Group items tagged

What companies do you trust to guard your privacy? According to a Wednesday study from the Ponemon Institute and TRUSTe, eBay is the most trusted company for privacy, followed by Verizon and the U.S. Postal Service. Facebook, meanwhile, cracked the study's top ten for the first time. To reach its conclusions, Ponemon and TRUSTe first polled more than 6,000 adults on their "most trusted" brands. An expert review panel then compared those results against the companies' privacy statements, notices, to what levels they accessed account information, their cookie management, in- and out-of-network data sharing practices, and the availability of customer service staff. Of the top 10 companies, seven of them were technology-related. The entire list includes eBay, Verizon, the U.S. Postal Service, WebMD, IBM, Procter & Gamble, Nationwide, Intuit, Yahoo, and Facebook. "With the banking industry at the center of a national financial crisis, it's no surprise to see a loss of trust reflected in the rankings of even those top performers on this list," Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "Meanwhile, the continued strong showing of e-businesses such as eBay, WebMD, Yahoo, and Facebook seems to demonstrate consumers' growing comfort with doing business online."

To find out more about the survey, I asked Deloitte LLP chairman of the board Sharon Allen to provide some additional context. Given that my only risk-management concern early this week relates to thunderstorms off the coast of South Padre Island, I asked Sharon to step in as a guest blogger today. Here's what she sent me: When I was a high school student growing up in the small farming community of Kimberly, Idaho, little did I know that a song from that time could serve as an anthem for something happening in the workplace today. The Beatles' 1967 classic "Hello Goodbye" is a study in contrasts, as are the current attitudes about social media. Social media has arrived - and with it, employers and employees are singing very different songs about what constitutes appropriate social networking both on and off the job. Recently, I commissioned the third annual Deloitte LLP "Ethics & Workplace" survey. We polled 500 executives and 2,000 employees outside Deloitte. Our survey found that 60 percent of business executives believe they have a right to know how employees portray themselves and their organizations in online social networks. Perhaps because nearly three-fourths of the employees in our poll agreed that the use of social networks makes it easier to damage a company's reputation. However, more than half of employees polled say their social networking pages are not an employer's concern. That belief is especially true among younger workers, with nearly two-thirds of 18- to 34-year-old respondents stating that employers have no business monitoring their online activity.

The rise and fall of PRBC is a case study of the growing market for our personal financial data, where the incentives for helping consumers and making profits don't always align.

Online consumers thought to be motivated primarily by savings are, in fact, often willing to pay a premium for purchases from online vendors with clear, protective privacy policies, according to a new study in the current issue of a journal of the Institute for Operations Research and the Management Sciences (INFORMS®).

ABOUT two-thirds of Americans object to online tracking by advertisers - and that number rises once they learn the different ways marketers are following their online movements, according to a new survey from professors at the University of Pennsylvania and the University of California, Berkeley.

ABOUT two-thirds of Americans object to online tracking by advertisers - and that number rises once they learn the different ways marketers are following their online movements, according to a new survey from professors at the University of Pennsylvania and the University of California, Berkeley.

Following on the heels of Facebook's decision to rescind a highly controversial move to store all content posted on the social network, new data has emerged to support consumers' increasing alarm over online privacy. The vast majority--80.1%--of Web surfers are indeed concerned about the privacy of their personal information such as age, gender, income and Web-surfing habits, according to a survey of some 4,000 Web users administered and analyzed by Burst Media. More worrisome, perhaps, is the finding that privacy concerns are prevalent among all age segments, including younger demographics that are coming of age online. Still, privacy concerns do appear to increase with age, from 67.3% among respondents ages 18-24 to 85.7% of respondents 55 years and older. "Online privacy is a prevailing concern for web surfers," said Chuck Moran, vice president of marketing for Burst Media. The survey was administered by Burst with the purpose of better understanding how privacy is impacting Web users' experiences online, as well as its impact on advertisers. "Advertisers must take concrete actions to mitigate consumers' privacy concerns and at the same time continue to deliver their message as effectively as possible," Moran added. "In addition, and as recently seen in the news flare up regarding Facebook's privacy controversy, publishers need to be completely transparent about their privacy policies." Facebook recently changed its terms of use agreement, which gave the Palo Alto, Calif.-based company the ability to store user-posted photos and other content, even after it was deleted by users themselves. Earlier this week, however, the company reverted to a previous version of its legal user guidelines after thousands of members protested that Facebook was claiming ownership over the content. In addition, the Burst survey found that most Web users believe Web sites are tracking their behavior online. Three out of five--62.5%--respondents indicated it is likely that a W

Securing our Nation against cyber attacks has become one of the Nation's highest priorities. To achieve this objective, networks, systems, and the operations teams that support them must vigorously defend against external attacks. Furthermore, for those external attacks that are successful, defenses must be capable of thwarting, detecting, and responding to follow-on attacks on internal networks as attackers spread inside a compromised network. A central tenet of the US Comprehensive National Cybersecurity Initiative (CNCI) is that 'offense must inform defense'. In other words, knowledge of actual attacks that have compromised systems provides the essential foundation on which to construct effective defenses. The US Senate Homeland Security and Government Affairs Committee moved to make this same tenet central to the Federal Information Security Management Act in drafting FISMA 2008.

In May 2008, the Office of the National Coordinator for Health Information Technology (ONC) awarded an approximately $450,000 contract to Booz Allen Hamilton to assess and evaluate the scope of the medical identity theft problem in the U.S. Medical Identity Theft Medical identity theft is a specific type of identity theft which occurs when a person uses someone else's personal health identifiable information, such as insurance information, Social Security Number, health care file, or medical records, without the individual's knowledge or consent to obtain medical goods or services, or to submit false claims for medical services. There is limited information available about the scope, depth, and breadth of medical identity theft. Dr. Robert Kolodner, National Coordinator for Health Information Technology, has noted that medical identity theft stories are being documented at an increasing rate, bringing to light serious financial, fraud, and patient care issues. ONC recognizes that health IT is an important tool to combat the threat of medical identity theft. We are seeking input from the public and other government agencies to better understand how health IT can be utilized to prevent and detect medical identity theft as well as build consumer trust in electronic health information exchange. ONC believes it is imperative to obtain a more comprehensive understanding of this issue from a variety of perspectives, and to create an open forum for dialogue to work proactively to address medical identity theft. Medical Identity Theft final report. The report summarizing health IT and medical identity theft issues raised at the town hall was completed January 15, 2009 and sets forth potential actions the Federal government and other stakeholders can undertake in working toward prevention, detection, and remediation of medical identify theft.

The software vendor's commissioned research will be revealed during a panel discussion with leaders from the California Office of Privacy Protection, Intel, and MySpace. Wednesday, Jan. 28, 2009, is Data Privacy Day, and to mark the occasion, Microsoft is participating in a panel discussion in San Francisco with privacy experts from the California Office of Privacy Protection, the Center for Democracy and Technology, Intel (NSDQ: INTC), and MySpace. Better this week than last, when Heartland Payment Systems and Monster.com disclosed major malware-driven data breaches that promise privacy headaches or worse for affected account holders. It is such incidents that worry Peter Cullen, Microsoft (NSDQ: MSFT)'s chief privacy strategist, because of the impact they can have on consumer trust. "Trust is becoming increasingly important," he said. That's why Data Privacy Day exists. Microsoft and other organizations recognize that without trust, the online economy only gets worse for everyone. Cullen explained that Data Privacy Day represents a global opportunity for organizations and individuals to come together to discuss how to better educate consumers about data privacy issues. One way to advance the discussion, Cullen said, was to commission some research, which Microsoft did in two cities, in California and Texas. "We wanted to understand how different segments of consumers, from teens to professionals to boomers, thought about privacy," he said. "There were some rather interesting results that came out of this." "Our hypothesis is that across these three segments, there would be different ways of thinking about these things," said Cullen. "We were really surprised to learn there's a large degree of similarity in the way people think about privacy."

Since its inception, IT has focused on reducing costs through process automation and the implementation of applications. However, that is no longer enough to sustain competitive advantage in a rapidly changing world. Today, important business decisions depend on having up-to-date, trustworthy information. At the same time, you need to assess the internal and external risks involved in such decisions. This is not easy, which is why organizations need to build an Information Strategy to guide them

Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute. The Ponemon survey (download PDF) of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap between CEOs and other senior managers concerning information security issues. For instance, 48% of CEOs surveyed said they believe hackers rarely try to access corporate data. On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis. The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives and are more confident that data breaches can be easily avoided. Ponemon found that CEOs tend to view data protection efforts as vital to maintaining good customer satisfaction levels and to the company's brand image. The other managers, however, were more likely to say that the most important role for data security efforts is to satisfy regulatory requirements. The survey also found that CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data. While eight out of 10 respondents said they believe there is one person responsible for data protection in their organization, there was a sharp difference of opinion on just who that person was. More than half of the CEOs said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way. And 85% of respondents said someone else would be held responsible for a data breach. "On the issue of accountability, we found that while people acknowledged that data breaches were a problem, very few people felt that if [their company] suffered a breach, they would be held responsible," said Larry Ponemon, founder of the Ponemon Institute.

Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute. The Ponemon survey (download PDF) of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap between CEOs and other senior managers concerning information security issues. For instance, 48% of CEOs surveyed said they believe hackers rarely try to access corporate data. On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis. The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives and are more confident that data breaches can be easily avoided. Ponemon found that CEOs tend to view data protection efforts as vital to maintaining good customer satisfaction levels and to the company's brand image. The other managers, however, were more likely to say that the most important role for data security efforts is to satisfy regulatory requirements. The survey also found that CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data. While eight out of 10 respondents said they believe there is one person responsible for data protection in their organization, there was a sharp difference of opinion on just who that person was. More than half of the CEOs said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way. And 85% of respondents said someone else would be held responsible for a data breach. "On the issue of accountability, we found that while people acknowledged that data breaches were a problem, very few people felt that if [their company] suffered a breach, they would be held responsible," said Larry Ponemon, founder of the Ponemon Institute.

"For more than a decade, Web companies have said that behavioral targeting, or tracking people anonymously as they navigate around the Internet and then serving them targeted ads, doesn't harm users. On the contrary, they argue, such targeting benefits people by providing them with more relevant messages, and also lets marketers spend their ad dollars more efficiently. When privacy advocates complain about behavioral targeting techniques, industry executives tend to respond by condemning the critics as ivory-tower elitists. But new research is increasingly casting doubt on the idea that the average consumer doesn't care about behavioral targeting. "