Category: Privacy

  • Rising the level of trust associated with identity in online transactions

    Obama’s National Strategy for Trusted Identities in Cyberspace In April President Obama signed the National Strategy for Trusted Identities in Cyberspace (NSTIC) which charts a course for the public and private sectors to collaborate on raising the level of trust associated with identity in online transactions. NSTIC focuses on upgrading outdated password-based authentication systems and […]

  • Threats on personal health information

    A recent HIPAA violation in Canada  where an imaging technician accessed the medical records of her ex-husband’s girlfriend comes as no surprise to me. Data leakage of ePHI in hospitals is rampant simply because a) there is a lot of it floating around and b) because of human nature.  Humans being naturally curious, sometimes vindictive and always […]

  • Controlled private networking

    This evening I was added to a FB Group – apparently – you don’t have to agree to be joined in. FB Groups is a way to organize your contacts and get better control over your social networking.  It looks pretty cool to me but the New York Times suggests that Facebook groups may engender even more […]

  • Controlled social networking

    I saw a post recently on Controlled social networking for student collaboration. One of the comments lamented not having the head count to install technology to control Facebook access by students. Frankly – as a data security and compliance consultant who does a lot of work with corporates in social networking (both on the application side […]

  • Are you still using Excel for risk assessment?

    There is a school of thought that says that you can take any complex problem and break it down like swiss cheese. Risk assessment data collection and analysis with Excel is one of those problems that can’t be swiss-cheesed.  A collection of brittle, unwieldy, two dimensional worksheets is a really bad way of doing multi-dimensional […]

  • What price privacy?

    Dr. David Gurevich in an interview with the Israeli business daily Globes predicts that real time death will be the next development in reality programming.  Once the domain of science fiction and fantasy – Dr. Gurevich believes that the online death scenario is an inevitable development in the loss of privacy and wave of voyeurism […]

  • Secure collaboration, agile collaboration

    One of the biggest challenges in global multi-center clinical trials (after enrollment of patients) is collaboration between multi-center clinical trial teams: CRAs, investigators, regulatory, marketing, manufacturing, market research, data managers, statisticians and site administrators. In a complex global environment, pharma do not have control of computer platforms that local sites use – yet there is […]

  • Data security and compliance – Best practices

    Compliance is about enforcing business process – for example, PCI DSS is about getting the transaction authorized without getting the data stolen. SOX is about sufficiency of internal controls for financial reporting and HIPAA is about being able to disclose PHI to patients without leaks to unauthorized parties. So where and how does DLP fit into the compliance […]

  • Sears using spyware for sales

    No secret that Walmart is hurting many older retail chains such as Kmart and Sears. Both latter companies are struggling to stay afloat, trimming the fat by closing locations and restructuring current stores to look refreshed and up to speed with America’s #1 retail giant. But now Sears and Kmart has come under fire for […]

  • Research data integrity

    I usually write about best practices and practical tools to prevent data theft, data loss and data leakage – since our professional services focus on data security in Central and Eastern Europe. Data security is, I guess a sub-specialty of security and compliance. Security is chartered with ensuring the survival of a business and protecting […]