Blog Posts Tagged with "PII"


Where is My Information?!?!

May 10, 2012 Added by:Marc Quibell

Here's the problem - too many people have too much information about you, stored in or on who-knows-what, and who-knows-where. The risks of having your identity stolen and used are astronomical. All it requires is someone on the receiving end putting it all together...

Comments  (0)


Data Classification and Controls Policy for PCI DSS

March 01, 2012 Added by:Danny Lieberman

The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...

Comments  (0)


WOMMA Releases Social Media Marketing Privacy Guidelines

January 19, 2012 Added by:Headlines

WOMMA applauds the FTC's efforts at making transparency a key point. While it is not yet clear what effect these developments have had on the online marketing industry - we appreciate the agency's efforts to allow industry leaders to develop self-regulatory initiatives...

Comments  (0)


Are Your Health Records at Risk?

December 14, 2011 Added by:Christopher Burgess

Have we now arrived at the point in obtaining medical care that in addition to looking into the medical practitioner's experience and confirming they are compliant with HIPAA, that we now must review their data handling policies before choosing a health care provider?

Comments  (0)


Not All Free Identity Theft Services are Created Equal

July 20, 2011 Added by:Kelly Colgan

In order to sign up for identity theft protection services, you have to hand over a lot of vital data about yourself. Do you really want to give this to a company you’ve never done business with before—especially one that’s offering you something for free?

Comments  (0)


On Data Retention – When Not to Backup Data

May 24, 2011 Added by:Danny Lieberman

How much damage would be incurred if there was breach? For the purpose of asset valuation, we distinguish between customer data without PII and customer data that may have PII. Let’s consider 4 key assets of a company that designs and manufactures widgets and sells them over the Internet...

Comments  (0)


Threats to Personal Health Information

May 14, 2011 Added by:Danny Lieberman

Humans are naturally curious and always worried when it comes to the health condition of friends and family. HIPAA risk and compliance assessments at hospitals in Israel, the US and Australia consistently show that the number one attack vector on PHI is friends and family, not hackers...

Comments  (0)


Why Do Companies Hide From Privacy Regulations?

March 18, 2011 Added by:Andrew Weidenhamer

If you don’t know what processes take PII, you don't know what type of PII you are taking. If you don’t know what PII you are taking, then you don’t know what regulations to adhere to. If you do not know what regulations you need to adhere to, then you will not know what controls are required...

Comments  (2)


Class-Action Lawsuit Alleges Data Privacy Violations

March 14, 2011 Added by:David Navetta

Privacy-related lawsuits are on the rise, and this time is the target. On March 2, 2011, two named plaintiffs filed a class-action lawsuit alleging that Amazon circumvents browser privacy settings to collect users’ personal information without permission and shares the information with third parties...

Comments  (0)


California Supreme Court Says Zip Codes are PII

February 24, 2011 Added by:David Navetta

Thinking hard about how business and consumer interests can be harmonized by effective and privacy/security-friendly policies and practices? We thought so. Worried that zip codes might be treated as personal information in this country? Probably not. All that may be changing...

Comments  (1)


Background Checks and Constitutional Privacy Rights

January 20, 2011 Added by:Stephen Gantz

Informational privacy seems like a good idea – wherefore the People have enacted laws at the federal level and in the states restricting the government’s collection and use of information. But it is up to the People to enact those laws, to shape them, and to repeal them...

Comments  (0)


Seven Steps to Improve Small Business Data Security

January 14, 2011 Added by:Danny Lieberman

Many consultants tell businesses that they must perform a detailed business process analysis and build data flow diagrams of data and business processes. This is an expensive task to execute and extremely difficult to maintain that can require large quantity of billable hours...

Comments  (2)


Infosec, Privacy and Compliance Soothsaying

December 26, 2010 Added by:Rebecca Herold

The component that brings the most vulnerability to all forms of information is still the same as it has been for not only the past few years, but also the past few centuries: humans. But sadly, this component is woefully ignored and neglected when it comes to security and privacy in most organizations...

Comments  (0)


Review of FTC's Proposed Privacy Framework - Part 1

December 17, 2010 Added by:David Navetta

In this part of our review, and in following parts, we dig into the specifics of the Report's proposed framework, with a eye to examining rationales for the various proposals as well as analysis on the potential effects going forward on practices and data policies...

Comments  (0)