Group items tagged

Mixed receptionThe state hopes changes to Massachusetts' data privacy regulation plan will calm business community fears over the cost of the new controls, but watchers of the process say the government may have made things worse. One thing seems certain: the recent changes aren't likely to be the last word on regulating sensitive data in the Bay State. The regulations mandate all "personal information" belonging to Massachusetts residents be encrypted whenever it is stored on portable devices, transmitted wirelessly or shared on public networks. Changes enacted just in time to beat a deadline of Thursday, Feb. 12, pushed the effective date back eight months, from May 1 to Jan. 1, 2010. They also removed a requirement that businesses certify third-party vendors' compliance. The latter move was aimed to address an issue raised in a public hearing with business leaders held Jan. 15 at the State House. The change was designed to make the third-party regulations more adaptable to companies of various sizes and business models, said Massachusetts Consumer Affairs undersecretary Daniel Crane.

The Office of the Privacy Commissioner of Canada (OPC) has developed these guidelines to explain how the Personal Information Protection and Electronic Documents Act (PIPEDA) applies to transfers of personal information to a third party, including a third party operating outside of Canada, for processing. As the legislation itself states, PIPEDA is intended to "support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances…" This acknowledges that proper protection of personal information both facilitates and promotes commerce by building consumer confidence. Today's globally interdependent economy relies on international flows of information. These cross-border transfers do raise some legitimate concerns about where personal information is going as well as what happens to it while in transit and after it arrives at some foreign destination. Consumer confidence will be enhanced, and trust will be fostered, if consumers know that transfers of their personal information are governed by clear and transparent rules. There are different approaches to protecting personal information that is being transferred for processing. European Union member states have passed laws prohibiting the transfer of personal information to another jurisdiction unless the European Commission has determined that the other jurisdiction offers "adequate" protection for personal information.

Top House and Senate Democrats are working on legislation that would prevent online marketers from sharing Web-surfing information unless Internet users allowed them to. That's according to House Communications, Technology and the Internet Subcommittee chairman Rick Boucher (D.-Va.), who told Multichannel News that such a bill was in the works and was one of his top legislative priorities. The issue of online behavioral marketing has gained traction recently, spurred by privacy concerns and by media companies' need to find new ways for advertisers to reach aggregated audiences at a time of fragmented viewing and multiplying delivery platforms. Boucher's predecessor atop the committee, Rep. Edward Markey (D-Mass.), held a hearing last fall on the issue and helped quash a test by ad-tracking company NebuAd and cable operator Charter Communications. In an interview, Boucher said he was teaming with Reps. Cliff Stearns (R-Fla.), ranking member of his subcommittee, and Joe Barton (R-Texas), ranking full committee member, on a bill that would apply "across the board" to behavioral advertising and data collection by Web sites. "The goal would be to give the Internet user a sense that information about him that is collected by Web sites is well understood by the user, so he has an opportunity to know what is collected," Boucher said. "He would then have an opportunity to act in a way that prevents that Web site using that information to market him personally, and an even broader opportunity to prevent the transfer of that information about him to third parties." Boucher envisions a combination of opt-in and opt-out requirements. "Opt-in would apply where the information is conveyed to third parties," he said, while "opt out would apply where the Web site that collects the information is using that information directly to market the customers from whom it is collected." Center for Digital Democracy executive director Jeff Chester was please

There is an old axiom in marketing circles that it costs more money to acquire new customers than to retain and service your old ones. In this precarious financial environment, the focus for many companies is now on keeping the existing customers satisfied, rather than worrying only about adding new ones to the fold. Since the business environment has slowed for now, showing your clients additional "value added" services rather than simply a lower price, for example, will be critical. Companies should be taking an introspective look for differentiating factors in the areas of security and privacy "value," and how they can leverage what they uncover - a competitive advantage. How can an organization best position their privacy and security programs to be used as a competitive advantage? First, of course, you need to ensure that your privacy and security program is robust, well-tested, formally documented and meets or exceeds whatever legislation that your company is subject to or regulated against. It is also important to give your customers a point of reference about the validity of your programs so they easily translate the value into a currency they recognize. Further, you should take advantage of any other internal and external audits, assessments and oversights that you can reasonably share with external parties by crafting the results of these documents as a consumable for external parties. It has been my experience that clients, especially their security teams, really appreciate this effort. Another innovative way to deliver a competitive advantage today is in the realm of vendor management. This discipline is quickly becoming an increasingly high-profile topic of discussion and interest between clients, customers and their service providers. The onus is on you anyway to demonstrate oversight of your third-party service provider(s). This is where you should also have the "value add" conversation and validate why your clients placed their trus

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

The French parliament on Thursday voted down an Internet piracy law, which had largely been expected to pass. The "Creation and Internet" law, which won the preliminary approval of the parliament last week, would compel Internet service providers to take graduated actions against customers accused of illegally downloading copyrighted material. After warning a customer against such actions for a third time, an ISP could suspend the person's Internet access for up to a year. Because the bill was expected to pass, few members of parliament were present for the final vote on the bill, according to the Associated Press. Opponents of the legislation, led by the Socialist party, rejected the measure by a vote of 21 to 15. The legislation had the support of the ruling UMP party, to which President Nicolas Sarkozy belongs, as well as the support of the Recording Industry Association of America. Backers of the bill intend to re-introduce an amended version within the coming weeks, according to reports. The entertainment industry has suggested to the United States' Congress that it should consider adopting European methods of combating copyright infringement. The United States, members of the European Union, and other countries may also consider making ISPs liable for infringement through international treaties.

making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445

On Wednesday, February 11, 2009, the Data Protection Working Party, an independent European advisory body on data protection and privacy, released its Working Document 1-2009 (.pdf) on pre-trial discovery for cross border civil litigation. The Working Document attempts to reconcile the tension between U.S. discovery rules and the European Union's Directive 95/46/EC (.pdf), which outlines the EU's privacy requirements. What follows is a summary of the Working Document and an analysis of how it begins to bridge the gap between U.S. discovery rules and the European privacy framework. The Working Document offers guidance to EU data controllers responding to U.S. discovery requests. As the Working Document explains, those controllers often find themselves in a bind. On the one hand, U.S. law allows for broad discovery, which may require a controller to provide, or "process," personal data of customers or employees. On the other hand, Article 7 of EU Directive 95/46 limits a member state's authority to process such data. Under Article 7, a member state may process personal data only if one of six identified grounds for processing applies. The Working Document considers the Article 7 grounds most likely to supply a legitimate basis for compliance with a discovery request - namely 1) consent, 2) necessary for compliance with a legal obligation, and 3) necessary for the purposes of a legitimate interest, where such interests are not "overridden by the interests for fundamental rights and freedoms of the data subject." Recognizing that the "interests of justice would be served by not unnecessarily limiting the ability of an organisation to act to promote or defend a legal right," the Working Document suggests that the third basis - necessary for the purposes of a legitimate interest - will often provide a ground for processing data in response to a U.S. discovery request.

"Beginning next week, the FTC will hold a series of public roundtables covering the growing number of challenges to consumer privacy on the Internet. Dubbed "Exploring Privacy," the daylong discussions will focus on "the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses." Hold that yawn. Behavioral tracking and ad targeting have everything to do with the pesky "Warning!" pop-up blinking behind your browser window right now. The one that could shatter your online privacy. In advance of the roundtables, Fast Company spoke with online privacy advocates Jules Polonetsky, co-chair and director of the Future of Privacy Forum, and Ari Schwartz, vice president and chief operating officer of the Center for Democracy and Technology. Below, Polonetsky and Schwartz highlight five of most nefarious techniques used to trick and track you." 1. "Malvertising Gangs" 2. Flash Cookies 3. "Cookie appends" 4. Personal Health Data 5. ISP Tracking

"The Federal Trade Commission will host a series of day-long public roundtable discussions to explore the privacy challenges posed by the vast array of 21st century technology and business practices that collect and use consumer data. Such practices include social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses. The goal of the roundtables is to determine how best to protect consumer privacy while supporting beneficial uses of the information and technological innovation."

"Despite concerns from some privacy groups and U.S. lawmakers about behavioral advertising, most large advertising networks generally comply with a set of privacy and data-handling standards adopted by the Network Advertising Initiative a year ago, the NAI said in a report released Wednesday." ...NAI, whose members include Google, Yahoo and Advertising.com, should be praised for doing a compliance report after skipping it for several years, said Ari Schwartz, vice president and chief operating officer CDT. However, the group should consider using a third party to audit compliance of its privacy guidelines, instead of having NAI staff do the audits, he said. In addition, while NAI members appear to be following most of the guidelines, some of the privacy safeguards are "weak," including the data retention standard, he said. "There's no maximum for data retention -- they just have to state what their data retention policy is," Schwartz added. The NAI report doesn't lessen the need for new privacy laws, Schwartz said. Several online advertising networks are not members of NAI, and the recent public pressure has led to the NAI updating 8-year-old guidelines last year and issuing a compliance report for the first time in several years, although the group had promised regular reports, he said. "It seems that when there's regulatory pressure, they actually do comply with what they said they were going to do," he said. "We certainly wouldn't want to see any regulatory pressure lifted."

Worth a read. The story changes quite a bit from the top to bottom of the story.

Much of the privacy debate has focused on cookies and icons and not what really matters: the misuse or abuse of consumer data by third parties in the real world. I don't care whether I see behaviorally targeted ads so much as I don't want my health care or auto insurance to be impacted by sites I've visited and stuff I post online.

"The credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week, company officials said Monday. The company confirmed Monday in a blog post that several thousand Windows Live customers had their usernames and passwords exposed on a third-party site over the weekend. "Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," the post said. "As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts." Windows Live IDs let users gain entry into Hotmail, Messenger, Xbox LIVE, according to Microsoft. The usernames and passwords that were leaked may also be used for other Microsoft services, including the company's web-based Office program and the Skydrive online storage service. News of the breach spread early Monday, but it was unclear how the credentials were originally obtained."

As Forrest Gump said, "Stupid is as stupid does." The 2009 Verizon Business data breach investigation report confirmed what the 2008 report revealed -- attackers usually gain a foothold through stupid, basic errors. "In virtually all the cases, we found that lots of the things that were simple and straightforward, had they been deployed, would have stopped the attack," said Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions. "Simple things like changing the password from the word "password" on the system, those basic errors were somewhere, endlessly; they were everywhere." In fact, the 2009 Verizon Business Data Breach Investigations Report showed that 67% of the 90 confirmed data breaches that Verizon investigated last year revealed that kind of error, usually on a third-party system, often tangential to the heart of the enterprise. But they open the door to the good stuff: thousands or even millions of customer records.

Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa. www.killdo.de.gg

Do you know what your data did last night? Almost none of more than 27 million people who took the RealAge quiz realized that their personal health data was sold to drug companies, who in turned used that information for targeted e-mail marketing campaigns. There's a basic consumer protection principle at work here, and it's the concept of "unfair and deceptive" trade practices. Basically, a company shouldn't be able to say one thing and do another: sell used goods as new, lie on ingredients lists, advertise prices that aren't generally available, claim features that don't exist, and so on. RealAge's privacy policy doesn't mention anything about selling data to drug companies, but buried in its 2,400 words, it does say that "we will share your personal data with third parties to fulfill the services that you have asked us to provide to you." They maintain that when you join the website, you consent to receiving pharmaceutical company spam. But since that isn't spelled out, it's not really informed consent. That's deceptive. Cloud computing is another technology where users entrust their data to service providers. Salesforce.com, Gmail, and Google Docs are examples; your data isn't on your computer -- it's out in the "cloud" somewhere -- and you access it from your web browser. Cloud computing has significant benefits for customers and huge profit potential for providers. It's one of the fastest growing IT market segments -- 69% of Americans now use some sort of cloud computing services -- but the business is rife with shady, if not outright deceptive, advertising.

Last week, the government took another step toward closing a legal loophole in federal privacy and security rules for emerging Health 2.0 information technology applications by issuing proposed rules aimed at covering an estimated 900 companies and organizations offering personal health records and electronic systems connected to them. The Federal Trade Commission was careful to point out its new interim proposed rule on federal breach notification requirements for the developers of electronic PHR systems did not apply to covered organizations or their business associates as defined by the Health Insurance Portability and Accountability Act of 1996, heretofore the key federal privacy and security regulation. The FTC, operating under new authority given it by the American Recovery and Reinvestment Act of 2009, noted that its new rule seeks to cover previously unregulated entities that are part of a Health 2.0 product mix. FTC staff estimates that about 200 PHR vendors, another 500 related entities and 200 third-party service providers will be subject to the new breach notification rule. The staffers estimate that the 900 affected companies and organizations, on average, will experience 11 breaches each per year at a total cost of about $1 million per group, per year. Costs include investigating the breach, notifying consumers and establishing toll-free numbers for explaining the breaches and providing additional information to consumers. Pam Dixon, founder and executive director of the World Privacy Forum, said that this isn't the first involvement of the FTC in healthcare-related regulation, noting the consumer protection agency joined with the Food and Drug Administration in a joint statement on the marketing of direct-to-consumer genetic tests. The FTC also has worked in the field of healthcare competition. She noted the compliance deadline with the FTC's "red flag rules" on provider organizations that provide consumer credit to patients for installment payment

Wikipedia told the controversial U.K. advertising firm Phorm on Thursday not to spy on Wikipedia's users, saying the company's plan to monitor what sites people visit on the net invaded people's privacy. Wikipedia now joins Amazon.co.uk in opting out of the Big-Brother-esque marketing scheme and creating the possibility of a mass opt-out by the net's largest websites. Phorm wants to pay ISPs -- such as British Telecom -- to let it build marketing profiles of its subscribers by installing boxes inside the ISP that monitor every url users visit and every search they run. Using those profiles, Phorm can charge advertisers high rates to serve targeted ads. But in an email sent Thursday, Wikimedia.org told Phorm not to record anything about urls from domains it controls, ranging from Wikiquotes to Wikipedia -- one of the most popular sites on the net. Phorm operates an opt-out system for sites and ISP customers, but it would be virtually impossible to verify if the company actually complied with such requests. "The Wikimedia Foundation requests that our web sites including Wikipedia.org and all related domains be excluded from scanning by the Phorm / BT Webwise system, as we consider the scanning and profiling of our visitors' behavior by a third party to be an infringement on their privacy," the email read, according to a Wikimedia blog post.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

The Senate and House appear headed for a clash over competing visions of how to protect the privacy of patients' electronic medical records, with the House favoring strict protections advocated by consumer groups while the Senate is poised to endorse more limited safeguards urged by business interests. President Obama has called creation of a nationwide system of electronic medical records fundamental to health-care reform, and both chambers of Congress have included about $20 billion to jump-start the initiative as part of their stimulus bills. But as with much in the stimulus package, it is not just the money but the accompanying provisions that groups are trying to influence. The effort to speed adoption of health information technology has become the focus of an intense lobbying battle fueled by health-care and drug-industry interests that have spent hundreds of millions of dollars on lobbying and tens of millions more on campaign contributions over the past two years, much of it shifting to the Democrats since they took control of Congress. At the heart of the debate is how to strike a balance between protecting patient privacy and expanding the health industry's access to vast and growing databases of information on the health status and medical care of every American. Insurers and providers say the House's proposed protections would hobble efforts to improve the quality and efficiency of health care, but privacy advocates fear that the industry would use the personal data to discriminate against patients in employment and health care as well as to market the information, often through third parties, to generate profits.

The inability to discard worthless items even though they appear to have no value is known as compulsive hoarding syndrome. Ben Rothke explains why it's a bad habit in the world of IT security. The inability to discard worthless items even though they appear to have no value is known as compulsive hoarding syndrome. If the eccentric Collyer brothers had a better understanding of destruction practices, they likely would not have been killed by the very documents and newspapers they obsessively collected. While most organizations don't hoard junk and newspapers like Homer and Langley Collyer did, they do need to keep information such as employee personnel records, financial statements, contracts and leases and more. Given the vast amount of paper and digital media that amasses over time, effective information destruction policies and practices are now a necessary part of doing business and will likely save organizations time, effort and heartache, legal costs as well as embarrassment and more. In December 2007, the Federal Trade Commission announced a $50,000 settlement with American Mortgage Company of Northbrook, Illinois, over charges the company violated the FTC's Disposal, Safeguards, and Privacy rules by failing to properly dispose of documents containing consumers' credit and personally identifiable information. In announcing the settlement, the FTC put all companies on notice that it is taking such failures seriously. A $50,000 settlement might seem low when measured against the potential for financial harm to individuals as a result of the company's negligence, but in addition to the negative PR for American Mortgage, the settlement includes an obligation to obtain an audit, every two years for the next 10 years, from a qualified, independent, third-party professional to ensure that its security program meets the standards of the order. Any similar failures by this company during the next decade will be met with more severe punishment. That, indeed, is a

Affixing a dollar cost to a problem has immense benefit, and The Ponemon Institute goes to great lengths to arrive at the figures for its Annual Cost of a Data Breach Study. We painstakingly analyzed the financial impact a data breach has on a company by examining 43 different companies from a cross section of industries, all of which experienced a significant data breach affecting a range of data records representative of the norm. And knowing that a data breach may cost your company $6.65 million dollars may be all the information that is needed for a company to assign an appropriate budget to those tasked with information security. In 2008 the average total cost of a data breach was $6.65 million, up from $6.35 million last year and $4.54 in 2005. In 2008, the per-victim cost of a data breach was $202, up from $197 in 2007, and from $138 when the study was launched in 2005. Breaches involving a third party to which data had been outsourced bore a per-victim cost of $231, whereas self contained breaches bore a per-victim cost of $179. Breaches that were the result of a malicious act bore a per-victim cost of $225, whereas breaches that were the result of negligence bore a per-victim cost of $199. Breaches that were the result of a lost of stolen laptop computer bore a per-victim cost of $249, whereas breaches that did not involve a lost or stolen laptop computer bore a per-victim cost of $177. If the data breach was a first-time event for the company the per victim cost was $243, but if the company had experienced a breach previously the per victim cost was $192. The simple conclusion to these numbers is clear: the financial impact for a company that experiences a data breach is significant and rising. That finding alone may be alarming, but it seems to merely quantify what most people already knew to be true. The "wow" factor comes when you realize that we haven't simply identified the cost of an inevitable outcome, as if to tell the world, "buckle up and brac

Exactly one week after the Heartland Payment Systems (HPY) breach was first announced to the public, the first lawsuit has been filed against the payments processor. The class action lawsuit filed Tuesday by Chimicles & Tilellis LLP of Haverford, PA in the U.S. District Court for the District of New Jersey on behalf of Woodbury, MN resident Alicia Cooper, asserts that Heartland "made unreasonably belated and inaccurate statements concerning the breach." The complaint says Heartland does not appear to be offering any credit monitoring services or other relief to consumers affected by the breach. Chimicles & Tilellis' complaint also says in addition to the questionable timing of the announcement of its breach, (Read Heartland Class Action suit PDF) "there are materially misleading statements and omissions in Heartland's public description of the breach and its consequences." Heartland announced the breach in a press release on the same morning of President Barack Obama's inauguration. The law firm says it is suing on behalf of consumers whose sensitive financial information was compromised in the data breach at Heartland. The complaint raises a claim pursuant to the New Jersey Consumer Fraud Act, and asserts causes of action for negligence, breach of implied contract, breach of contracts to which Plaintiffs and Class members were intended third party beneficiaries, breach of fiduciary duty, and negligence. The payments processor did not disclose how many credit card account numbers were compromised as a result of the breach. Heartland is the fifth largest payment processor in the country and handles 100 million transactions per month for more than 250,000 small retailers, gas stations, restaurants and other small and midsized companies. The suit also states that Heartland only became aware of the breach after it was notified of patterns of fraudulent credit card activity by VISA and MasterCard. "Analysts have stated that the fact that Heartland did not detect th

It's time to comply. Nov. 1 is here, and financial institutions throughout the U.S. are still scrambling to meet their Identity Theft Red Flags Rule compliance deadline. For the past year, we've done what we can to guide your efforts with articles, interviews, research, webinars and white papers. You can see the fruits of our efforts here. These are the resources you need to ensure not just your own compliance, but that of your third-party service providers and key business partners. Within this special guide, please find: * A summary of the final rule and guidelines, including a listing of all 26 red flags; * A detailed look at the examination procedures for the new rule; * Insights from federal regulators and banking practitioners on what to expect post-Nov. 1; * Analysis of what compliance means to your institution and its customers for years to come.