Group items tagged

Mixed receptionThe state hopes changes to Massachusetts' data privacy regulation plan will calm business community fears over the cost of the new controls, but watchers of the process say the government may have made things worse. One thing seems certain: the recent changes aren't likely to be the last word on regulating sensitive data in the Bay State. The regulations mandate all "personal information" belonging to Massachusetts residents be encrypted whenever it is stored on portable devices, transmitted wirelessly or shared on public networks. Changes enacted just in time to beat a deadline of Thursday, Feb. 12, pushed the effective date back eight months, from May 1 to Jan. 1, 2010. They also removed a requirement that businesses certify third-party vendors' compliance. The latter move was aimed to address an issue raised in a public hearing with business leaders held Jan. 15 at the State House. The change was designed to make the third-party regulations more adaptable to companies of various sizes and business models, said Massachusetts Consumer Affairs undersecretary Daniel Crane.

Times are tough, and we all continue to hear about the heightened risk of the insider threat. Granted, unauthorized insider access to data has always been a concern. But the concern is increased now because of the tremendous changes that we are seeing in the economy. The term "disgruntled employee" now has a whole new meaning because there are more and more folks concerned about 'What if my job disappears? What kind of information can I keep? What kind of information can I have access to?' As one who's dealt with the insider threat, I have some questions of my own: What do you really mean by an insider? In our borderless world, the terms "insider" and "outsider" overlap. "Insiders" are not just employees and staff, but also service providers, business partners, consultants, contractors -- any number of parties who may work for companies we deal with. What do we really mean by an authorized versus an unauthorized insider? If you take a look at the Societe Generale situation, allegedly a fraud was committed by an authorized user with privileges he was not supposed to have. How? Well, the horribly overused cliché is that if you work with a company long enough, eventually you will have access to everything, and no one will know it. Bottom line: As people change jobs within a company, we are not good at updating their roles and responsibilities. If you look at all the efforts that have been spent on identity and access management products, the biggest challenge is trying to understand: What are the roles and responsibilities you are trying to apply to people? How do you develop these roles and responsibilities and how do group them? How do you really deal with people who have to change roles and responsibilities? How do you add and delete roles and responsibilities as people change jobs?

The fuss over Facebook's attempt to modify the contract with its millions of users has died down for the moment, and I haven't noticed any of my friends closing their account or even significantly changing their behaviour in protest despite the widespread coverage. The problem started in early February when Facebook updated the section on its site which establishes the legal agreement with its users. Like most people who use it I didn't notice the change, and even though Facebook clearly knows who I am and how to contact me I didn't get a message or see a notification in my news feed about it. This is pretty common practice on the web, where long legal contracts are agreed with a click of a mouse and sites update them at will because they contain a clause saying that you accept the changes if you carry on using the site. Term paper Unlike laws passed by Parliament, which have to be properly promulgated to those affected, contracts can evidently be changed without any proper notice.

When I initially speak with clients about, or lecture on the need for a structured organizational change management (OCM) program, a common question is whether simply having a communication plan to broadcast news about the change is a good substitute.

The row over the changes Facebook made to its terms has thrown the light on the rights people surrender when they sign up to use a website. It is likely though that until the row over Facebook's Terms and Conditions went public, few people knew what rights sites claim over the content that their members upload and share. "Less than 25% of users are making a specific point of going to the privacy settings and making changes," said Simon Davies, head of digital rights group Privacy International. Most, he said, are so keen to get using a site after registering that they do not take time to learn what will happen to any data that they are surrendering. Only later do they go back and adjust what happens to their data. "A lot of sites do have strong privacy controls," said Mr Davies. Tweaking these settings can help cut down on how much of a person's data is distributed. "It can make a difference," said Mr Davies, "particularly if the default is set in terms of maximum information flow." Blogger Amanda French looked through the pages where sites such as Facebook, MySpace, Flickr, YouTube and others spelled out their policies with regard to the data that members upload. Although the wording was different, she found that sites such as MySpace, Yahoo, Google and Twitter explicitly backed away from claiming ownership over uploaded content. A brief survey of Europe's Top 5 social sites found a similar situation. The text of the terms available on the UK sites of Facebook, Bebo, MySpace, Friends Reunited and Windows Live all back away from claiming ownership. By contrast, she wrote, the changes Facebook made to its terms were "extraordinarily grabby and arrogant".

Update on Feb. 18, 8:33 a.m.: Facebook is backing off changes to its terms of service, informing users on their official blog that they will remain intact. "Over the past couple of days, we received a lot of questions and comments about the changes and what they mean for people and their information," Facebook CEO Mark Zuckerberg writes in the blog. "Based on this feedback, we have decided to return to our previous terms of use while we resolve the issues that people have raised." To learn more, read our original post below. Facebook is having trouble dousing the flames in a firestorm over its trustworthiness. A recent change in its terms of use -- the legalese tacked onto the bottom of most websites -- has sparked concerns that the social networking giant plans to own all users' information forever. Founder and CEO Mark Zuckerberg claimed in a blog post Monday that "on Facebook people own and control their information." But privacy advocates still aren't satisfied. "I think in simple terms it's a tug of war over user data," says Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington. "People put information on a Facebook page to share with friends. But it's pretty much with the understanding that they're deciding what to post and who has access to it. Facebook, like any other company, is trying to obtain maximum commercial value from its users."

The dark figure of fraud drove the development of best practices at Memolink. I harnessed the fear of the unknown and used basic change management to gather support internally. I knew the approach would indefinitely change how we did business and alter our company's culture. Like many dot coms, my company has an entrepreneurial spirit, and like not-so-many dot coms, we have been in business for 15 years. The culture is well established and the work we do is exciting and fun. Would a company with an innovative and "don't-box-me-in" mentality openly receive a new set of standards and expectations? The implementation of the Best Practice approach required two important change management tactics: consistent messaging and constant and varied communication. It was not enough to tell associates that the proposed transition, which included separating processes that traditionally had been managed by a sales team, would benefit the company in the long term. The main component of the message had to be the "What's in it for me?" value proposition. At the time, the sales associates had nothing to gain, and, in fact, they would lose commission. For example, when my department rolled out the Best Practice approach to partner vetting, fewer partners would meet the standard and be accepted, which meant incremental commission loss for the sales team. Money matters create major stress and tension, so it was important that this conflict be addressed early in the implementation process. Management responded by restructuring commissions so that employee motivations were aligned with business goals. This move also made the adoption period for other processes and procedures shorter and less chaotic. In essence, align the money motivators and people will buy in more quickly. Associates were not reeling about their payment structure, but were they and other stakeholders, who were originally unaffected by the commission structure, truly behind the idea? In order to gain the

On November 1 and 2, 2007, the Federal Trade Commission will host a Town Hall entitled "Ehavioral Advertising: Tracking, Targeting, and Technology." The event will bring together consumer advocates, industry representatives, technology experts, and academics to address consumer protection issues raised by the practice of tracking consumers' activities online to target advertising - or "behavioral advertising." The Town Hall is a follow-on to a dialogue on behavioral advertising that emerged at a November 2006 FTC forum, "Tech-Ade," which examined the key technological and business developments that will shape consumers' core experiences in the coming ten years. In addition, several consumer privacy advocates, as well as the State of New York, recently sent letters to the FTC asking it to examine the effects of behavioral advertising on consumer privacy. The Town Hall will explore how the online advertising market, and specifically behavioral advertising, has changed in recent years, and what changes are anticipated over the next five years. Among other things, it will examine what types of consumer data are collected, how such data are used, what protections are provided for that data, and the costs and benefits of behavioral advertising to consumers. The Town Hall will also address what companies are disclosing to consumers and what consumers understand about the online collection of their information for use in advertising. In addition, the Town Hall will look at what regulatory and self-regulatory measures currently govern the practices related to online behavioral advertising, as well as anticipated changes in the behavioral advertising space in the future. The Commission invites interested parties to submit requests to be panelists and to recommend other topics for discussion. The requests should be submitted electronically to behavioraladvertising_requests@ftc.gov by September 14, 2007. The Commission asks interested parties to include a stat

"Facebook CEO Mark Zuckerberg has just written an open letter to Facebook users regarding a privacy overhaul that is due to hit the site in the next few weeks. Soon, users will be able to selectively choose, on a per-post basis, who can see the content they post to the site. Facebook is also going to remove regional networks entirely, largely because some of those networks (like China) consist of millions of users, which makes them useless from a privacy standpoint. If these changes sound familiar, it's because Facebook actually announced them way back in July. Zuckerberg also notes that Facebook now has 350 million users ? it has added a whopping 50 million of them in the last two and a half months. Alongside the regional network change, privacy controls will be simplified. As Facebook rolls out the new privacy settings, users will be presented with a page designed to walk them through the new options. Depending on your current privacy level, Facebook will make recommendations, though you'll be able to change them as usual. "

Today's post provides an example of an organizational change being discussed in many firms contemplating the use of social media, and its evolution to social business in a global economy. Adoption of "social" introduces new risks and opportunities to US corporations. The likelihood of doing business

Several years ago I was helping firms prepare for their first SOX (Sarbanes-Oxley) compliance audits. Following is one of the experiences I had training corporate executives, staff and even auditors about the benefit of selling change...

I walked into the Chief Information Officer's office, not k

Facebook has agreed to make changes to better protect users' personal information on the social networking site and comply with Canadian privacy laws within one year, Canada's privacy commissioner said Thursday. "These changes mean that the privacy of 200 million Facebook users in Canada and around the world will be far better protected," said privacy commissioner Jennifer Stoddart.

"We all know that Internet and communications technology is changing rapidly, creating huge opportunities for business innovation and individual self-expression. Most people are probably not aware, however, that privacy law is not evolving nearly as quickly. It is time to update legal protections to reflect the impact the digital revolution is having on modern life. Cloud computing -- a bit of tech-jargon meaning the use of remote servers to store and process data -- is a great example. The movement of personal and proprietary data off desktop computers and into "the cloud", which is made up of server farms and broadband connections, is a major disruptive trend in computing. Unless our laws change to account for cloud computing and other equally momentous technology developments, the Constitution's protection against unreasonable search and seizure will become a relic of the past. The federal law setting standards for government access to personal communications -- the Electronic Communications Privacy Act (ECPA) -- was written more than two decades ago, before the Internet took off. "

"Facebook founder Mark Zuckerberg told a live audience yesterday that if he were to create Facebook again today, user information would by default be public, not private as it was for years until the company changed dramatically in December. In a six-minute interview on stage with TechCrunch founder Michael Arrington, Zuckerberg spent 60 seconds talking about Facebook's privacy policies. His statements were of major importance for the world's largest social network - and his arguments in favor of an about-face on privacy deserve close scrutiny. Zuckerberg offered roughly 8 sentences in response to Arrington's question about where privacy was going on Facebook and around the web. The question was referencing the changes Facebook underwent last month. Your name, profile picture, gender, current city, networks, Friends List, and all the pages you subscribe to are now publicly available information on Facebook. This means everyone on the web can see it; it is searchable. I"

Zuckerberg should not be trusted with your personal data. The range of reader comments in response to this article are worth a read.

"Got an e-mail list of customers or readers and want to know more about each - such as their full name, friends, gender, age, interests, location, job and education level? Facebook has just the free feature you're looking for, thanks to its recent privacy changes. The hack, first publicized by blogger Max Klein, repurposes a Facebook feature that lets people find their friends on Facebook by scanning through e-mail addresses in their contact list. But as Klein points out, a marketer could take a list of 1,000 e-mail addresses, either legally or illegally collected - and upload those through a dummy account - which then lets the user see all the profiles created using those addresses. Given Facebook's ubiquity and most people's reliance on a single e-mail address, the harvest could be quite rich. Using a simple scraping tool, a marketer could then turn a list of e-mail addresses into a rich, full-fledged set of marketing profiles, with names, pictures, ages, locations, interests, photos, wall posts, affiliations and names of your friends, depending on how users have their profiles set. Run a few algorithms on that data and you can start to make inferences about race, income, sexual orientation and interests. While that information isn't available for all users, Facebook changed its privacy settings in early December so that certain information can't be made private, including one's name, current city, profile picture, gender, networks and friend list (the latter can be somewhat hidden from public view). Anyone with your e-mail address can harvest that information, the company admits."

Probably not limited to FaceBook

"Facebook tightens security as it deals with the continuing fallout over changes to its privacy settings." ...Earlier on May 13, Facebook had a meeting where employees asked executives questions about privacy. Facebook officials would not comment on exactly what was said. "We have an open culture and it should come as no surprise that we're providing a forum for employees to ask questions on a topic that has received a lot of outside interest," a spokesperson said.

Hey Zuck! Privacy & security are NOT the same thing. Misdirection is not the response FB users are seeking.

The European Commission started legal action against Britain on Tuesday for what the EU executive called a failure to keep people's online details confidential. EU Telecoms Commissioner Viviane Reding said the action related to how Internet service providers used Phorm (PHOR.L) technology to send subscribers tailor-made advertisements based on websites visited. Reding said Internet users in Britain had complained about the way the UK applied EU rules on privacy and electronic communications that were meant to prohibit interception and surveillance without the user's consent. "Technologies like Internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules," Reding said in a statement. "We have been following the Phorm case for some time and have concluded that there are problems in the way the UK has implemented parts of the EU rules on the confidentiality of communications," Reding said. She called on Britain to change its national laws to ensure there were proper sanctions to enforce EU confidentiality rules. Unless Britain complies, Reding has the power to issue a final warning before taking the country to the 27-nation EU's top court, the European Court of Justice. If it rules in favour of the European Commission, the court can force Britain to change its laws. (Reporting by Huw Jones, editing by Dale Hudson)

making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445

URAC, the leading health care accreditation and education organization, announced today the recent Healthcare Information and Management Systems Society (HIMSS) annual conference raised important questions about consumer privacy and security around electronic health records (EHR). (Logo: http://www.newscom.com/cgi-bin/prnh/20030501/URACLOGO ) "There is no doubt that electronic health records are coming. The question is whether or not consumers' privacy is a key issue or an afterthought," said Alan P. Spielman, President and CEO of URAC. "A lot of forces are driving the push for EHR. However, it is important that standards go hand-in-hand with policy so that it doesn't become the Wild West with every vendor and health care provider using different terms." The rules set by the Health Insurance Portability and Accountability Act (HIPAA) are integral to the widespread adoption of EHR. However, the rules can be confusing for consumers and providers. URAC was the first organization to offer HIPAA Privacy Accreditation. The organization now offers comprehensive standards for both HIPAA Privacy and HIPAA Security accreditation. These standards are applicable to all personal health information storage formats and exchanges claims transactions and are designed for many different types of health care organizations including both Covered Entities (CE) and Business Associates (BA). They also require an ongoing compliance program that identifies, tracks and makes the necessary changes in response to a federal or state regulatory change.

A court has handed Blockbuster a preliminary defeat in a potential class-action lawsuit filed as a result of its participation in Facebook's ill-fated Beacon ad program, which notified members about their friends' e-commerce activity. U.S. District Court Judge Barbara Lynn in Dallas ruled that the case could proceed in court even though Blockbuster's contract with users calls for any disputes to be heard by an arbitrator rather than in court, and also says that users waive their right to file a class action lawsuit. Lynn determined that Blockbuster's contract with users was "illusory" because the agreement said that movie rental store could change the terms and conditions at any time. A Blockbuster spokesperson declined to comment on the case or state whether the company will appeal. The decision is a blow to Blockbuster because individual consumers would have had a difficult time bringing cases one-by-one against the company. But the decision paves the way for attorneys to argue that all consumers affected by Blockbuster's participation in Beacon should be able to proceed as a class. Internet law expert Venkat Balasubramani said Lynn's decision invalidating Blockbuster's user agreement was potentially far-reaching because many Web companies reserve the right to make changes to their terms of service. "It seems broad and could have impact on the terms of service used by a lot of different companies," he said.

The global economic crisis has become the biggest near-term U.S. security concern, sowing instability in a quarter of the world's countries and threatening destructive trade wars, U.S. intelligence agencies reported on Thursday. The director of national intelligence's annual threat assessment also said al Qaeda's leadership had been weakened over the last year. But security in Afghanistan had deteriorated and Pakistan had to gain control over its border areas before the situation could improve. "The financial crisis and global recession are likely to produce a wave of economic crises in emerging market nations over the next year," said the report. A wave of "destructive protectionism" was possible as countries find they cannot export their way out of the slump. "Time is our greatest threat. The longer it takes for the recovery to begin, the greater the likelihood of serious damage to U.S. strategic interests," the report said. The report represents the findings of all 16 U.S. intelligence agencies and serves as a leading security reference for policymakers and Congress. Besides reviewing adversaries, it also considered this year the security impact of issues including climate change and the economy. It said a quarter of countries have already experienced at least "low-level" instability, such as government changes, linked to the economy.