In Experian We Trust?

by Doug Pollack

The folks at Experian have been receiving a great deal of well-deserved attention recently. Just this week, the states of North Carolina and Iowa joined Connecticut and Illinois Attorneys General in investigating Experian for the alleged access to a database of records on approximately 200 million Americans with information including social security numbers, dates of birth, and email addresses, among other sensitive personal data, by an identity theft service masquerading as a private investigator.  That Experian is able to sell the personal data of American’s without explicit consent seems counterintuitive, given that as a credit bureau they are in a “unique position” relative to the (regulated) manner as to how they collect such information. The fact that Experian is also frequently trusted by organizations that themselves have had data breach to care for the affected consumers is downright perplexing.

Read More »

FTC Explores Privacy Issues of Big Data at IAPP

by Doug Pollack

Julie Brill, Commissioner of the FTC, answered questions at the IAPP Global Conference this month regarding the FTC’s interest in consumer privacy issues associated with “big data” and the Internet of things (“IoT”). The information security and privacy aspects of these major computing trends have obviously garnered the attention of the FTC.

Read More »

BYOD: Beware of Your Own Device—and the People Who Carry Them

by Doug Pollack

Mobile devices allow you to do amazing things: play Candy Crush Saga in a boring meeting, download your alma mater’s fight song, get the calorie count of the Costco-sized pizza you bought. They also have the potential to do amazing damage to sensitive patient information—especially if you don’t take care to secure your phone or tablet.

Read More »

Are Credit Monitoring Services Worth It?

by Doug Pollack

This article from Mr. Krebs brings up a number of interesting questions in addition to the one that the title poses (are credit monitoring services worth it?). One that I think most salient, right on the back of the huge Target breach, is whether the current approach taken by companies in responding to a data breach effective for the affected individuals?

Read More »

100: The New Bad-Luck Number

by Doug Pollack

Thirteen, the traditional unlucky number, is a pot of gold compared to 100. That’s because criminal attacks on healthcare organizations have increased 100 percent since 2010, according to the Fourth Annual Benchmark Study on Patient Privacy and Data Security by Ponemon Institute.

Read More »

Edith Ramirez, chairwoman of the FTC, speaks on privacy & security considerations with big data

by Doug Pollack

Friday at the IAPP Global Privacy Summit, Edith Ramirez, chairwoman of the FTC, took questions related to privacy and data security with an initial focus on the challenges posed by so-called "big data".  In the session, she noted that the FTC looks at the issues with big data quite broadly. 

Read More »

IAPP Global Privacy Summit: Preparing for a transformational year in privacy.

by Doug Pollack

With the Target breach in the news what seems like daily since December, the concept of data breach, and it's implications, has now burned itself into the psyche of the American public. 2014 marks the beginning of a new era in how organizations "manage" incidents and disclosures of personal, regulated data.  See the innovative ID Experts RADAR software platform at the IAPP Global Summit and make sure your organization has begun to operationalize the assessment and management of data security incidents. 

Read More »

HIPAA Omnibus Final Rule: One Year After

by Doug Pollack

The healthcare information management and data breach community was put on notice last year from regulators that they would be expecting much great focus on and performance in securing patient health information (HIPAA protected health information, or PHI) and managing the privacy of patient data from healthcare organizations (HIPAA covered entities) and their business and technology partners (HIPAA business associates) going forward. I thought I’d take a look in this post of what 2013 brought us, and what to expect as we plunge forward into 2014.

Read More »

Happy New Year & What’s in Store for 2014 in Healthcare Privacy, Security & Compliance

by Doug Pollack

So 2013 was a very busy year for anyone that knows what HIPAA stands for. This should include healthcare providers, insurance companies, and (at least soon) their thousands of business associates, among others. If you hold a privacy, security, compliance, or general counsel title within any such organization, hopefully you got some rest over the holidays, because 2014 promises to be a barnburner.

Read More »

Is the Obamacare Health Insurance Exchange Secure?

by Doug Pollack

I had been waiting for this question to be asked. Now it seems like almost overnight that everyone, including members of Congress and the Obama Administration, is asking about the level of security of the U.S. government’s new health insurance exchange, HealthCare.gov. The impetus for the elevated level of interest and scrutiny seems to be a September 27th memo internal to the Center for Medicare and Medicaid Services (CMS) that discussed security concerns and is extensively quoted in an ABC News article.

Read More »
Page 1 of 10 pages   1 2 3 >  Last »