tagged w/ The Privacy Professor
-
It is possible that, if such policies exist and were created specifically for HIPAA compliance, your organization is viewing this policy noncompliance as being a HIPAA infraction because of the HIPAA requirements to have security/privacy policies and enforce them.It is possible that, if such policies exist and were created specifically for HIPAA... more
-
-
Any business, of any size, in any industry, in any location, is a possible target for PII theft and cybercrime if they possess any type of employee, customer or other consumer PII. Most businesses have PII. All businesses with PII need to make sure they provide due diligence to protect that PII.Any business, of any size, in any industry, in any location, is a possible target for... more
-
-
People get so upset, understandably, when an organization loses a laptop with SSNs, or has one stolen. But now, upon hearing that crooks don’t even need to steal SSNs, but can just generate them from commonly known information and use them until the victims discover the crimes, it is puzzling why so many people don’t see this as something to be concerned with, and to demand changes for.People get so upset, understandably, when an organization loses a laptop with SSNs, or... more
-
-
For some reason, too many practitioners, and many/most consultants, think that if something is stated on the website, then all personnel magically, or by some type of mystical digital osmosis, know what it says and have actually read it.
That goes for the rarely-read-by-employees website privacy policy.
Most personnel don’t know what their website policy says because most get little to no awareness or training about privacy to begin with, and so most go along their merry way each day performing their job responsibilities in ways that violate that posted privacy policy!
Assuming all personnel know what the privacy policies even say = dumb dangerousnessFor some reason, too many practitioners, and many/most consultants, think that if... more
-
-
Simple social engineering tactics can often be used to get to sensitive information simply by supplying a valid SSN. I know many of the business companies I’ve called, when just doing unscientific tests, started out the call with, “May I have your account number please?” To which I say, “Oh, darn; I don’t have that with me! Could I give you my SSN instead?” And usually they say, “Sure; give me the SSN.” Bingo. Social engineering is powerful and used by many crooks.Simple social engineering tactics can often be used to get to sensitive information... more
-
