Group items tagged

Heartland Payment Systems chief executive Robert Carr remembers what it felt like when he first heard about the massive data breach at his company earlier this year. "I wanted to throw up. It was devastating," says Carr, recalling how he felt upon realizing that one of his worst fears had come true. "People had asked me for years 'what keeps you awake at night' and I would keep telling them it was the fear of a data breach," he told Computerworld. Five months after Heartland announced what some think may be the biggest data breach ever, Carr is working over-time to limit the fallout from the incident, and the damage to the company's reputation.

To find out more about the survey, I asked Deloitte LLP chairman of the board Sharon Allen to provide some additional context. Given that my only risk-management concern early this week relates to thunderstorms off the coast of South Padre Island, I asked Sharon to step in as a guest blogger today. Here's what she sent me: When I was a high school student growing up in the small farming community of Kimberly, Idaho, little did I know that a song from that time could serve as an anthem for something happening in the workplace today. The Beatles' 1967 classic "Hello Goodbye" is a study in contrasts, as are the current attitudes about social media. Social media has arrived - and with it, employers and employees are singing very different songs about what constitutes appropriate social networking both on and off the job. Recently, I commissioned the third annual Deloitte LLP "Ethics & Workplace" survey. We polled 500 executives and 2,000 employees outside Deloitte. Our survey found that 60 percent of business executives believe they have a right to know how employees portray themselves and their organizations in online social networks. Perhaps because nearly three-fourths of the employees in our poll agreed that the use of social networks makes it easier to damage a company's reputation. However, more than half of employees polled say their social networking pages are not an employer's concern. That belief is especially true among younger workers, with nearly two-thirds of 18- to 34-year-old respondents stating that employers have no business monitoring their online activity.

New Englanders have a reputation for being taciturn, but when it comes to data Massachusetts takes the cake. No state loves its privacy more than the Bay State, which last year passed the nation's most exacting data privacy law, requiring companies to check off a honey-do list of steps designed to protect personal data belonging to commonwealth residents. Connecticut and Rhode Island preceded Massachusetts in joining the minority of states that have enacted proactive data privacy laws, requiring businesses to protect information like Social Security and credit card numbers. Maine, Vermont and New Hampshire, like nearly all states, have only reactive data laws, requiring companies to take certain steps - like reporting a breach to authorities - after data has been compromised. Rhode Island's law, passed in 2006, requires businesses that own or license Rhode Islanders' personal information to "provide reasonable security" for that data. Connecticut's law, passed shortly before Massachusetts enacted data privacy legislation last summer, requires businesses to create and publicly display a data protection policy, but does not specify what that policy should entail. The Connecticut and Rhode Island laws stop far short of the controversial requirements in Massachusetts, where new regulations are scheduled to take effect by January 2010. "They're not technically one-liners, but they're very general," Goodwin Procter LLP partner David Goldstone said of the Connecticut and Rhode Island statutes, which are similar to laws passed in Texas and California. "Essentially they say companies have to have reasonable protections in place."

Stay Online on the world wide web online roulette from Contemporary sydney, Fun and Free! Now you is capable of doing Actual "www.funlivecasino.com.au" Stay Online on the world wide web online roulette for Fun in Contemporary sydney on a product new web page, FunLiveCasino.com.au. Using the newest on the world wide web operating technology, Fun Stay Gambling house allows you be a part of a genuine action occurring on a genuine desk in a genuine betting house, all approved on Live! You can see other real gamers in the betting house betting on the same outcomes you do providing you greatest believe in in the outcomes as they are not designed 'just for you a, like other action experiencing items such as 'live studios' or pc designed actions. Its awesome to think next time your really in the betting house that you might be on digicam, and individuals on the world wide web might be watching! The long run is scary! Believe one day soon this will be the only way individuals would bet on the world wide web because the worldwide web is complete of fraudsters, you have to be extremely cautious, and why would you perform Online Online on the world wide web online roulette any other way except from a Actual Gambling house you can check out, see, pay attention to and trust! Amazingly this site is absolutely 100 % 100 % 100 % free and has no determining upon up process, no junk, no pc rabbit mouse mouse clicks and no pressure. Just Immediate Fun "www.funlivecasino.com.au" 100 % 100 % 100 % free Stay Roulette! Give it a try, its value verifying out! "www.funlivecasino.com.au"Australia's Online Fun Stay Casino! Backlinks designed from http://fiverr.com/radjaseotea/making-best-156654-backlink-high-pr

A former Miss West Virginia has won a $7.2 (NZ$12.6) million verdict against nine internet companies that tried to sell pornographic videos they falsely claimed featured her. A jury in US District Court in Clarksburg on Wednesday ordered each defendants to pay Allison Williams $800,000 for damaging the 2003 beauty queen's reputation and invading her privacy. Williams' attorney is appealing US District Judge Irene M. Kelley's decision to dismiss 28 other defendants in the United States, Australia, the Netherlands, Belgium, Cayman Islands, Canada and South Africa that allegedly took part in distributing the bogus videos. The videos surfaced in the fall of 2004. The videos show a woman that they claim to be, but isn't Williams, engaged in sex in the back of a television news truck.

Stay Online on the world wide web online roulette from Contemporary sydney, Fun and Free! Now you is capable of doing Actual "www.funlivecasino.com.au" Stay Online on the world wide web online roulette for Fun in Contemporary sydney on a product new web page, FunLiveCasino.com.au. Using the newest on the world wide web operating technology, Fun Stay Gambling house allows you be a part of a genuine action occurring on a genuine desk in a genuine betting house, all approved on Live! You can see other real gamers in the betting house betting on the same outcomes you do providing you greatest believe in in the outcomes as they are not designed 'just for you a, like other action experiencing items such as 'live studios' or pc designed actions. Its awesome to think next time your really in the betting house that you might be on digicam, and individuals on the world wide web might be watching! The long run is scary! Believe one day soon this will be the only way individuals would bet on the world wide web because the worldwide web is complete of fraudsters, you have to be extremely cautious, and why would you perform Online Online on the world wide web online roulette any other way except from a Actual Gambling house you can check out, see, pay attention to and trust! Amazingly this site is absolutely 100 % 100 % 100 % free and has no determining upon up process, no junk, no pc rabbit mouse mouse clicks and no pressure. Just Immediate Fun "www.funlivecasino.com.au" 100 % 100 % 100 % free Stay Roulette! Give it a try, its value verifying out! "www.funlivecasino.com.au"Australia's Online Fun Stay Casino! Backlinks designed from http://fiverr.com/radjaseotea/making-best-156654-backlink-high-pr

We all like to think our privacy is absolute. But if your job involves working across borders, you'll want to talk about privacy as a matter of degree rather than as an uncompromising right. Why? Not only do you want to be seen as someone who can get things done globally, but you also may personally want to be part of advancing social objectives that are arguably as important as privacy. Have you ever had to re-architect your global rollout of PeopleSoft or Lawson because of European Union privacy concerns? Or adjust how your company offers technical support to medical products sold in Europe? Have you ever been part of acquiring a failing European company where the privacy of employee data was a final sticking point? If you've seen projects with obvious social benefit get held up by seemingly minor data-related questions, then you might have been running up against this notion of "nothing trumps privacy." It's a popular idea. The half-billion people of Europe do view privacy as a human right. And they're not the only ones. As one of the first acts of the UN, Eleanor Roosevelt and the U.S. delegation in 1948 lobbied for the global adoption of the Universal Declaration of Human Rights(UNDHR), whose Article 12 states, "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation." With Europe and the UN using absolute-sounding language to describe a right to privacy, it's no wonder we have all of these delayed and downsized corporate projects. People are legitimately concerned about our sometimes reckless march into the Information Age, and they want to put some brakes on it. But does privacy trump all foes? I can think of at least six other equally important social objectives that regularly put limits on privacy: 1. Personal health. We all want to stay healthy - even when we lose the ability to communicate and give consent. Emergency-room personnel need access t

Legal woes may be next for Heartland Payment Systems, a payment processor that reported a major security breach this week. Depending on the results of the ongoing investigation, Heartland is likely to face the threat of litigation from issuing banks, merchants and consumers, says Scott Vernick, an attorney with Fox Rothschild LLP in Philadelphia, who specializes in data theft cases. "The businesses that use Heartland as a credit card processor, as well as thousands of consumers, will be anxiously watching for any negative impact, including harm to their business reputations, and the real possibility of identity theft or fraud," says Vernick. The fact that Heartland's systems were certified as being fully in compliance with data handling rules, called the PCI standards, raises questions about the efficacy of such standards. Hannaford Brothers grocery chain was likewise fully PCI compliant when it had 300 stores hacked and 4.3 million record swiped..... "This latest incident shows how, despite companies being compliant with regulations such as PCI, they are still a long way from being secure," says Mike Rothman, senior vice president of strategy at elQnetworks.

On Monday, U.K.-based digital rights organization Open Rights Group submitted an open letter to major online media players, urging them to prevent ISP-level behavioral targeting firm Phorm from tracking user interactions on their Web sites. The letter, sent to Google, AOL, Microsoft, Facebook, Yahoo, Amazon and Ebay, said, "[ORG] believes that it is clearly in your company's interest, it is in the interests of all of your customers, and it will serve to protect your brand's reputation, if you insist that the Phorm/Webwise system does not process any data that passes to or from your website." "We have received the letter and are giving it careful consideration from privacy and business perspectives," a spokesperson for AOL and its social network Bebo told ClickZ News. Similarly, in reference to the ORG correspondence, a Google spokesperson told ClickZ, "We've received the ORG's letter, but we're still considering the points they raised, so we don't have a response to make at this time." According to information published on the British Telecom Web site (one of Phorm's ISP-partners,) site owners can specifically request that their properties are not "scanned" by Phorm's technology, by contacting the firm directly. Phorm announced deals with three major U.K. ISPs over a year ago, but its technology is still yet to be fully deployed. BT has, however, carried out live trials of the platform with some of its customers. Phorm's CEO, Kent Ertugrul, claims that BT will implement his company's technology by the end of the year, but BT itself remains less committed to that timeline. Both AOL and Google have vested interests in the behavioral targeting space, although not in the controversial area of deep packet inspection (DPI), in which Phorm's technology lies. AOL-owned Tacoda targets ads based on users' activity across a range of partner sites, but does not directly intercept ISP-data. Google also announced this month that it will begin testing similar behavioral targe

Promoting Privacy And Free Speech Is Good Business This Guide will help you make smart, proactive decisions about privacy and free speech so you can protect your customers' rights while bolstering the bottom line. Failing to take privacy and free speech into proper account can easily lead to negative press, government investigations and fines, costly lawsuits, and loss of customers and business partners. By making privacy and free speech a priority when developing a new product or business plan, your company can save time and money while enhancing its reputation and building customer loyalty and trust.

Over the past six months, many of us have become desensitized to the staggering number and size of layoffs that continue to occur almost daily. But the reality for the IT industry is that layoffs have a different effect on those of us in the industry whose mission it is to protect the company's reputation, intellectual property, confidential data (both electronic and hard copy) and business operations. Knowledge Center contributor Gregory Shapiro outlines seven steps IT professionals can take to protect their company's data before a layoff is implemented. Unlike individual employee terminations, which are customarily unannounced and immediate, layoffs present a larger threat to corporations because they leave the door open to both intentional and unintentional data loss, leakage and integrity problems. When employees sense impending layoffs or are told in advance and kept on for a limited time to transition, that is when rumors and panic consume the employees. It's then that the company's sensitive data can be compromised. For this reason, the strategy for any corporation planning a layoff should include setting policies and making sure practices are in place to secure their sensitive data now. Steps to protect company data before a layoff is implemented

Ironic

Social networkig may seed malware spread. Education is still one of the most successful computer security tools

Websense CTO Dan Hubbard outlines four ways companies can protect their information from threats and compromise on the social Web. 1) Most Web Posts on Blogs and Forums are Actually Unwanted Content (Spam and Malware) As more and more people interact with each other on sites allowing user-generated content, such as blogs, forums and chat rooms, spammers and cybercriminals have taken note and abuse this ability to spread spam, post links back to their wares and direct users to malicious sites. Websense research shows that 85 percent of all Web posts on blogs and forums are unwanted content - spam and malware - and five percent are actually malware, fraud and phishing attacks. An average active blog gets between 8,000 and 10,000 links posted per month; so users must be wary of clicking on links in these sites. Click here to find out more! Additionally, just because a site is reputable, doesn't mean its safe. Blogs and message boards belonging to Sony Pictures, Digg, Google, YouTube and Washington State University have all hosted malicious comment spam recently, and My.BarackObama.com was infected with malicious comment spam.

How will Barack Obama's administration affect IT spending in the trenches, where technology decision makers are dealing with strapped budgets and a shaky economy? President Barack Obama's official campaign Web site is a model of how 21st century technology tools can boost a candidate's popularity, building significant buzz via blogs, IM applications and e-merchandising. And Obama's campaign wasn't confined to his own site either, because he chose to expand his presence on social networking sites like Facebook, MySpace, Eons and BlackPlanet. His images and words also constantly popped up at outlets such as Flickr, Digg and YouTube. All these efforts made Obama an accessible, immediate and appealing figure to both younger voters and older ones who regularly connect to the Internet. Ultimately, they energized his campaign and helped secure a decisive victory for the nation's first African-American president. Certainly, Obama enters the White House with a reputation as one of the most-if not the most-tech-savvy chief executives ever. For starters, he's created the position of a federal chief technology officer to oversee the future of information technology for government agencies.

"Medical records for about 15,500 Northern California Kaiser patients - about 9,000 of them in the Bay Area - were compromised after thieves stole an external drive from a Kaiser employee's car last month, Kaiser officials said Tuesday." Kaiser officials said the electronic device contained patients' names, medical record numbers and possibly ages, genders, telephone numbers, addresses and general information related to their care and treatment. No Social Security numbers or financial information was contained on the drive, and Kaiser officials said there's no evidence that the information has been used inappropriately. The device was not encrypted, but some of the information was password protected. Kaiser has sent letters to the 15,500 members and the employee, who Kaiser would not identify, has been fired.

Another hospital employee fired for inappropraite access of medical records. More damage to a medical group reputation because someone failed to get the message.

With so many workers being axed, the threat to sensitive customer, corporate, military information should be examined. Once workers leave with sensitive information, good luck controlling exposure. Cross International borders and the issue potentially expands into an national "incident" with dire consequences for corporate reputation. Protectionism vs Patriotism. Issues raised in the Great Depression revisited with more impact due to expansion of the economy to global status.

Microsoft Corp.'s plan to eliminate U.S. workers after lobbying for more foreigner visas is stirring resentment among lawmakers and employees. As many as 5,000 employees are being shown the door at Microsoft, which uses more H1-B guest-worker visas than any other U.S. company. Some employees and politicians say Microsoft should get rid of foreigners first. "If they lay people off, are they going to think of America first or are they going to think of the world first?" Chuck Grassley, a Republican Senator from Iowa, said in an interview. He sent a letter to Microsoft Chief Executive Officer Steve Ballmer the day after Microsoft announced the job cuts last month, demanding Ballmer fire visa holders first. Across the technology industry, some of the biggest users of H1-B visas are cutting jobs, including Intel Corp., International Business Machines Corp. and Hewlett-Packard Co. The firings at Microsoft, the world's largest software maker, came less than a year after Chairman Bill Gates lobbied Congress for an expansion of the visa program. Even before Microsoft announced the cuts, its first-ever companywide layoffs, comments on a blog run by an anonymous Microsoft worker angrily debated getting rid of guest workers first. The author of the Mini-Microsoft blog eventually had to censor and then completely block all arguments about visas, after the conversation "got downright nasty."

It's funny. Was it just a month ago that we were enjoying the holiday respite, wondering what 2009 would have in store for us? Mind you, I didn't have any delusions. After the breaches, news events and regulatory issues of 2008, I didn't think we were going to turn the calendar page and emerge in a new world of a healthy economy and soaring consumer confidence. But neither did I think, four weeks later, we'd already have our first major security breach of the year - Heartland Payment Systems (HPY) and that it would so dominate our industry's attention. I get it, though, why we're so enamored of this case. It speaks to our biggest fears, first of all, that unknown electronic assailants can sneak into our systems and pry away our customers' names and critical information. Then there's the unknown enormity - we truly don't know how big this breach was. And, finally, it hits home. For you, the banking institution, you're the one left replacing your customers' cards and explaining why. For me, the banking customer ... well, mine is one of the banks doing the explaining. Needless to say, we're monitoring accounts closely. So, we were among the first to break the Heartland story when it first broke last Tuesday, and we've continued to follow it closely. After the initial media surge, where we saw news outlets and solutions providers tripping over one another to opine over what they think happened to Heartland and what it all means, here is what I believe we've learned so far from the case: 1) The Damage Goes Far Beyond the Breach. Heartland execs absolutely did the right thing by stepping forward last week and saying "We were breached," but the company has suffered for it ever since. The market responded to the news by gutting the company's value from over $14 per share last Tuesday to a low of just under $8 this week. Reputationally, you just can't measure the damage - Heartland is now synonymous with "breach," and that's a tough tag to shake. Unable to answer quest

Better to settle with the FTC than get your company's reputation as consumer-friendly (deserved or not) dragged through the court of public opinion.

Sears Holdings has agreed to settle allegations it collected personal data from customers without adequate disclosures, the Federal Trade Commission said on Thursday. The FTC had accused Sears Holdings, created in 2005 with the merger of Sears and Kmart, of paying online customers $10 to allow the company to track their online browsing. But the FTC said Sears also collected information on non-Sears sites, such as online bank statements, drug prescription records and emails. "The software would also track some computer activities that were not related to the Internet," the FTC said in a statement. Sears did disclose all it would monitor in a lengthy user license agreement, but the FTC argued it was not enough. "The complaint charges that Sears' failure to adequately disclose the scope of the tracking software's data collection was deceptive and violates the FTC Act," the FTC said in a statement. Sears did not immediately reply to two telephone calls and one email seeking a comment. Under the settlement, Sears is required to destroy the data collected and make future disclosures more prominent.

Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute. The Ponemon survey (download PDF) of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap between CEOs and other senior managers concerning information security issues. For instance, 48% of CEOs surveyed said they believe hackers rarely try to access corporate data. On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis. The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives and are more confident that data breaches can be easily avoided. Ponemon found that CEOs tend to view data protection efforts as vital to maintaining good customer satisfaction levels and to the company's brand image. The other managers, however, were more likely to say that the most important role for data security efforts is to satisfy regulatory requirements. The survey also found that CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data. While eight out of 10 respondents said they believe there is one person responsible for data protection in their organization, there was a sharp difference of opinion on just who that person was. More than half of the CEOs said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way. And 85% of respondents said someone else would be held responsible for a data breach. "On the issue of accountability, we found that while people acknowledged that data breaches were a problem, very few people felt that if [their company] suffered a breach, they would be held responsible," said Larry Ponemon, founder of the Ponemon Institute.

Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute. The Ponemon survey (download PDF) of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap between CEOs and other senior managers concerning information security issues. For instance, 48% of CEOs surveyed said they believe hackers rarely try to access corporate data. On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis. The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives and are more confident that data breaches can be easily avoided. Ponemon found that CEOs tend to view data protection efforts as vital to maintaining good customer satisfaction levels and to the company's brand image. The other managers, however, were more likely to say that the most important role for data security efforts is to satisfy regulatory requirements. The survey also found that CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data. While eight out of 10 respondents said they believe there is one person responsible for data protection in their organization, there was a sharp difference of opinion on just who that person was. More than half of the CEOs said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way. And 85% of respondents said someone else would be held responsible for a data breach. "On the issue of accountability, we found that while people acknowledged that data breaches were a problem, very few people felt that if [their company] suffered a breach, they would be held responsible," said Larry Ponemon, founder of the Ponemon Institute.