WPPS C-Suite News

The regulations, which went into force in March, are intended to protect a consumer’s personal information from identity theft and other privacy breaches and to spell out steps that businesses must take to ensure data is secured. Some large companies — particularly those in the finance and health care industries that are already subject to data security laws like the Health Insurance Portability and Accountability Act (HIPAA) — had privacy measures in place, which helped get them ready for Massachusetts’ regulations. However, for many smaller and midsize companies that have not been subject to data security laws before, complying with the rules is a longer and often more painful process.

some businesses that are complying with privacy regulations for the first time and have limited in-house technology expertise “are running around with their hair on fire, trying to figure out what to do first,”

“We’ve seen a substantial uptick in activity in clients seeking guidance in how to comply,” said Carlos Perez-Albuerne, a partner at Choate Hall & Stewart LLP. “There’s a whole swath of businesses that never had to deal with anything like this before.”

“The IT industry had this nagging question – as more and more services move to the cloud, do they consume more or less energy?” Bernard said. “This study found that you can migrate existing infrastructure to the cloud and see not only growth in productivity but a reduction in energy consumption for those services.”

The study was aimed at understanding how the cloud performs differently from an on-premises environment, said Josh Whitney, corporate sustainability strategy lead with WSP. Using a methodology aligned to the Global eSustainability Initiative (GeSI) standards, Accenture and WSP compared the energy use and carbon emissions per user for Exchange Server 2007, SharePoint Server 2007, and Microsoft Dynamics CRM with their cloud-based equivalents: Exchange Online, SharePoint Online and Microsoft Dynamics CRM Online. The results suggest that for widely deployed and commonly used applications such as e-mail, content sharing and customer relationship management, the cloud can enable significant reduction in carbon emissions.

“The findings are actually pretty impressive,” Whitney said. “I think this study provides further reinforcement of the benefits of the cloud beyond the bottom line. It provides one of the first quantitative and measurable analyses of the impact that cloud computing can have directly compared to a traditional deployment of IT within a company.”

Between January and April of this year, Giang filled out 382 surveys before the company that was paying for them, StayWell, figured out what was going on. StayWell had been offering UC employees the gift vouchers as incentives to fill out health surveys, but it grew wise to the scam.

Giang only used part of the Social Security numbers of his co-workers while filling out the survey, his lawyer states in a sentencing memorandum. "Mr Giang never intended to steal their identity, and other than losing the opportunity to participate in StayWell's marketing surveys, the victims did not lose anything," says the Oct. 20 memorandum asking the judge for probation instead of jail time.

So what amount of grit does your institution have when it comes to backing up its security policies?

Think about your answer. It's not just jobs at stake here; it's the integrity and security of entire organizations.

During the hack, he set up his own wireless hotspot, which he simply called BT Openzone. As delegates used the wireless service, Hart was able to get hold of whatever usernames and passwords were being typed into web applications, just by using an easily downloadable password recovery tool called Cain & Abel.

When Hart and his team tested out the method across cafes in the UK, 100 per cent of web browsers in the various establishments used the fake BT Openzone service.

“That’s how easy it is, it is instant,” said Hart.

An even greater number, 66 percent, would be prepared to work for lower pay if a job offered more flexibility, at least when compared with a better-paid job without such flexibility. Businesses are uncertain about the move to home working, mainly because of security. According to the Cisco survey, they should also factor in some of the advantages. Almost half of those employees who do work from home reckon they put in between two and three extra work hours per day as a result.

Employees' dislike of offices is nothing new but what has changed is that it is now technically possible to make an employee productive without asking them to travel to a building every day.

It seems just as likely that the death of the office, predicted many times in the last 40 years, might be as much about the changing economics of work than any desire of employees to escape to the back room and the VPN.

The security failure, one of the several largest in nearly two years, involves nearly two-thirds of the insurers' subscribers. It became known only after The Inquirer requested information Tuesday evening. The insurers said the drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia. It noted that the same flash drive was used at community health fairs. "That seems grossly irresponsible," said Dr. Deborah Peel, a Texas psychiatrist who heads Patient Privacy Rights, an advocacy group.

The news of the breach comes at a time when there is more emphasis - and billions of dollars in federal funding - to develop protocols for electronic medical records, with information being shared among providers, insurers, and consumers.

Paul Stephens, director of policy for the Privacy Rights Clearinghouse, said that data breaches in the finance and retail sectors tended to involve more people, but that health data are very sensitive and may also contain payment information.

ONE: If your enterprise isn’t in energy, defense, or finance, it’s not a high priority target so don’t spend money like it is.

TWO: If you do lead a company in one of those 3 sectors, there’s nothing on the market today that will stop an adversary from stealing your most valuable data. The best that you can hope for is to raise the cost to an adversary to mount a successful attack against you, which means he’ll target a less well-protected company instead. This is known as the You-Don’t-Have-To-Outrun-The-Bear School of Security.

THREE: Your IT department’s job is not to protect you. It’s to protect the enterprise’s network. That makes you and your C-level colleagues the “10 ring” of the target.

Behavioral Advertising Online behavioral advertising – the practice of tracking someone’s online activities to deliver targeted advertising – can raise potential privacy issues.  Do you disclose your practices to your customers and honor your promises? Children’s Online Privacy The Children’s Online Privacy Protection Act (COPPA) gives parents control over what information websites can collect from their kids. If you run a website designed for kids or have a website geared to a general audience but collect information from someone you know is under 13, you must comply with COPPA’s two main requirements. Credit Reports Does your business use credit reports to evaluate customers’ credit worthiness? Do you consult credit reports when considering evaluating applications for jobs, leases, and insurance? Here is information about your responsibilities when using, reporting, and disposing of information in those credit reports. Data Security Many companies keep sensitive personal information about customers or employees in their files. Having a sound security plan in place can help you meet your legal requirements to protect that sensitive information. Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. Health Privacy If you offer or maintain personal health records online, you could be covered by the FTC’s Health Breach Notification Rule. Are you familiar with your legal obligations in case of a security mishap? Red Flags Rule The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs  – or red flags – of identity theft in their day-to-day operations.

When small organizations (100 users) move to the cloud, the effective carbon footprint reduction could be up to a 90% savings by using a shared cloud environment instead of their own local servers

For large corporations, the savings are typically 30% or more. In a case study with a large consumer-goods company, the team calculated that 32% of energy use and resulting carbon emissions could be saved by moving 50,000 e-mail users in North America and Europe to Microsoft's equivalent cloud offering.

What accounts for these significant energy savings? Think of cloud computing as being like mass transit. The data center is essentially getting computing applications to carpool or take the bus instead of sitting in their own individual servers. However, unlike mass transit, there is no sacrifice in convenience or performance with this move. Consider the disappointing fact that a typical server in a company often runs at about 10% of capacity, meaning there are lots of servers out there drawing power without doing much computing

The conference has commenced this morning in Jerusalem, a city of both ancient traditions and thoroughly modern influences, and I was reminded of how that same dynamic is true of privacy in the Internet age.  Yesterday marked the 30th anniversary of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.  These privacy guidelines have served as the basis for numerous privacy laws in place across the globe.  Yet, even these privacy principles need to keep pace with the changing information environment.  In my remarks today at a panel discussion titled “Notice and Consent:  Illusion or Reality?”, I suggested that individual participation through mediums such as notice and consent remains important to safeguarding users’ privacy, but by itself does not afford enough protection.  This is particularly true given the explosion of information collection and use that is the fuel of today’s Internet economy. The same is true of the various legal frameworks that govern data collection, usage, and sharing.  Both are important, but neither is sufficient on its own.

Alongside individual participation and regulatory oversight, another vital aspect of privacy protection is often overlooked: the role and responsibility of the organization in maintaining and protecting personal data.

Microsoft’s view, as outlined in a new white paper released today at the conference, is that organizations’ privacy policies and data management practices most directly influence whether users’ personal information is kept safe or exposed to risk. Therefore, we believe that organizations—including Microsoft—must hold themselves accountable for acting to protect users’ interests and taking appropriate measures to safeguard privacy and personal data, even in the absence of specific regulatory mandates.

Even smaller and moderately sized companies will start to look at IaaS. So far, most of the IaaS deployments have been concentrated around very large $1B+ companies; however, we are now seeing that even smaller and moderate sized organizations are very interested in IaaS to help them overcome their data challenges. As a result, in 2011 and beyond we are likely to see small mission-critical IaaS deployments in these organizations to support various types of use cases, ranging from single-version-of-the-truth to BI to searching and compliance reporting. 

AVG's research shows that: * 83% agree that having the right level of IT security protection is critical to their business * 77% say that a security threat could have a significant negative impact on their business * 55% feel they can make IT security decisions without 3rd party influence * However, only 48% have a clear IT security policy in place for their staff, leaving most at the mercy of what employees decide to download or access online * As a result, perhaps not surprisingly, 1 in 4 have experienced a security breach * Most worryingly, 1 in 7 have no security software or systems in place at all AVG also asked small businesses whether they expect to see growth in the next five years - 61% of UK and 74% of US small businesses say that they do.

Back in the 1990s fellow science and technology journalist Charles Mann and I wrote a book uncovering the true story of how a lone, young, cognitively impaired hacker with relatively few computer skills managed to perpetrate what was then the most extensive and scariest series of computer break-ins ever — government weapons labs, dam control systems and ATM networks were among the hundreds of networks compromised. At the end of the book, we predicted that no matter how much effort was poured into making the Internet safer, hackers would always be able to have a field day, partly for technical reasons but also because companies and individuals would never get it together to take simple precautions critical to safe computing.

Sadly, Mann and I called it right. Viruses, trojans and spyware are bigger problems than ever. Employees unwittingly but routinely hand over their passwords to hackers who break into corporate databases to steal credit card and other information of thousands of customers. Private e-mail is rifled through and made public, and companies have their computers incapacitated by “denial of service” attacks. You need to ask yourself: Could your company survive an encounter with a hacker?

Don’t count on even the best security software or services to protect you —

There’s no point investing in and implementing an ethics and compliance program unless the time is spent integrating the program into every aspect of an organization. The need for companies to develop effective ethics and compliance programs has been acknowledged by several government agencies- examples are the SEC in the US and the government in the United Kingdom. Both groups have recently passed legislation or made amendments to existing guidelines, focusing heavily on the importance of ethics and compliance at all levels of an organization- especially at the top.

Employees at each level contribute to the success of a company’s ethics and compliance program. Integrating ethics and compliance at each level helps ensure the message from the top makes it all the way down to the lower levels of the organization. Training, messages and other ethics and compliance initiatives must be developed to evolve with employees as they move through the company. That being said, employees at various levels need to be prepared to address different ethical issues they may encounter based on the role they play in the organization.

Integrating Ethics in the Middle  In many companies, employees report that the middle level is where ethics and compliance commitments break down. Since many of the lower level employees report directly to those in the middle, a commitment to ethics and compliance from middle managers is equally as important as it is at the top.

“Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule – and to fix this problem quickly.

The Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft.

The new partnership appears to be part of an effort to move past previous agency turf wars. Last March, for example, Rod Beckstrom resigned from his position as director of the DHS' National Cyber Security Center, citing insufficient funding and support. In his letter of resignation to Napolitano, Beckstrom said the DHS's cybersecurity efforts are "controlled" by the NSA. Meanwhile, it is not uncommon for government departments and agencies to enter into formal agreements to work together on certain issues and to “swap” employees to improve synchronization, Marcus Sachs, director of the SANS Internet Storm Center, told SCMagazineUS.com on Thursday. This agreement is particularly important because the DoD and DHS have a joint mission to protect the United States in cyberspace, he said.