Clik here to view.
You Don’t Attain Your Clients’ Compliance
Someone recently commented that I write a lot of blog posts based on my work and what my clients, students and others I meet at conferences and training classes have said or done. Well, that’s because...
View ArticleClik here to view.
Sales and Marketers: Don’t Diss the Info Sec Pros
This past week one of my marketing friends made a statement I’ve heard far too many sales and marketing folks say over the years. “The IT Security folks don’t have decision-making authority, and they...
View ArticleClik here to view.
When is PHI Not PHI?
The deadline for complying with the Omnibus Rule is quickly approaching. Psst…it’s September 23 for most covered entities (CEs) and business associates (BAs). I’ve been tardy in getting blog posts...
View ArticleClik here to view.
Top 4 Reasons Encryption Is Not Used
Over the past week a few reporters who were following up on a recent breach of 9 million patient records for stories they were writing asked me basically the same question amongst all their others,...
View ArticleClik here to view.
Use Encryption despite Your NSA Snooping Fears
I’ve received numerous questions from various news outlets, clients and colleagues since the published revelation that the NSA was getting the assistance of encryption vendors to decrypt messages...
View ArticleClik here to view.
Ever Feel like Somebody is Watching You? They Are!
“Sometimes I feel like…somebody’s watching me! And I have no privacy!” (The Rockwell hit from…quite appropriately…1984.) Each day, we are tracked by the ‘smart’ systems, mobile apps, personal...
View ArticleClik here to view.
You Must Practice Daily Compliance Hygiene
Compliance, like much of life, takes ongoing effort Okay, folks. Time for a reality check for what data protection compliance involves. You know what’s often tedious and hard? Well, a lot of things in...
View ArticleClik here to view.
If there’s a Shred of Evidence it’s Not Shredded
“What’s the minimum shred size?” Recently I got a great question from one of my Compliance Helper clients: “This may seem like a silly question, but is there any type of HIPAA compliance requirements...
View ArticleClik here to view.
What You Need to Know for Retention Compliance
One of the things I love about helping all my Compliance Helper (CH) clients with their information security and privacy compliance activities is that they often ask questions that most other small and...
View ArticleClik here to view.
Organizations Need to Use More Than One Type of Encryption
Encryption has been talked about a lot lately. I’ve gotten at least a couple dozen questions from my Compliance Helper clients in the past month. They can pretty much be boiled down to this question:...
View ArticleClik here to view.
If it was Intentional it is *NOT* Incidental
In the past week I got the third question in a one month time-frame about the same topic. My unwritten, loosely followed rule is that if three different organizations ask me pretty much the same...
View ArticleClik here to view.
Yes, You Still Need Policies for Your Outsourced Activities!
Here’s a statement I’ve answered over 100 times (seriously!) in the past few years. “We’ve outsourced that IT activity, so we don’t we don’t need a policy for it.” The one word reply to this statement...
View ArticleClik here to view.
Time to Focus on Privacy Every Day
This week January 28 was recognized around the world at International Data Privacy Day. Data Privacy Day is the perfect time to think about all things privacy. For example, consider all the computing...
View ArticleClik here to view.
Mobile Device Security Continues to get More Complicated
I first started working on truly easily mobile computing device (not counting the first programmable pocket calculator, or the luggable computers that could not be hidden in your pocket) security in...
View ArticleClik here to view.
Strong security controls are necessary for more than just preventing hack...
Recently I’ve heard in various discussion venues the argument that information security controls are an impediment to technology use, and that instead we should look at demotivating the hackers. With...
View ArticleClik here to view.
NSA is not the Only One Getting to Your App Data
Do you think the NSA is the biggest threat to your privacy? Certainly they are collecting a significant amount of personal data. And from the looks of it, with their new facility that may hold up to 12...
View ArticleClik here to view.
Phone Scam Open Season – Business Risks
It seems that right now phone scam season is going strong! I got 2 calls last week from scammers. I got another scammer call during a meeting last night. Two of my LinkedIn contacts got calls in the...
View ArticleMore Phone Scams For the General Public
It seems that right now phone scam season is going strong! Last week I posted about some common scams targeting businesses. Those same scams are also targeting the general public, so please be on the...
View ArticleClik here to view.
Will the Demise of XP Shut Down Your Business…or Heart?
If you haven’t heard yet, Windows XP will no longer be supported after April 8, 2014. That’s just a couple of weeks away! Why should you even care? Well, because you may have an important, or even...
View ArticleClik here to view.
Rx for Incorrect Compliance Claims and XP
In the past couple of weeks I’ve gotten a couple dozen questions from my clients that are small to midsized covered entities (CEs) or business associates (BAs) under HIPAA, in addition to several small...
View Article
