Group items tagged

"In light of a spike in identity theft and the frequency with which personal information is stored on portable devices, the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) have expanded Generally Accepted Privacy Principles (GAPP) to include protocols for securing and disposing of personal information. "Safeguarding personal information is one of the most challenging responsibilities facing an organization, whether such information pertains to employees or customers," said Everett C. Johnson, CPA, chair of AICPA/CICA Privacy Task Force and a past international president of ISACA, a global information technology association. "We've updated the criteria of our privacy principles to minimize the risks to personal information." GAPP offers guidance and best practices on securing portable devices, breach management and ensuring continued effectiveness of privacy controls. The guidance additionally covers disposal and destruction of personal information. The principles are designed for chief privacy officers, executive management, compliance officers, legal counsel, CPAs and CAs offering technology advisory services. "Portable tools such as laptops and memory sticks provide convenience to employees but appropriate measures must be put in place to secure them and the data they contain," said Donald Sheehy, CA.CISA, CIPP/C, associate partner with Deloitte (Canada) and a member of the AICPA/CICA Privacy Task Force. "We must stay abreast of technological advances to assure that proper measures are put into place to defend against any new threats." Created by the AICPA/CICA Privacy Task Force, GAPP is designed to help an organization's management team assess an existing privacy program or address privacy obligations and risks. The principles provide a framework for CPAs and CAs to offer privacy services to their clients and employers, such as advisory services, privacy risk assessments and attestation or

In a world of increasingly savvy and inter-connected customers, an organization's approach to information privacy may offer precisely the competitive advantage needed to succeed. Privacy is essential to creating an environment that fosters trusting, long-term relationships with existing customers, while attracting opportunity and facilitating the development of new ones. Spend the morning with me and nine privacy leaders from major corporations: Intel; IBM; Sun Microsystems, Inc.; Microsoft; Facebook; HP; Privacy Analytics Inc.; Ontario Lottery and Gaming Corporation; Peratech Limited; and GS1 Canada as they present their latest innovations in Privacy-Enhancing Technologies (PETs). You will appreciate how "Privacy by Design" - embedding PETs into the architecture of new systems - protects privacy, without compromising performance or security - a positive-sum not zero-sum outcome.

making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445

This year was an interesting year in privacy and information security, and by looking back, we can clearly discern trends that will likely be a major part of the security management landscape in 2009. More and more states passed breach-notification laws and several enhanced or extended existing legislation. Software-as-a-Service (SaaS) and virtualization really took off, and compliance's looming presence grew with PCI DSS version 1.2 and some actual enforcement of HIPAA. Of particular note was Massachusetts' data breach law 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. This is to date the most comprehensive law of its kind, setting a new standard for what breach-notification laws should look like; it covers both paper and electronic records, it mandates appropriate security awareness training as well as security and risk assessments and, most importantly, requires companies to make changes to their security programs in accordance with the findings of those risk assessments. Similarly, California enhanced the well-known CA-1386 to include not just traditional financial information, but also health care and health insurance data as well. With new mandates popping up all the time, it's no wonder compliance was one of the biggest focus areas for enterprise information security teams in the past year, and this trend will clearly continue in 2009; there will be more regulation on both the state and federal levels, and stronger enforcement of existing regulations. Fines and other penalties for violations of PCI DSS and HIPAA will continue to rise, along with the inevitable rise in discoveries of malfeasance. As a result, there will be an even larger focus on compliance by upper management, which also means decreased time and budget for necessary security controls that don't clearly fall under a compliance umbrella.

In honor of this day, the California Office of Privacy Protection--the first governmental privacy office in the nation--has created a presentation which you can download from their Web site at www.privacy.ca.gov. It's called "Secure Your Computer to Protect Your Privacy," and it explains why computer owners should use Internet firewalls, install and maintain anti-virus and anti-spyware software, and keep their operating systems and applications up to date to protect themselves from malicious attacks. The state privacy office offers lots of other information on how Californians can protect themselves and their data. You can visit their Web site, call them toll-free at (866) 785-9663, or go Wednesday at 5:30 p.m. to the main San Francisco Public Library, where Joanne McNabb, the state's privacy chief, is scheduled to appear on a panel with representatives from Microsoft, Intel, the Center for Democracy and Technology, MySpace and Teen Angels. The panel is free and is part of an international effort to raise awareness about privacy practices and privacy rights

Naturally, privacy watchdogs answer the question in this post title with a resounding "Yes!" The answer is so emphatic, in fact, that the Center for Digital Democracy and U.S. Public Interest Research Group are filing a 52-page complaint with the FTC today alleging that mobile marketers collect so much "non personally identifiable information" that it infringes on users' privacy-and are "unfair and deceptive." Mobile devices, which know our location and other intimate details of our lives, are being turned into portable behavioral tracking and targeting tools that consumers unwittingly take with them wherever they go. (Shh! Don't tell them the FBI can remotely turn on the microphone of several cell phone brands and convert your phone into a roving bug, even when it's off!) But is the Internet private-and should it be? Is a profile that states that you are interested in outdoor rec and currently in the Santa Clara, CA, area an invasion of your privacy? And if so, should we ban all outdoor rec stores and centers in Santa Clara from collecting personally identifiable information like, say, a picture of you when you walk in their lobby? Should we prohibit all employees from asking your name and if you slip and mention it, make sure they never call you by it?

"A federal law designed to prevent employers and health insurers from discriminating against an individual based on their genetic predisposition to disease took effect late last month, signaling a new era where intermingling genetic advances and privacy concerns create new challenges in health care. But left out of the federal Genetic Information Nondiscrimination Act, commonly known as GINA, were privacy protections for individuals seeking long-term care, disability and life insurance coverage. Each of those areas was left up to the individual states. At least 10 states regulate the use of genetic information in long-term care insurance. But in California, privacy protections were left to expire by lawmakers in January 2008. Mark Billingsley, spokesman for state insurance commissioner Steve Poizner, said in an e-mail that there "appears to be a giant loophole" in California's insurance code regarding long-term care insurance and genetic privacy protections. He said he couldn't identify a single provision in the state code that would preclude a private insurer from requesting such a test for underwriting purposes. "

"By now, California is well-acquainted with Meg Whitman, Steve Poizner and Carly Fiorina - Silicon Valley's big-name candidates this election season. But a pair of relatively unknown tech alums, sitting lower on the ballot, are even more an indication of the political maturation of the valley, a place that has traditionally favored pushing policy from the sidelines instead of crafting and enforcing it in Sacramento."

Geek politicians who want to do for CA what they did for the tech industry. Government 2.0 or crash, reboot, crash...

"As many as 68,000 members of CalOptima, the Medicaid plan for Orange County, California, may be at risk of identity theft and fraud after several CDs containing their personal information disappeared while in transit, the agency reported. "CalOptima's claims scanning vendor sent the electronic media devices to CalOptima through the U.S. Postal service by certified mail," the agency said. "On Tuesday, October 13, 2009, CalOptima discovered the apparent loss of the devices when the external packaging materials were delivered by the U.S. Postal Service without the box containing the devices." The missing discs include patient information such as names, addresses, Social Security numbers, diagnoses, and billing codes. CalOptima said it notified state and federal agencies of the breach on October 14, and posted an alert on its Web site on October 15."

The California State Senate approved today SB 20, legislation by State Senator Joe Simitian (D-Palo Alto), which aims to strengthen existing privacy protection laws for California consumers. The new law builds on legislation authored by Simitian in 2002 that requires a business or government agency that incurs a data breach to provide notice to the individual(s) whose information was compromised. More than 40 states have adopted similar legislation since that time, largely based on the California measure. "No one likes to get the news that information about them has been stolen," said Simitian, "but when it happens, people are entitled to get a notice they can understand, and that helps them decide what to do next." "The premise is simple," added Simitian. "What you don´t know can hurt you. Ignorance is not bliss. And you can´t protect yourself if you don´t know you´re at risk." Simitian said his latest proposal (SB 20), "is designed to make a good law even better." California´s current security breach notification law (AB 700, Simitian -2002) requires notice to consumers when their information has been compromised, but does not require data holders to provide any standard set of information about the nature of the breach. SB 20 will enhance consumer knowledge about security breaches by requiring that the notification contain specified information, including the type of personal information breached and the date of the breach.

Cyber Security Training Overview The OISPP provides training and access to other training resources for government entities. These resources are collected from numerous sources. The OISPP will continue to update this web site as new training resources become available. * Information Security Leadership Academy * OISPP Security and Privacy Training * Free Online Training Resources * Other Free Training Resources Obtained Through the OISPP

Stay Online on the world wide web online roulette from Contemporary sydney, Fun and Free! Now you is capable of doing Actual "www.funlivecasino.com.au" Stay Online on the world wide web online roulette for Fun in Contemporary sydney on a product new web page, FunLiveCasino.com.au. Using the newest on the world wide web operating technology, Fun Stay Gambling house allows you be a part of a genuine action occurring on a genuine desk in a genuine betting house, all approved on Live! You can see other real gamers in the betting house betting on the same outcomes you do providing you greatest believe in in the outcomes as they are not designed 'just for you a, like other action experiencing items such as 'live studios' or pc designed actions. Its awesome to think next time your really in the betting house that you might be on digicam, and individuals on the world wide web might be watching! The long run is scary! Believe one day soon this will be the only way individuals would bet on the world wide web because the worldwide web is complete of fraudsters, you have to be extremely cautious, and why would you perform Online Online on the world wide web online roulette any other way except from a Actual Gambling house you can check out, see, pay attention to and trust! Amazingly this site is absolutely 100 % 100 % 100 % free and has no determining upon up process, no junk, no pc rabbit mouse mouse clicks and no pressure. Just Immediate Fun "www.funlivecasino.com.au" 100 % 100 % 100 % free Stay Roulette! Give it a try, its value verifying out! "www.funlivecasino.com.au"Australia's Online Fun Stay Casino! Backlinks designed from http://fiverr.com/radjaseotea/making-best-156654-backlink-high-pr

Laws in Canada and other countries are increasingly helping technology force people to identify themselves where they never had to before, threatening privacy that allows people to function effectively in society, a new study has found. "What we're starting to see is a move toward making people more and more identifiable," University of Ottawa law professor Ian Kerr said Wednesday. His comments followed the launch of Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society, a book summing up the study's findings, at a public reading in downtown Ottawa hosted jointly with the Privacy Commissioner of Canada. Kerr led the study with University of Ottawa criminology professor Valerie Steeves. They collaborated with 35 other researchers in Canada, the U.S., the U.K., the Netherlands and Italy. The researchers reported that governments are choosing laws that require people to identify themselves and are lowering judicial thresholds defining when identity information must be disclosed to law enforcement officials. That is allowing the wider use of new technologies capable of making people identifiable, including smartcards, security cameras, GPS, tracking cookies and DNA sequencing. Consequently, governments and corporations are able to do things like: * Embrace technologies such as radio frequency identification tags that can be used to track people and merchandise to analyze behaviour. * Boost video surveillance in public places. * Pressure companies such as internet service providers to collect and maintain records of identification information about their customers. While Canada, the U.K., the Netherlands and Italy all have national laws protecting privacy - that is, laws that allow citizens to control access to their personal data - such legal protection does not exist for anonymity, Kerr said. "Canada is quite similar [to other countries] with respect to anonymity. Namely, it's shrinking here just as it is there.

An insurance company seeking to challenge the authority of Canada's privacy legislation and the privacy commissioner in an auto injury case will have to go to the Federal Court to make its case, the New Brunswick Court of Appeal has ruled. In State Farm Mutual Automobile Insurance Company v. Privacy Commissioner of Canada and Attorney General Canada, State Farm argued that Canada's privacy regime does not apply to surveillance tapes the insurer commissioned following a motor vehicle accident in 2005. In March 2005, Jennifer Vetter, insured by State Farm, was involved in a motor vehicle collision with Gerald Gaudet. State Farm subsequently hired a lawyer in anticipation of litigation by Gaudet against Vetter. The insurer also hired private investigators that conducted video surveillance on Gaudet. Gaudet filed a request under Canada's privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), that State Farm turn over to him the personal information it had compiled, including copies of the surveillance reports and tapes. State Farm went to the New Brunswick Court of Queen's Bench asking for "declaratory" relief on several issues. Among other things, the insurer asked for a court order declaring that PIPEDA did not apply to information obtained in a bodily injury damages claim. It also asked the court for an order confirming that the privacy commissioner had no right or authority to compel State Farm to turn over the documents. The privacy commissioner asked for a stay of proceedings in the New Brunswick court, arguing that the authority of the privacy commissioner was a matter for the Federal Court (which has jurisdiction over federal legislation such as the PIPEDA). The New Brunswick Appeal Court noted both the provincial and federal courts have jurisdiction to hear cases about the constitutionality of federal legislation. But only the Federal Court could determine the outcome of a direct challenge to the authority of the p

The Office of the Privacy Commissioner of Canada (OPC) has developed these guidelines to explain how the Personal Information Protection and Electronic Documents Act (PIPEDA) applies to transfers of personal information to a third party, including a third party operating outside of Canada, for processing. As the legislation itself states, PIPEDA is intended to "support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances…" This acknowledges that proper protection of personal information both facilitates and promotes commerce by building consumer confidence. Today's globally interdependent economy relies on international flows of information. These cross-border transfers do raise some legitimate concerns about where personal information is going as well as what happens to it while in transit and after it arrives at some foreign destination. Consumer confidence will be enhanced, and trust will be fostered, if consumers know that transfers of their personal information are governed by clear and transparent rules. There are different approaches to protecting personal information that is being transferred for processing. European Union member states have passed laws prohibiting the transfer of personal information to another jurisdiction unless the European Commission has determined that the other jurisdiction offers "adequate" protection for personal information.

Is it a violation of privacy that should be banned or a tool necessary to keep the internet running? Canada's privacy commissioner has opened an online discussion on deep packet inspection, a technology that allows internet service providers and other organizations to intercept and examine packets of information as they are being sent over the internet. "We realized about a year ago that technologies involving network management were increasingly affecting how personal information of Canadians was being handled," said Colin McKay, director of research, education and outreach for the commissioner's office. The office decided to research those technologies, especially after receiving several complaints, and realized it was an opportunity to inform Canadians about the privacy implications. Over the weekend, the privacy commissioner launched a website where the public can discuss a series of essays on the technology written by 14 experts. The experts range from the privacy officer of a deep-packet inspection service vendor to technology law and internet security researchers. The website also offers an overview of the technology, which it describes as having the potential to provide "widespread access to vast amounts of personal information sent over the internet" for uses such as: * Targeted advertising based on users' behaviour. * Scanning for unlawful content such as copyright or obscene materials. * Intercepting data as part of surveillance for national security and crime investigations. * Monitoring traffic to measure network performance.

California regulators have fined Kaiser Permanente Bellflower (Calif.) Medical Center $250,000 for failing to keep workers from peeking at the electronic health records of Nadya Suleman, who gave birth to octuplets at the hospital in January. The fine is the first under a new state law, which took effect in January, aimed at protecting patient medical records at hospitals and carries the maximum penalty allowable. Twenty-three unauthorized staff and physicians accessed the medical records, including some at other Kaiser facilities. Seven people viewed the records more than once, according to the California Public Health Department, which licenses hospitals in the state. Kaiser fired one person who peeked at Suleman's records, 14 others resigned and eight were disciplined.

An insider at the California Water Service Company in San Jose broke into the company's computer system and transferred $9 million into offshore bank accounts and fled the country. Abdirahman Ismail Abdi, 32, was an auditor for the water company, which delivers drinking water throughout the state and is located in San Jose, Calif. Abdi resigned from his position on April 27. Allegedly, that night he went back to work and made three wire transfers totaling more than $9 million from the company's accounts to an account in Qatar. Abdi was seen by a janitor on the night of the crime, according to the San Jose Mercury News, citing court documents filed Wednesday in the federal court at San Jose. The next morning, the water company discovered what had been done and worked with their bank to have the money returned to their account. The company notified police, who are currently investigating the case, Jose Garcia, public information officer at the San Jose Police Department, told SCMagazineUS.com on Friday.

Internal controls failure.

Facebook has agreed to make changes to better protect users' personal information on the social networking site and comply with Canadian privacy laws within one year, Canada's privacy commissioner said Thursday. "These changes mean that the privacy of 200 million Facebook users in Canada and around the world will be far better protected," said privacy commissioner Jennifer Stoddart.

In order to comply with Canadian privacy law, Facebook must take greater responsibility for the personal information in its care, the Privacy Commissioner of Canada said today in announcing the results of an investigation into the popular social networking site's privacy policies and practices. "It's clear that privacy issues are top of mind for Facebook, and yet we found serious privacy gaps in the way the site operates," says Privacy Commissioner Jennifer Stoddart. The investigation, prompted by a complaint from the Canadian Internet Policy and Public Interest Clinic, identified several areas where Facebook needs to better address privacy issues and bring its practices in line with Canadian privacy law. An overarching concern was that, although Facebook provides information about its privacy practices, it is often confusing or incomplete. For example, the "account settings" page describes how to deactivate accounts, but not how to delete them, which actually removes personal data from Facebook's servers. The Privacy Commissioner's report recommends more transparency, to ensure that the social networking site's nearly 12 million Canadian users have the information they need to make meaningful decisions about how widely they share personal information.

How does technology affect my privacy? Most of us have things we want to keep private - from our parents and teachers, from our siblings, from our friends. We all know that it's important not to leave a personal journal or a student card lying around in plain view. But have you ever wondered about how technology affects your privacy? Think about the technology that you use every day - to connect with your friends, to chat online, to download your favourite music. Did you know that technologies like these can be used to monitor your behaviour online? And that this private information can be stored and sold, often without you ever knowing about it? Why should I care? Because all these new technologies can have a significant impact on your personal privacy. And if you know how to use them properly you can control your private information - and make it more difficult for others to use your information without your permission. What do I really know about my privacy? Check out this privacy quiz and find out!

Goodwin Procter Experts Discuss Data Privacy and Security Best Practices at IAPP Privacy Academy BOSTON, Sept. 15 /PRNewswire-USNewswire/ -- According to a new survey conducted by Goodwin Procter LLP and the International Association of Privacy Professionals (IAPP), companies face three significant challenges - cost, time and number of vendors involved - in complying with new data security rules issued by the Commonwealth of Massachusetts earlier this year. The Commonwealth of Massachusetts has issued rules, which take effect on March 1, 2010, that impose significant data security requirements on entities possessing personal information of state residents, including entities based outside Massachusetts. The intent of the rules is to protect sensitive data and safeguard the public's privacy.