a public disclosure for all to see.

Read More »

A Year of Rampant Tax Fraud

by Doug Pollack

There must be something in the water this year. There has been an epidemic of tax fraud that has affected employees of several healthcare organizations. And it now seems like cyber security experts are getting to the root cause of how this was done.

Read More »

In Experian We Trust?

by Doug Pollack

The folks at Experian have been receiving a great deal of well-deserved attention recently. Just this week, the states of North Carolina and Iowa joined Connecticut and Illinois Attorneys General in investigating Experian for the alleged access to a database of records on approximately 200 million Americans with information including social security numbers, dates of birth, and email addresses, among other sensitive personal data, by an identity theft service masquerading as a private investigator.  That Experian is able to sell the personal data of American’s without explicit consent seems counterintuitive, given that as a credit bureau they are in a “unique position” relative to the (regulated) manner as to how they collect such information. The fact that Experian is also frequently trusted by organizations that themselves have had data breach to care for the affected consumers is downright perplexing.

Read More »

FTC Explores Privacy Issues of Big Data at IAPP

by Doug Pollack

Julie Brill, Commissioner of the FTC, answered questions at the IAPP Global Conference this month regarding the FTC’s interest in consumer privacy issues associated with “big data” and the Internet of things (“IoT”). The information security and privacy aspects of these major computing trends have obviously garnered the attention of the FTC.

Read More »

BYOD: Beware of Your Own Device—and the People Who Carry Them

by Doug Pollack

Mobile devices allow you to do amazing things: play Candy Crush Saga in a boring meeting, download your alma mater’s fight song, get the calorie count of the Costco-sized pizza you bought. They also have the potential to do amazing damage to sensitive patient information—especially if you don’t take care to secure your phone or tablet.

Read More »

Are Credit Monitoring Services Worth It?

by Doug Pollack

This article from Mr. Krebs brings up a number of interesting questions in addition to the one that the title poses (are credit monitoring services worth it?). One that I think most salient, right on the back of the huge Target breach, is whether the current approach taken by companies in responding to a data breach effective for the affected individuals?

Read More »

100: The New Bad-Luck Number

by Doug Pollack

Thirteen, the traditional unlucky number, is a pot of gold compared to 100. That’s because criminal attacks on healthcare organizations have increased 100 percent since 2010, according to the Fourth Annual Benchmark Study on Patient Privacy and Data Security by Ponemon Institute.

Read More »

Edith Ramirez, chairwoman of the FTC, speaks on privacy & security considerations with big data

by Doug Pollack

Friday at the IAPP Global Privacy Summit, Edith Ramirez, chairwoman of the FTC, took questions related to privacy and data security with an initial focus on the challenges posed by so-called "big data".  In the session, she noted that the FTC looks at the issues with big data quite broadly. 

Read More »

IAPP Global Privacy Summit: Preparing for a transformational year in privacy.

by Doug Pollack

With the Target breach in the news what seems like daily since December, the concept of data breach, and it's implications, has now burned itself into the psyche of the American public. 2014 marks the beginning of a new era in how organizations "manage" incidents and disclosures of personal, regulated data.  See the innovative ID Experts RADAR software platform at the IAPP Global Summit and make sure your organization has begun to operationalize the assessment and management of data security incidents. 

Read More »
Page 1 of 10 pages   1 2 3 >  Last »