Group items tagged

As if banks didn't have enough on their plates with compliance and regulation on the federal front, come May 1, they will have to be mindful of strict new rules coming from the Commonwealth of Massachusetts around data security. The Massachusetts Data Security Regulations are perhaps like no other in terms of their depth and scope. During a teleconference, attorneys from the privacy and data security practice of the law firm Goodwin Procter (Boston) described this very detailed, all-encompassing set of rules designed to keep consumers' personal data safe. They go beyond the rules of other states and the federal government that simply require companies to notify their customers of theft of their personal information. "Personal information," for the purposes of the regulation, is described as someone's first and last name or first initial and last name, in combination with Social Security Number, driver's license number or financial account number. At its core, the regulation states that companies, including banks, that handle the personal data of a Massachusetts resident must show they have in place a comprehensive, written information security program with heightened security procedures around how this information is handled. The rules also extend to entities' service providers and the degree to which they too much show they comply with the Massachusetts rules of handling data on residents. Companies have until May 1 to amend their vendor contracts to reflect this and until Jan. 1, 2010 to certify their vendors comply. Furthermore, companies must comply with these rules even if they do not have a single office in the Bay State or if they are in an already heavily regulated industry, like financial services. As long as customers in businesses' databases reside in Massachusetts, those companies are affected by the rules. According to partner Deborah Birnbach, this is some of the most intrusive legislation as it relates to the operation of businesses. "It requires

Complimentary Webinar: Managing Data Breach Litigation You are cordially invited to attend a complimentary Webinar hosted by Debix Titled: Managing Data Breach Litigation. Proskauer Rose, Partner, Tanya Forsheit, will discuss recent developments in data breach litigation and other privacy class actions. Tanya also will discuss lessons to be learned from recent decisions and what these court opinions mean for companies facing privacy litigation. Kroll Ontrack, Senior Managing Director, Alan Brill, will provide lessons learned from the field on litigation strategies. The presentation will include practical tips on avoid litigation, getting litigation dismissed or in the unfortunate scenario of a lawsuit, winning strategies. Debix, VP of Emerging Technologies, Julie Fergerson has been working with data breached organizations for over 10 years and will moderate the call.

On January 28, 2009, the United States, Canada, and 27 European countries celebrated Data Privacy Day together for the second time. Designed to raise awareness and generate discussion about data privacy practices and rights, Data Privacy Day activities in the United States have included privacy professionals, corporations, government officials, and representatives, academics, and students across the country. One of the primary goals of Data Privacy Day is to promote privacy awareness and education among teens across the United States. Data Privacy Day also serves the important purpose of furthering international collaboration and cooperation around privacy issues.

Stay Online on the world wide web online roulette from Contemporary sydney, Fun and Free! Now you is capable of doing Actual "www.funlivecasino.com.au" Stay Online on the world wide web online roulette for Fun in Contemporary sydney on a product new web page, FunLiveCasino.com.au. Using the newest on the world wide web operating technology, Fun Stay Gambling house allows you be a part of a genuine action occurring on a genuine desk in a genuine betting house, all approved on Live! You can see other real gamers in the betting house betting on the same outcomes you do providing you greatest believe in in the outcomes as they are not designed 'just for you a, like other action experiencing items such as 'live studios' or pc designed actions. Its awesome to think next time your really in the betting house that you might be on digicam, and individuals on the world wide web might be watching! The long run is scary! Believe one day soon this will be the only way individuals would bet on the world wide web because the worldwide web is complete of fraudsters, you have to be extremely cautious, and why would you perform Online Online on the world wide web online roulette any other way except from a Actual Gambling house you can check out, see, pay attention to and trust! Amazingly this site is absolutely 100 % 100 % 100 % free and has no determining upon up process, no junk, no pc rabbit mouse mouse clicks and no pressure. Just Immediate Fun "www.funlivecasino.com.au" 100 % 100 % 100 % free Stay Roulette! Give it a try, its value verifying out! "www.funlivecasino.com.au"Australia's Online Fun Stay Casino! Backlinks designed from http://fiverr.com/radjaseotea/making-best-156654-backlink-high-pr

Visit the Amazon.com site to buy a book online and your welcome page will include recommendations for other books you might enjoy, including the latest from your favorite authors, all based on your history of purchases. Most customers appreciate these suggestions, much the way they would recommendations by a local librarian. But, what if you visited an investment site, only to find advertising messages suggesting therapies for your recently diagnosed heart condition? Chances are that you would experience what Fran Maier calls the "creepiness" factor, a sense that someone has been snooping into a part of your life that should remain private. Maier is the Executive Director of TrustE, a nonprofit that sets guidelines for online privacy and awards a seal of approval to companies meeting those guidelines. She was a speaker at the recent Supernova conference, an annual technology event in San Francisco organized by Wharton legal studies and business ethics professor Kevin Werbach in collaboration with Wharton. Creepiness Factor The creepiness factor is a risk inherent in so-called behavioral targeting. This practice is based on marketers anonymously observing a user's behavior on the Internet and compiling a personal profile based on interests and behavior -- sites visited, searches conducted, articles read, even emails written and received. Based on their profiles, users receive advertising targeted specifically to them, regardless of where they travel on the web. Consumer advocates worry that online data collection and tracking is going too far. Marketing executives counter that consumers benefit from seeing advertising relevant to their interests and contend that relinquishing some personal data is a reasonable trade-off for free access to Internet content, much of it supported by advertising.

Every time you get online, your privacy comes under attack. Whether it's an overbearing End User License Agreement, contact forms, or just website cookies, there are literally millions of ways that you can let your private information slip away online. One of the best ways to fight invasions of your privacy is to get informed and learn how to prevent it. Read on to find advice, organizations, and other resources that can help you keep your privacy safe online. Guides & Articles These resources have specific advice and information for protecting your online privacy. 1. EFF's Top 12 Ways to Protect Your Online Privacy: Read this guide from the Electronic Frontier Foundation to learn how you can protect private information online. 2. Frequently Asked Questions about Online Privacy: Get answers to questions about online privacy and safety from this resource. 3. Is Your PC Watching You? Find Out!: This article from CNN will help you figure out if your privacy is being violated through your PC. 4. Nameless in Cyberspace: Anonymity on the Internet: Find out why the right to anonymity online is so important to have by reading this article. 5. Consumer Privacy Guide: The Consumer Privacy Guide offers a variety of resources and information for protecting your privacy online. 6. This Email Will Self-Destruct: Learn about email security measures that you can take to protect your privacy. 7. Anti-Spam Resources: Visit this guide to learn how to stop receiving junk email. 8. All About Internet Privacy and Security: Read this guide to learn about security terms and Internet privacy settings. 9. Online Privacy: The Complete Guide to Protect You: WebUpon's guide discusses steps you can take to protect your online privacy. 10. Social Networking and Safety Online: Read this guide to learn how to practice common sense on social networking sites. 11. Internet privacy: Wikipedia's entry on Internet privacy offers a broad view at staying private o

If you've been advertising online for a long time, you may have gone through stages: sticking with banner ads at first, and then going with search engine advertising, and maybe putting your ads on a publisher network belonging to a search engine or an advertising company. Most of the time you probably tried to put your ad in a matching context. That might be the wrong approach. I've written before about behavioral advertising, also known as behavioral targeting. You can read my first article about it here. If the topic of behavioral targeting intrigues you, you might also want to read about behavioral retargeting. Before I plunge into the content and focus of this article, though, let me give you a quick definition. Behavioral advertising is a form of online advertising that follows the user around. For example, a web surfer who has just priced some flights on an airline's website might be shown a travel-related ad when he surfs to the next website in which he's interested, which might be for the local pizza joint. The theory behind behavioral advertising is, in a sense, pretty simple. Most people are bombarded with ads most of the time, especially when web surfing. As a result, we tune them out. Because of the usual advertising practices, we might be better at tuning out ads that are in the same context as the content we're reading. In other words, someone reading content on a web site about where the best ski slopes are just might have completely ignored an ad for your lovely Aspen getaway. To rise above this clamor, it's necessary to hit web surfers with a surprise, something that doesn't fit the normal context. Think about it: aren't you more likely to stare at someone talking into a banana than a cell phone? That's the theory, but it's new enough that researchers and marketers are still doing surveys to prove or disprove it. The most recent one was conducted by BL Labs and released by ad network BlueLithium. You'd probably expect it to

making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445

Is your company keeping information secure? Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles: * Take stock. Know what personal information you have in your files and on your computers. * Scale down. Keep only what you need for your business. * Lock it. Protect the information in your care. * Pitch it. Properly dispose of what you no longer need. * Plan ahead. Create a plan to respond to security incidents. To learn more about how you can implement these principles in your business, play our interactive tutorial. You'll see and hear about practical steps your business can take to protect personal information. After you experience the tutorial, we hope you'll take advantage of the other resources on this site to educate your employees, customers, and constituents. Order copies of our brochure, Protecting Personal Information: A Guide for Business, or publish an article on information security in your newsletter, magazine, or website. All of the information on this site is in the public domain; we hope you'll share it freely.

DURING the Parliament session on Monday, MP of Ang Mo Kio GRC Ms Lee Bee Wah, asked the Minister of Information, Communications and Arts, Dr Lee Boon Yang, whether a comprehensive privacy law will be introduced to protect the privacy of individuals and their personal data. She also queried about the existing laws which are in place to protect people from spam mails and unauthorised sale of personal information, as well as protecting people whose photographs are posted on blogs and other new media platforms. Dr Lee's reply was: "The Government recognises the importance of data protection and the need to protect personal data. At the same time, we also appreciate the impact of data protection on businesses and the general public. I had previously informed the House that an Inter-Ministry Committee is reviewing Singapore's data protection regime. This review is on-going. We are currently looking into developing a data protection model that can best address Singapore's privacy concerns, commercial requirements and national interest. As data protection is a complex issue with extensive impact on all stakeholders, this review will take some time." With regards to unauthorised Use of personal data, he replied: "While there is currently no generic data protection law, it does not mean that there is no protection of personal data. In fact we have in place strict provisions in sectoral laws, such as the Banking Act and codes for medical professionals to protect sensitive financial and health information. There are also other industry codes of practices against the unauthorised use of personal information. For example, in the telecommunications sector, under the Telecom Competition Code, IDA requires licensees to take reasonable measures to prevent the unauthorised use of End User Service Information. A telecom licensee would be in breach of the Code if it shares with third parties its customers' information that was obtained from the use of its service, without the cust

Point by Marcus Ranum THERE'S AN OLD SAYING, "Sometimes things have to get a lot worse before they can get better." If that's true, then breach notification laws offer the chance of eventual improvements in security, years hence. For now? They're a huge distraction that has more to do with butt-covering and paperwork than improving systems security. Somehow, the security world has managed to ignore the effect voluntary (?) notification and notification laws have had in other fields-namely, none.We regularly get bank disclosure statements, stock plan announcements, HIPAA disclosures, etc.-and they all go immediately in the wastebasket, unread.When I got my personal information breach notification from the Department of Veterans Affairs, it went in the trash too. Counterpoint by Bruce Schneier THERE ARE THREE REASONS for breach notification laws. One, it's common politeness that when you lose something of someone else's, you tell him. The prevailing corporate attitude before the law-"They won't notice, and if they do notice they won't know it's us, so we are better off keeping quiet about the whole thing"-is just wrong. Two, it provides statistics to security researchers as to how pervasive the problem really is. And three, it forces companies to improve their security. That last point needs a bit of explanation. The problem with companies protecting your data is that it isn't in their financial best interest to do so. That is, the companies are responsible for protecting your data, but bear none of the costs if your data is compromised. You suffer the harm, but you have no control-or even knowledge- of the company's security practices. The idea behind such laws, and how they were sold to legislators, is that they would increase the cost-both in bad publicity and the actual notification-of security breaches, motivating companies to spend more to prevent them. In economic terms, the law reduces the externalities and forces companies to deal with the true costs of

What companies do you trust to guard your privacy? According to a Wednesday study from the Ponemon Institute and TRUSTe, eBay is the most trusted company for privacy, followed by Verizon and the U.S. Postal Service. Facebook, meanwhile, cracked the study's top ten for the first time. To reach its conclusions, Ponemon and TRUSTe first polled more than 6,000 adults on their "most trusted" brands. An expert review panel then compared those results against the companies' privacy statements, notices, to what levels they accessed account information, their cookie management, in- and out-of-network data sharing practices, and the availability of customer service staff. Of the top 10 companies, seven of them were technology-related. The entire list includes eBay, Verizon, the U.S. Postal Service, WebMD, IBM, Procter & Gamble, Nationwide, Intuit, Yahoo, and Facebook. "With the banking industry at the center of a national financial crisis, it's no surprise to see a loss of trust reflected in the rankings of even those top performers on this list," Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "Meanwhile, the continued strong showing of e-businesses such as eBay, WebMD, Yahoo, and Facebook seems to demonstrate consumers' growing comfort with doing business online."

Goodwin Procter Experts Discuss Data Privacy and Security Best Practices at IAPP Privacy Academy BOSTON, Sept. 15 /PRNewswire-USNewswire/ -- According to a new survey conducted by Goodwin Procter LLP and the International Association of Privacy Professionals (IAPP), companies face three significant challenges - cost, time and number of vendors involved - in complying with new data security rules issued by the Commonwealth of Massachusetts earlier this year. The Commonwealth of Massachusetts has issued rules, which take effect on March 1, 2010, that impose significant data security requirements on entities possessing personal information of state residents, including entities based outside Massachusetts. The intent of the rules is to protect sensitive data and safeguard the public's privacy.

A few weeks ago, I was very relieved to find out I had passed the IAPP exam to be a "Certified Information Privacy Professional" or CIPP. I got this certificate and even a pin, which is more than I ever got for passing the bar exams of New York and California. So what exactly did I need to know to become a CIPP? To be certified in corporate privacy law, you're expected to know what's covered in the CIPP Body of Knowledge, primarily major U.S. privacy laws and regulations and "the legal requirements for the responsible transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions." You're also expected to pass the Certification Foundation, required for all three certifications offered by IAPP. That covers basic privacy law, both in the U.S. and abroad, information security principles and practices, and "online privacy," which includes an overview of the technologies used by online companies to collect information and the particular issues to be considered in this context. So what do you think? Should you be able to pass an all-objective, 180 question, three-hour exam (counting the CIPP and Certification Foundation exams together) on the above topics and be able to call yourself a "privacy professional"?

Travelers arriving at U.S. borders may soon be confronted with their laptops, PDAs, and other digital devices being searched , copied and even held by customs agents -- all without need to show suspicion for cause. Notices are being proposed by the Privacy Office at the U.S. Department of Homeland Security (DHS), which last week released a report approving the suspicionless searches of electronic devices at U.S. borders. The 51-page Privacy Impact Assessment also supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so. Also, while in many cases searches would be done with the knowledge of the traveler in some situations, the report says, "it is not practicable for law enforcement reasons to inform the traveler that his electronic device has been searched." In arriving at the assessment, the Privacy Office argued that such searches of electronic devices were really no different from searches of briefcases and backpacks. They are needed to interdict and investigate violations of federal law at U.S. borders and have been supported by courts in the past, the assessment said.

The Federal Bureau of Investigation is expanding beyond its traditional fingerprint-focused collection practices to develop a new biometrics system that will include DNA records, 3-D facial imaging, palm prints and voice scans, blended to create what's known as "multi-modal biometrics." Slideshow: The changing face of biometrics How the Defense Department might institutionalize war-time biometrics "The FBI today is announcing a rapid DNA initiative," said Louis Grever, executive assistant director of the FBI's science and technology branch, during his keynote presentation at the Biometric Consortium Conference in Tampa. The FBI plans to begin migrating from its IAFIS database, established in the mid-1990s to hold its vast fingerprint data, to a next-generation system that's expected to be in prototype early next year. This multi-modal NGI biometrics database system will hold DNA records and more.

"I heard a rumor that I hope isn't true. Specifically, I heard that opting out of behavioral profiling may not stop advertising companies from tracking you as you travel across the Web. Rather, according to the rumor, in many cases you merely opt out of seeing the tailored ads your web history might otherwise trigger. The ability to opt out of behavioral profiling essentially underpins the argument for self-regulation by the industry. The idea is that (1) people like tailored ads and (2) those that worry about the practice, for instance, from a privacy perspective, can opt out of it. Setting aside the apparent frailty of cookie-based opt out (when you delete your cookies, you delete your opt out as well) and the availability of other means to track users (like flash cookies), this seems pretty straightforward and convincing. But what does "opting out" mean, exactly? A close look at the Network Advertising Initiative website, which offers an opt out tool on behalf of most major online advertisers, turns up no guarantee that opting out will stop a company from logging where a user has traveled."

"Forrester often gets inquiries such as, "What requirements should we keep in mind while developing our disaster recovery plans and documents?" and, "Which strategies work best for managing our disaster recovery program once it's in place?" "

A consumer reporting agency that failed to properly screen prospective customers and, as a result, sold at least 318 credit reports to identity thieves, has agreed to settle Federal Trade Commission charges that it violated federal law. Under the settlement, the company and its principal must ensure that they provide credit reports only to legitimate businesses for lawful purposes, use a comprehensive information security program, and obtain independent audits every other year for 20 years. The settlement also imposes a $500,000 penalty but suspends payment due to the defendants' inability to pay. According to the FTC, the defendants use sensitive financial data from other consumer reporting agencies to create reports that landlords use to assess potential renters. These reports contain consumers' names, Social Security numbers, birth dates, bank and credit card account numbers, credit histories, and other personal information. The Commission alleges that the company failed to properly screen new customers. The company allegedly requested only publicly-available information from applicants seeking credit reports, and it did not request supporting documentation to establish that an applicant was actually a landlord renting property. As a result, identity thieves posing as property owners were given an account with unlimited online access to credit reports, and the account was used to access at least 318 reports containing sensitive personal information. The FTC charged the defendants with violating the Fair Credit Reporting Act (FCRA) by furnishing credit reports to persons who did not have a permissible purpose to obtain them, and by failing to maintain reasonable procedures to prevent such impermissible disclosures and to verify their customers' identities and how they intended to use the information. The agency also charged them with violating the FTC Act by failing to employ reasonable and appropriate security measures to protect sensitive consumer inform

Enterprise role management is key in efficiently managing user access rights and enforcing access policies such as segregation of duties. Roles help companies group coarse- and fine-grained access rights (like access to and functionality within a financial accounts application) into groups, called enterprise roles. These enterprise roles map to job functions and are only allowed access rights that don't violate segregation of duties. For instance, a financial clerk role can't contain fine-grained access rights that allow someone in the role to access the accounts receivable and accounts payable parts of the financial application. The processes and tools necessary for effective role management consist of role mining and design (automatic discovery and management of roles based on existing access rights and entitlements data), role recertification (a process performed typically every six months when a business role custodian certifies what access rights should belong to a role), and access recertification (a process performed typically every 3-6 months to ensure all user access is understood and was granted in an audited way).

"Recently, the Federal Trade Commission (FTC) has gotten tough with US companies that have not lived up to their own privacy promises to European consumers. In particular, it has filed complaints against seven US companies that claimed that they were adhering to the European Union's Safe Harbor Program, but allegedly were not. (The FTC issues or files a complaint when it has "reason to believe" that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaints themselves are not a finding or ruling that the named parties have violated the law.) By taking action, the FTC has shown that the Safe Harbor program, as applied to US companies, is not a set of empty promises. Rather, the FTC is keeping watch over businesses and will sanction those that misrepresent their own policies. In this column, I will explain how the Safe Harbor program works, and also discuss the recent FTC enforcement actions."