February 5, 2012

Posts Comments

You are here: Home / Archives for Security / Regulatory Compliance

Online Privacy Risks and Predictions for 2012

January 5, 2012 By Leave a Comment

 

Photo courtesy of intellicorpintouch.com

With 2012 now well on its way, online privacy related risks will become an important issue to information security and risk management team members in today’s global village of organizational inter-relationship activities, as well as, for the growing number of consumers who are relying more and more on online communication tools and applications to conduct their day to day purchases.

As online businesses grew in 2011 – through innovative technologies in advertising, cloud services and mobile apps – the call for improved levels of online privacy controls rang loudly and repeatedly throughout the industry.

With the collection and usage of consumer data spreading like wildfire across a myriad of emerging online businesses, 2011 was a year of extraordinary change for online privacy,” said Chris Babel, CEO of TRUSTe.   “Along with the excitement about the potential of innovative online technologies, the industry was also forced to address both trepidation and concern for the safety and respect of consumers’ personal privacy. TRUSTe  is pleased to share some of our privacy expectations for the New Year.”

Leveraging its unique vantage point, TRUSTe  posted on the ITBusinessEdge website  the following predictable events or trends to take place in the year ahead:

  1. There will be increased levels of activity by the FTC to go after websites with high levels of privacy violations related to 3rd party tracking.
  2. Mobile self-regulatory guidelines regarding online behavioral advertising (OBA) will grow In 2012.
  3. Knowledge of and practical applied experience with laws and regulations regarding privacy will become an even hotter job skill to have in 2012.
  4. There will be much more use of location-based technologies.
  5. Yanks abroad will most likely be forced to follow the EU individual privacy standards whenever doing business in Europe.
  6. Most likely there will be no comprehensive privacy legislation passed by the U.S. Congress in 2012.
  7. One of the 2012 Presidential candidates will announce plans for a new cabinet post — Secretary of Online Privacy.

If any of our readers have come across additional privacy related predictions for 2012, please share them in the comments section below…..

If applicable, pass this information along to those risk mitigation specialists in your organization who might view an online privacy breach issue as a serious economic disruptive event to their organization.

Click here  to view more details of these predictions.

Filed Under: Cybersecurity, Information Security, Personal Preparedness, Regulatory Compliance, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , , , , , ,

Data Security and Privacy Issues Predicted in 2012 — NO SURPRISES

January 2, 2012 By Leave a Comment

 

Photo courtesy of thinkstock.com

As many of our readers, who are risk management team members in their organizations, work on their 2012 disaster preparedness plans and risk mitigation strategies relevant to their organizations, information security and privacy will remain high on their lists of considerations. 

Recently, an article, written by Richard L. Santalesa, attempted to address these concerns by providing a list of several events predicted to occur in 2012 that will occur across the privacy and data security landscape…. 

A quick summary of just some of those predicted events are as follows: 

     There will most likely be a significant revamp of the EU’s Data Protection Regulations – e.g. a potential requirement to designate a privacy officer within an organization, increased enforcement powers and penalties, and perhaps stronger protection for children under 18. 

     Perhaps the final version of the U.S. HIPAA breach notification rule will make a long awaited appearance, along with guidelines per Stage 2 of the electronic record incentive program within the HITECH Act, in 2012. 

     In 2012, the FTC will likely its finalized Privacy Report, formally titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.” 

     Better development of information security and data protection language in contracting agreements for cloud services will help provide guidance on cloud contracting issues addressing audit assurances, cloud security and accreditation, e-discovery issues, security controls and allocation of liability and responsibility for data security, to name but a few. 

     Continued data breach activity in 2012 will force many organizations to review their existing insurance policies to see what is and what is not covered in their business interruption insurance policies.  

     A growing importance in 2012 “of key buzz words that implicate data security and privacy issues, such as are BYOD (“Bring Your Own Device”) and COIT (“Consumerization of Information Technology”). 

Click here to view more about the predictions listed above as well as to read the full collection of Christine Marciano’s predictions of data security and privacy related activities to occur in 2012.

 

If applicable, please pass this information along to your other risk management or information security team members.

Filed Under: Cybersecurity, Regulatory Compliance, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , ,

ENISA Offers Free IT Security Awareness Training Videos in All 23 Official EU Languages

November 23, 2011 By Leave a Comment

Does your organization struggle and need help training its workforce(s) in a foreign language regarding policies, procedures and strategies supporting their organization’s information security compliance efforts? 

The European Network and Information Security Agency (ENISA) has launched a series of free videos in all 23 official EU languages. Designed to help raise awareness of information security risks and encourage secure handling of electronic data, the 13 video clips range from how to use strong passwords and protect sensitive data to locking down and securing your computer.

This awareness training information can now be downloaded from the ENISA website, and, should be suitable for use in your organization’s information security training program(s) along with any other awareness initiatives your company has launched to support its information security risk management strategies.

Click here  to view and download some of these awareness training videos.

If applicable, please pass this information along to those risk management and ISO 27001 compliance team members in your organization.

Filed Under: Cybersecurity, Information Security, Regulatory Compliance, Regulatory Compliance, Risk Management Tagged With: , , , , , , , ,

ISO 28002 Resilience in the Supply Chain Standard Approved

August 5, 2011 By Leave a Comment

Contributed by: Lisa DuBrock

It seems every day ISO approves new standards.  However, the approval of ISO 28002 (Resilience in the Supply Chain) is a standard to be watched in this space.  The Technical Committee ISO/TC 8 of the International Organization of Standards (ISO) has worked hard to get this standard adopted.  It is based on SPC.1 (Organizational Resilience Management System), one of the PS-Prep standards, and provides true linkage to a number of other Standards, including ISO 28000 Security in the Supply Chain and ISO 31000 Principles and Guidelines of Risk Management. 

No discussion on ISO 28002 can go without mention of ASIS and their unwavering support of the 28000 series of standards.  ASIS is also in the forefront of creating Lead Auditor curriculum that is in the final process of being certified by RABQSA, a leader in the world of ISO Lead Auditor Training and Certification. 

What does this certification mean?  Only time will tell, however, with the adoption of the standard as a Full ISO Management System Standard, many hurdles have already been cleared. 

The ContinuityCompliance.org team wishes to congratulate all involved in this process.

Click here to read more about the ASIS announcement about this standard for resilience in the supply chain approval by ISO.

If applicable, please pass this information along to those risk management or PS-Prep compliance strategy planning teams in your organization. 

Photo courtesy of blog.to-increase.com

Filed Under: Business Continuity Info, Information Security, Organizational Resiliency, PS-Prep Program, Regulatory Compliance, Regulatory Compliance, Risk Management, Standards & Best Practices Tagged With: , , , , , , , , , , , , , , , , , ,

E-Discovery’s Frontier of Social Media

August 4, 2011 By Leave a Comment

In several past postings on this website, the risk management concerns for organizations regarding e-discovery have for the most part involved e-mails and the context of postings by individuals.  However, in an article written by Alison Frankel and posted on the Thomson Reuters News & Insights website, a new direction for e-discovery litigation proceedings is requiring litigants to provide access to their social media accounts and to preserve their posts in those accounts.

As Ms. Frankel states, “…It’s no giant leap from that kind of ruling to a looming problem for businesses.  As corporations venture into social media to promote their brands and reach out to clients and customers, they have to be prepared to face the same discovery demands.”

Also quoted in the article is the following from the tech consulting firm Gartner : “…by 2013, “half of all companies” will have faced e-discovery demands for material from social media sites.”

This information could be very valuable to your organization’s information security and risk management team members.  It could also be that a “refresh” to your organization’s business impact analysis exercise regarding these e-discovery risk related developments is necessary.

If applicable, please pass this information along to those individuals to help them evaluate if it is necessary to also amend or improve their existing business continuity plans or perhaps even alert their thinking process regarding PS-Prep standard compliance strategies and/or methodologies.

Read Ms. Frankel’s full article.

Filed Under: Business Continuity Info, Information Security, Organizational Resiliency, PS-Prep Program, Regulatory Compliance, Risk Management Tagged With: , , , , , , , , , ,

e-Discovery Controversy over Certification for e-Discovery Skills

August 1, 2011 By Leave a Comment

For many business continuity and risk management planning teams, the topic of e-Discovery remains at least a potential threat consideration in their business impact analysis exercises.  And if your organization considers e-discovery related activities relevant to potential legal hold litigation risk mitigation challenges or opportunities, then the recent controversy over e-discovery certification is a topic to be followed for all the e-discovery workers in your organization.

The core of the controversy lies in the fact that critics claim that there are many certification and exam program offerings out there targeting the most vulnerable members of the legal community, while advocates and promoters of certification courses and tests feel strongly that such actions are a step in the right direction so as to provide better education and standards to improve the capabilities of the e-discovery workforce.

On this August edition of Law Technology Now, host Monica Bay, the editor of Law Technology News, discusses this controversy with attorney Patrick Oot of Washington D.C.’s  eDiscoveryInstitute, and Albert Barsocchini, a San Francisco-based e-discovery consultant.

To listen to this discussion, you have several options:

  1. www.lawtechnologynow.com
  2. www.legaltalknetwork.com
  3. iTunes website by searching the iTunes store for podcasts under the topic search of ‘lawtechnologynews’…..

If applicable, please pass this information along to those e-Discovery, information security or risk management team members in your organization.

Photo courtesy of blog.advanceddiscovery.com

Filed Under: Business Continuity Info, Information Security, Regulatory Compliance, Risk Management Tagged With: , , , , , , , , ,

BC/DR and Risk Management Teams in U.S. Chemical Facilities — Be Aware of Recent Regulatory Developments

July 5, 2011 By Leave a Comment

If your business involves the production, distribution or sales of chemicals, you need to be aware of new developments relative to the U.S. Chemical Industry’s regulatory environment.

This week, the Senate Committee on Homeland Security and Governmental Affairs voted 8-2 for Senator Susan Collins’s bill, S. 473, to renew the Chemical Facility Anti-Terrorism Standards (CFATS), which is designed to regulate the chemical industry to ensure that they are keeping their facilities safe from terrorist attack. A similar bill has already been approved by a House committee and the chemical industry and regulators are eager to see Congress pass the bill to provide stability in the regulatory marketplace. The bill was originally approved in 2006 and is set to expire this year.

To get more of the facts surrounding these most recent developments, click here.

To follow the debate of whether or not this bill goes far enough to protect the thousands of chemical related facilities in the United States, click here.

If applicable, please pass this information along to those team members in your organization responsible for risk management, physical security, regulatory compliance or business continuity planning.

Photo source courtesty of 123rf.com

Filed Under: Business Continuity Info, Physical Security, Regulatory Compliance, Standards & Best Practices Tagged With: , , , , , , ,

New EU Privacy Law and the Cookie Monster

May 30, 2011 By Leave a Comment

How does your information security plan address the possibility of a law requiring companies to get permission before installing cookies on a person’s computer?

If your organization has operations in EU countries, you may want to bring your information security and privacy rights specialists team member’s attention to a recent article posted on the InfoSecurity.com website.

Click here to read more about this cybersecurity issue and potential regulatory requirement in the EU.

If applicable, please pass this on to those information security and risk management team members in your organization.

Photo courtesy of netsoltech.com

Filed Under: Information Security, Regulatory Compliance, Security Tagged With: , , , ,

PS-Prep and the Update Status on NFPA 1600 — 2013 Edition

May 9, 2011 By Leave a Comment

Work on the 2013 edition of NFPA 1600Standard on Disaster/Emergency Management and Business Continuity Programs” is well underway. The technical committee met in Orlando in late March, this year,  to continue the research and development of what will become the sixth edition of the standard. The technical committee is also asking for public input for new content or revisions to existing text.

In an article written by Donald L. Schmidt, ARM, CBCP, CBCLA, CEM and posted on the Disaster-Resource.com website, our readers may read more about how the NFPA 1600 Technical Committee tries to achieve a balance between writing prescriptive requirements and writing a standard that is widely applicable and not overly burdensome.

The committee is soliciting your input on the 2013 edition. But, meanwhile you can download the 2010 edition for free. (Click here)

You can submit your suggestions for additions or revisions online via NFPA’s Online Submission System. (Click here)

You can also download (Microsoft Word format), complete, and return a Document Proposal Form. (Click here)   Instructions for submitting the form via mail, fax, or email are included at the bottom of the form. The deadline for submissions is May 23, 2011.

The first draft of the 2013 edition is expected to be published for public review by December 23, 2011.

Once published, public comments on the draft will be accepted until March 2, 2012. Following the second round of public comments the committee will meet to finalize and vote on the draft prior to issuance by NFPA as early as November 2012.

This website thanks Mr. Schmidt for writing this article, and, asks that if applicable, this information would be forwarded to those PS-Prep strategy planning teams in your organization.

Photo courtesy of campussafetymagazine.com

Filed Under: PS-Prep Program, Regulatory Compliance, Standards & Best Practices, Standards & Best Practices Tagged With: , , , , ,

“Five Hottest Topics in E-Discovery” Free Podcast Now Available

May 5, 2011 By Leave a Comment

The threat of having your organization affected by an e-Discovery request is becoming more of a reality every day.   And, if your organization is a small or mid-sized business, that threat has the potential to place an economic and human resource burden on your company that might be just enough to drive that company out of business.

Being aware and being prepared, for these e-discovery requests, are disaster preparedness actions that require much learning, evaluating and planning effort(s).

To help that process, the Legal Talk Network has released the latest edition of Sensei’s Digital Detectives podcast, entitled “The Five Hottest Topics in E-Discovery.” Podcasters Sharon D. Nelson, Esq. and John W. Simek, Sensei’s President and Vice President, welcomed California attorney and e-discovery expert, Josh Gilliland, the noted author of the Bow Tie Blog to discuss the five hottest topics in e-discovery today.

Their discussion included the form of production,  litigation holds after the Pension Committee case, how small firms are surviving their entry into e-discovery, preservation of ESI and how to prove that an e-discovery request will cause an “undue burden.”

Ms. Nelson noted, “Josh is not only a true expert in this area, but he invests his commentary with wit, which is undoubtedly why he is such a popular e-discovery speaker. We were honored to have him share his expertise with our listeners.”

Click here to listen to that podcast and learn more about and how to avoid and survive an e-discovery request.

If applicable, please pass this information along to those business continuity planning and risk management team members in your organization.

Photo courtesy of proofspace.com

Filed Under: Business Continuity Info, Information Security, Regulatory Compliance Tagged With: , , , , , ,
« Older Posts