Blurring of Lines Between Private and Public Information Inspired Invention of RADAR™

by Mahmood Sher-jan

The 2014 IAPP Privacy Academy in San Jose is fast approaching, taking place September 17-19, and we are excited to see our colleagues and clients for the sixth consecutive year. There’s never a dull moment in the privacy domain, as the lines between private and public information have blurred due in part to the advances in and our use of technology—and our changing attitudes as consumers.

Read More »

OCR Should Stick to Rule Making & Enforcement – Not Tool Making

by Mahmood Sher-jan

Nobody knows healthcare data breaches like the HHS Office for Civil Rights does—according to its second annual report to Congress, OCR received 710 reports of breaches affecting approximately 22.5 million people, from September 2009 to December 2012.

Read More »

More Data Breach Enforcement Plus Changing Breach Laws Make for a Hot Summer

by Mahmood Sher-jan

Firefighters across the nation are facing unprecedented temperatures while responding to out-of-control fires that are endangering lives and destroying properties. Summer is also heating up for those of us in the security, privacy and compliance arenas.

Read More »

Financial Institutions Win the Data Breach Game with RADAR 4.0

by Mahmood Sher-jan

The great football coach Vince Lombardi said, “You don’t do things right once in a while…you do them right all the time.”

RADAR is an enterprise software solution for managing security and privacy incident response providing data breach guidance and operational workflow (to simplify compliance and reduce risks of future breaches).

Read More »

Snail-Slow Security Implementation Despite Reports of Increased Risks

by Mahmood Sher-jan

If you knew thieves would break into your house, you would take immediate steps to secure it, right? That’s not the case for organizations that face security risks, according to the Ponemon Institute’s recent report, The State of Data Centric Security, that was recently covered in an SC Magazine article

Read More »

Florida Repeals Old Law & Passes New Data Breach Law

by Mahmood Sher-jan

States typically amend their breach notification laws bust Florida repealed its law and passed a more comprehensive law. The newly signed Florida Information Protection Act of 2014, which will take effect on July 1, 2014, Florida joins the ranks of states that require businesses to safeguard individuals’ health inform by extending its definition of personal information (PI) to any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by health care professional, health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual.

Read More »

Patient Data Security in the Face of Advance Persistent Threats!

by Mahmood Sher-jan

Patient Privacy Network’s 2nd annual conference, held in Anaheim California on April 10, 2014, was a great opportunity for experts and Healthcare industry participants to share perspectives and to learn more about the latest security challenges facing the Healthcare industry.  Participants included Healthcare Chief Information Security Officers (CISOs), a California AG Office representative, Legal Experts, Internet Security Alliance (ISA) and Healthcare providers and payers.

Read More »

In The Data Breach Regulatory Derby – Kentucky Loses Out to Iowa

by Mahmood Sher-jan

On the first Saturday of May the nation turned its attention to the Bluegrass State to see California Chrome race to victory at the 140th Kentucky Derby. Now that the spectacle has come and gone, we’re boxing up our hats but still keeping our eye on Kentucky to see how it fares in another kind of derby. Earlier this spring Kentucky entered the “data breach regulatory derby,” becoming the 47th state to enact a data breach notification law.  If we were to handicap the race, this latest derby entrant is going to lose to Iowa’s recently amended breach law, SB 2252. Next to Iowa’s new law, Kentucky is looking a bit coltish, if you will.  Here’s why:

Read More »

Privacy Warriors Must Operationalize to Keep Compliance Up, Data Breaches Down

by Mahmood Sher-jan

Privacy warriors constantly battle to keep pace and comply with complex and ever changing regulations designed to address rapidly evolving business practices, technologies, and privacy threats.  In 2014 alone, at least 19 states have introduced bills that could amend or impact breach laws.  Unfortunately, these warriors are learning that the gap between what they must do, and what they are doing is growing unless their organizations implement the required processes and tools designed to simplify the monitoring and management of these complex breach laws.

Read More »

CISOs know the importance of operationalizing data incident response

by Mahmood Sher-jan

I was invited to speak about data governance in Boston and Washington DC last week along with multiple groups of security and compliance executives.  Coincidentally the Boston session was on January 28th, which is designated as Data Privacy Day  These sessions were part of data governance roundtable discussions organized by the CISO Executive Network. The scope of discussions ranged from organizational culture to data proliferation to emerging technologies addressing data classification, behavioral threat intelligence, and incident response management. 

Read More »
Page 1 of 5 pages   1 2 3 >  Last »