Group items tagged

Cable operators will sit in the hot seat Thursday as Congress reviews their plans to roll out targeted advertising amid fears that consumer privacy could be infringed if the companies were to track and record viewing habits. The House subcommittee on Communications, Technology and the Internet will hold a hearing that will look at new uses for digital set-top boxes, the devices that control channels and perform other tasks on the TV screen. Cable TV companies plan to use such boxes to collect data and direct ads more targeted to individual preferences. "We have recently called on Congress and the Federal Trade Commission to investigate cable's new interactive targeted TV ad system on both antitrust and privacy grounds," said Jeff Chester, executive director of the Center for Digital Democracy. He's concerned about Canoe Ventures, a consortium formed by the nation's six largest cable companies to oversee the rollout of targeted and interactive ads nationally. Chester worries that Canoe will track what consumers do in their homes. Currently, cable companies aim their ads based strictly on geography. Now, cable's goal is to take the Internet's success with targeted ads and transfer that to the TV medium. Thus, a household that watches a lot of Nickelodeon and the Disney Channel eventually could be targeted for theme parks promotions. This type of targeting is something broadcast TV can't do. For starters, Canoe plans to offer ads this summer that consider demographic factors such as age and income. Philadelphia-based Comcast Corp. and Cablevision Systems Corp. of Bethpage, N.Y., also have been testing or rolling out targeted ads outside the consortium. But cable operators are wary about being seen as trampling on consumer privacy and reiterate that they don't plan to target based on any personally identifiable information, such as someone's name and address. Canoe said it doesn't have plans this year to use set-top box data for ads. Instead, the first ads it pl

In this video, Andre Gold, vice president and CISO of MoneyGram International, will discuss the basics of disaster recovery and business continuity planning, and define several general terms associated with disaster recovery and business continuity planning to help organizations develop a more accurate understanding. The text transcript of Gold's comments is included below. Andre Gold: Over the past four to five years, I've spent a lot of time in disaster recovery and business continuity planning as part of my role as the chief risk officer as well as the CISO for a couple major organizations. During that time, in working with those firms, I've had a greater appreciation of disaster recovery and business continuity planning, and I've learned that although BCP and DR are very important to firms, when its actually time to execute upon those respected strategies, many firms fail, and they fail fundamentally because they lose sight of the core elements of disaster recovery and business continuity planning. And with that, it's those core elements that we will be discussing today.

"Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events-whether an event might be a hurricane or simply a power outage caused by a backhoe in the parking lot. Management's involvement in this process can range from overseeing the plan, to providing input and support, to putting the plan into action during an emergency. This primer (compiled from articles in CSO magazine) explains the basic concepts of business continuity planning and also directs you to more CSO magazine resources on the topic."

The federal government would subsidize up to 65% of COBRA health insurance payments for many individuals who have lost their jobs since Sept. 1, 2008, under an $825 billion stimulus package unveiled by House Democrats. COBRA provisions are supported by health insurance groups, including America''s Health Insurance Plans and the National Business Group on Health. However, AHIP said other parts of the plan tying increased investment in health information technology to stricter scrutiny of how health IT records are handled would make it more difficult for plans to coordinate care and streamline administrative costs. Dubbed the American Recovery and Reinvestment Act, the House bill allocates $39 billion to aid individuals attempting to continue paying health insurance premiums through the 23-year-old Consolidated Omnibus Budget Reconciliation Act program. COBRA allows employees who are terminated or leave their jobs voluntarily to remain in their former employer''s group health plan for up to 18 months, which can be extended to 36 months for those with extenuating life circumstances. However, because COBRA enrollees can be charged up to 102% of the full cost of coverage, many find the plans prohibitively expensive and, according to Hewitt Associates Inc., only about 20% enroll. A recent report by the consumer group Families USA found monthly COBRA premiums for family coverage were $1,069, or 83.6% of the average monthly unemployment insurance benefit of $1,278. In nine states, average COBRA payments exceeded unemployment benefits, the group found. Health groups have been largely supportive of the proposal, with AHIP President Karen Ignagni writing in a letter to House Speaker Nancy Pelosi that the group believes the move would "help ensure continuity of coverage and serve as an important lifeline for many workers who do not qualify for Medicaid, but still need help paying their health insurance premiums."

You systems administrator knows more about you than you think.

More than one-third of information technology professionals abuse administrative passwords to access confidential data such as colleagues' salary details or board-meeting minutes, according to a survey. Data security company Cyber-Ark surveyed more than 400 senior IT professionals in the United States and Britain, and found that 35 percent admitted to snooping, while 74 percent said they could access information that was not relevant to their role. In a similar survey 12 months ago, 33 percent of IT professionals admitted to snooping. "Employee snooping on sensitive information continues unabated," Udi Mokady, CEO of Cyber-Ark, said in a statement. Cyber-Ark said the most common areas respondents indicated they access are HR records, followed by customer databases, M&A plans, layoff lists and lastly, marketing information. "While seemingly innocuous, (unmanaged privileged) accounts provide workers with the 'keys to the kingdom,' allowing them to access critically sensitive information," Mokady said. When IT professionals were asked what kind of data they would take with them if fired, the survey found a jump compared with a year ago in the number of respondents who said they would take proprietary data and information that is critical to maintaining competitive advantage and corporate security. The survey found a six-fold increase in staff who would take financial reports or merger and acquisition plans, and a four-fold increase in those who would take CEO passwords and research and development plans.

The intersection of dr/bc, privacy & security should be preservation of business value.

What are the key elements of disaster recovery (DR) planning and design? While there's no one-size-fits-all solution, a data asset inventory that includes conducting a data classification project and assessing the potential risk for disaster from within your company will help you protect all of your data resources. In broad terms, you need to determine the recovery point objective (RPO) and recovery time objective (RTO) for different parts of the business and put together an effective data protection plan to achieve this. You should start by performing a business impact analysis.

The private correspondence of millions of people who use social networking sites could be tracked and saved on a "big brother" database, under new plans being drawn up by the UK government. Ministers revealed yesterday that they were considering policing messages sent via sites such as MySpace and Facebook, alongside plans to store information about every phone call, e-mail and internet visit made by everyone in the United Kingdom. There was immediate uproar from opposition parties, privacy campaigners and security experts who said the plans were over-the-top and unworkable. There have long been proposals, following an European Union directive in the wake of the July 2005 bombings in London, for emails and internet usage to be tracked in order to guard against future terrorist attacks.

This week, the Government Accountability Office issued a report related to privacy and security issues at FDA and another report about the agency's plans to modernize its IT systems, Government Health IT reports. Privacy and Security Report On Monday, GAO released a report suggesting that FDA has not included sufficient privacy and security protections in its plans for a medical product safety monitoring system called the Sentinel Initiative. The system would use data from insurance companies, academic institutions, government agencies and health care providers to track the performance of medications and medical devices. According to the FDA Amendments Act of 2007, the initiative would have access to data from 25 million people by mid-2010 and 100 million people by mid-2012 (Foxhall, Government Health IT, 6/2). For the report, GAO conducted an audit of FDA's planning process for Sentinel from May 2008 to May 2009.

A third (34 per cent) of discarded hard disk drives still contain confidential data, according to a new study which unearthed copies of hospital records and sensitive military information on eBayed kit. The study, sponsored by BT and Sims Lifecycle Services and run by the computer science labs at University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the US, also found network data and security logs from the German Embassy in Paris on one purchased drive. Researchers bought 300 drives from eBay, other auction sites, second-hand stalls and car boot sales. A disk bought on eBay contained details of test launch routines for the THAAD (Terminal High Altitude Area Defence) ground to air missile defence system. The same disk also held information belonging to the system's manufacturer, Lockheed Martin, including blueprints of facilities and personal data on workers, including social security numbers. Lockheed Martin denies that the disk came from it. The arm manufacturer has launched an investigation that aims to uncover just how the sensitive data might have been wound up on the disk. Two discs bought in the UK apparently came from Lanarkshire NHS Trust, including patient medical records, images of X-rays and staff letters. Lanarkshire NHS Trust runs the Monklands and Hairmyres hospitals. In Australia, the exercise turned up a disk from a nursing home that contained pictures of actual patients and their wound photos, along with patient details. A hard disk from a US bank contained account numbers and details of plans for a $50bn currency exchange through Spain. Details of business transactions between the bank and organisations in Venezuela, Tunisia and Nigeria were also included. Correspondence between a member of the Federal Reserve Board and the unnamed banks revealed that one of the deals was already under scrutiny by the European Central Bank, and that federal investigators were also taking an interest. Yet anothe

Is your company keeping information secure? Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles: * Take stock. Know what personal information you have in your files and on your computers. * Scale down. Keep only what you need for your business. * Lock it. Protect the information in your care. * Pitch it. Properly dispose of what you no longer need. * Plan ahead. Create a plan to respond to security incidents. To learn more about how you can implement these principles in your business, play our interactive tutorial. You'll see and hear about practical steps your business can take to protect personal information. After you experience the tutorial, we hope you'll take advantage of the other resources on this site to educate your employees, customers, and constituents. Order copies of our brochure, Protecting Personal Information: A Guide for Business, or publish an article on information security in your newsletter, magazine, or website. All of the information on this site is in the public domain; we hope you'll share it freely.

"BlueCross and BlueShield of Tennessee is still scrambling to figure out how much of its members' personal information was put at risk in an Oct. 2 data breach in which 57 hard drives were removed from computer servers at a plan office in Chattanooga, according to a plan spokeswoman. In a telephone interview, Blues spokeswoman Mary Thompson said there were no signs of forced entry and the drives, which Thomson said were between the size of a large book and an 8-track tape cartridge, were taken from a set of active servers in a data storage cabinet. The removal, termed a theft by the plan, was not discovered until Oct. 5, Thomson said"

57 hard drives stolen from active servers and no one noticed? No sign of forced entry? Hmmmm.

Wal-Mart Stores is striding into the market for electronic health records, seeking to bring the technology into the mainstream for physicians in small offices, where most of America's doctors practice medicine. Wal-Mart's move comes as the Obama administration is trying to jump-start the adoption of digital medical records with $19 billion of incentives in the economic stimulus package. The company plans to team its Sam's Club division with Dell for computers and eClinicalWorks, a fast-growing private company, for software. Wal-Mart says its package deal of hardware, software, installation, maintenance and training will make the technology more accessible and affordable, undercutting rival health information technology suppliers by as much as half. "We're a high-volume, low-cost company," said Marcus Osborne, senior director for health care business development at Wal-Mart. "And I would argue that mentality is sorely lacking in the health care industry." The Sam's Club offering, to be made available this spring, will be under $25,000 for the first physician in a practice, and about $10,000 for each additional doctor. After the installation and training, continuing annual costs for maintenance and support will be $4,000 to $6,500 a year, the company estimates. Wal-Mart says it had explored the opportunity in health information technology long before the presidential election. About 200,000 health care providers, mostly doctors, are among Sam Club's 47 million members. And the company's research showed the technology was becoming less costly and interest was rising among small physician practices, according to Todd Matherly, vice president for health and wellness at Sam's Club. The financial incentives in the administration plan - more than $40,000 per physician over a few years, to install and use electronic health records - could accelerate adoption. When used properly, most health experts agree, digital records can curb costs and i

Many people are scaling back their summer vacation plans because of the current economic situation. Some are staying closer to home. Others may be taking shorter vacations. But it's important to remember that when you travel, your risk of exposure to fraud and identity theft may increase. It's a fact that people tend to let their guard down while on vacation. Criminals know this. Identity theft is often a crime of opportunity. Don't be a vacationer who presents a crook with that opportunity. Your personal information, credit and debit cards, driver's license, passport, and other personal information are the fraudster's target. A few minutes spent planning before you travel can help reduce the risk that a fraudster will ruin your vacation. Here are some tips to help you avoid any nasty surprises:

Being privacy saavy while on vacation - Priceless

"Consumers are often oblivious to the fact that some businesses share a great deal of their personal information with other businesses who deliver targeted behavioral advertising, says Anzen analysts Megan Brister and Jordan Prokopy. In an e-mail interview with IT Business Edge editor Lora Bentley, Brister and Prokopy say most consumers are just not aware of the business practices of companies that use personal information for profit. The Federal Trade Commission recently held meetings with consumer and privacy advocates, business and government leaders to discuss privacy, regulatory, and business issues of online behavioral advertising. It plans plan to ramp up efforts to protect consumers and possibly push for tougher legislation to protect consumers. One issue, Brister and Prokopy say, is the lack of transparency by companies that engage in behavioral advertising. These companies have been slow to adopt clear data-management policies and even when they do have policies, they are often written in language that is difficult to understand. Fortunately for consumers, some type of regulation appears to be on the way. The FTC appears eager to penalize businesses who lack transparency regardless of whether the consumer actually experienced any real negative effects as a result, Brister and Prokopy say."

Kaiser Permanente says that the personal information of 29,500 employees in Northern California may have been exposed in a security breach. "A handful" of employees have reported identify theft, the Oakland, Calif.-based managed-care giant said. Police in San Ramon, Calif., seized a computer file containing the employee information from a suspect who was arrested. The suspect was not a Kaiser Permanente employee, and officials declined to provide further details. The file contained the names, addresses, phone numbers, Social Security numbers and dates of birth of the Kaiser workers. No health plan member information or personal health information was involved in the data breach, according to Kaiser officials. "We regret that this unfortunate incident occurred, and we understand the anxiety and worry that some employees may feel," said Gay Westfall, senior vice president for human resources at Kaiser Foundation Health Plan and Hospitals, Northern California, in a written statement. Kaiser is providing one year of free credit-monitoring to workers whose information was in the file.

Current government rules do too little to protect the privacy of people's personal health information and also hinder the use of health data in medical research, a panel of experts reported on Wednesday. A committee of the Institute of Medicine, which provides advice to U.S. policymakers, urged Congress to take an entirely new approach to protecting personal health data in research. Federal standards for protecting privacy of personal health data under the Health Insurance Portability and Accountability Act of 1996, or HIPAA, are not doing the job, the panel said. Congress and the Obama administration are planning major changes this year to the U.S. health care system. Regarding the privacy rules, Congress should either start from scratch or thoroughly overall HIPAA's privacy provisions, the panel said. Better data security is needed, with greater use of encryption and other security techniques, the panel said. Encryption should be required for laptops, flash drives and other devices containing such data, it said. "Both privacy and health research are important. And we feel that we can strengthen privacy protections for people who participate in research while also allowing important research to proceed without unnecessary impediments," Dr. Bernard Lo of the University of California San Francisco, a member of the panel, told reporters. HIPAA governs how personally identifiable health information can be used and disclosed by health plans, health care providers and others. The intention is to protect personal health information while permitting the flow of information for health-related research and medical care. Lo said HIPAA has burdensome and confusing procedures for people to consent to have their health data used in medical research, dissuading people from taking part in such research.

70 percent of UK risk managers have declared that making sure the employees in their organization are risk savvy is their biggest challenge in light of new pitfalls according to research conducted by Aon. "The risks companies are facing, such as increased company insolvencies, less access to credit and increased levels of fraud, need to be dealt with by employees throughout the organization rather than just at senior management levels," said the bulletin. According to the survey of UK businesses the key risk management challenges they face in 2009 are: -- Embedding ERM in the culture of the organization 70 percent -- Keeping 'risk registers' real and relevant 47 percent -- Making the link between ERM and strategic planning processes 34 percent -- Gaining senior executive sponsorship 19 percent -- Making business continuity plans relevant to line managers 13 percent -- Credit rating agency scrutiny of ERM 6 percent Alex Hindson, head of enterprise risk management at Aon Global Risk Consulting commented: "When the markets are literally crashing down around us and we don't know what is just around the corner it is extremely tempting to focus just on the problems of today, rather than look at the issues and factors that are going to help us survive tomorrow, but this short term view can often be counter-productive.

While the recession injured many industries in 2008, health care was one of the few bright spots in the employment picture, growing by 372,000 jobs last year, according to the U.S. Bureau of Labor Statistics' January 2009 Employment Situation Summary. The large aging population has health care employers in need of qualified workers: stat. Therefore, despite the current economic conditions, health care employers will continue to increase staff in 2009, according to CareerBuilder.com's annual health care hiring forecast, conducted online within the U.S. by Harris Interactive. Close to one-in-five (17 percent) of large health care employers (50 or more employees) plan to increase the number of full-time, permanent employees in 2009, while 67 percent foresee either making no change in the number of employees or are unsure. Sixteen percent plan to decrease the number of employees. "The health care industry continues to boast high demand for qualified workers. Employers are reacting to this need by continuing strong recruiting efforts this year," says Jason Ferrara, vice president of corporate marketing for CareerBuilder.com. "Half of health care employers, the highest among industries we surveyed, have open positions for which they can't find qualified candidates. In response, health care employers will have to adjust their recruitment and retention strategies to find and keep top talent."

The Federal Trade Commission (FTC) is planning to regulate online viral marketing that uses blogs and social networking sites. Marketers are spending billions worldwide to get the endorsements of key bloggers and groups on social networking sites. One tactic, used by Microsoft and others, is to send products to bloggers on 'long-term loans' on the understanding that they will comment about them on their sites. AdvertisementUnder the new regulations being proposed, such bloggers would be legally liable if they make untrue statements about the products or services. The companies too would face sanctions. "This impacts every industry and almost every single brand in our economy, and that trickles down into social media," Anthony DiResta, an attorney representing several advertising associations, told The Financial Times. This is the first revision of the rules on this kind of advertising by the FTC since 1980 and is needed, according to the organisation, because new forms of communication have opened up new fields to marketing. "The guides needed to be updated to address not only the changes in technology, but the consequences of new marketing practices," said Richard Cleland, assistant director for the FTC's division of advertising practices. " Word-of-mouth marketing is not exempt from the laws of truthful advertising." Advertisers are resisting the changes, however, which threaten a highly effective form of marketing new products and services. "Regulating these developing media too soon may have a chilling effect on blogs and other forms of viral marketing, as bloggers and other viral marketers will be discouraged from publishing content for fear of being held liable for any potentially misleading claim," Richard O'Brien, vice president of the American Association of Advertising Agencies, said in an advisory to the FTC.

President Barack Obama's plan to overhaul U.S. infrastructure includes constructing a nationwide "smart grid" that promises to help address many of our current energy challenges. The smart grid plan offers the hope that it "will save us money, protect our power sources from blackout or attack, and deliver clean, alternative forms of energy to every corner of our nation." While these are noble societal goals, smart grid technologies and systems as envisioned also raise concerns about individual privacy rights. Part of what makes the smart grid "smart" is its ability to know a lot about the energy-consuming devices in our homes and to monitor activity for those devices to help determine when power should be used or limited. Such knowledge is useful in regulating power consumption to use energy more efficiently. In addition to reaching into homes to regulate devices, information about usage and activities could be extracted from homes. Home energy consumption patterns could be gathered and analyzed on a room-by-room and device-by-device basis to determine which devices are used and at what time of day. Although this sort of information may not be considered terribly invasive for some, for others anything that violates the sanctity of "home" may cause tremendous concern.