New PII Discovered: License Plate Pictures

After finishing up some research on personally identifiable information I thought, mistakenly, that I was familiar with the most exotic forms of PII uncovered in recent years, including zip code-birth date, movie ratings and other consumer preference information, social network relationships, and facial images. And then I came across an article in Forbes that forced…

Continue Reading

Government’s New Mobile Code of Conduct: PIIs Get Noticed

You know those short notices that pop up right before you install a mobile app? That’s the splash screen that provides some information about what functions are being accessed and, in general terms, what information is being collected from users. After studying this matter for about a year and getting input from the usual stakeholders…

Continue Reading

HIPAA’s Teeth: What happens when you’re non-compliant?

Here’s how the regulation describes the penalties: Civil penalties can reach $50,000 per violation with annual maximum of $1.5 million Criminal can include fines and up to 5 years in prison So what really happens if we fail to comply with HIPAA or suffer a data breach?  Let’s look at some real world examples: 2003…

Continue Reading

Death, Taxes, and Identity Theft

One area of identity theft that doesn’t receive nearly as much attention is benefits fraud. Unlike credit card related abuses, health or tax refund fraud involving another’s identity takes longer to play out and consumers may not even know they’ve been a victim until years later. According to the US Internal Revenue Service, in 2012…

Continue Reading

Criminal Minds: Thinking Like a Hacker Makes Good Data Governance Sense

What can you learn from reading the exploits of the most successful hacking ring ever brought to justice? Last week, the US Attorney’s Office in NJ unsealed their indictment against a mostly Russian—one American co-conspirator was also named—gang of cyber-criminals who are alleged to have snatched over 160 million credit card numbers resulting in more than…

Continue Reading

5 Big Challenges for Google Glass

Google Glass, for all its promise, has some scary implications.  Here is my list of 5 potential challenges for Glass: User Experience Social Awkwardness Privacy (or lack thereof) Obsession Humanity User Experience It’s early days right now, so I don’t want to harp too much on UX challenges, but there are a few worth mentioning,…

Continue Reading

If HIPAA was a video game, e-PHI would be the princess

The million dollar question: What does HIPAA define as e-PHI? Well, it doesn’t, really. It defines e-PHI only as Information that can “reasonably” be linked to an individual. That’s just great guys. Way to give us clear guidance on how to stay compliant! So, data that can be linked to an individual — that’s easy…

Continue Reading

The Ubuntu Forums Breach: Yet Another Reminder About the Cost of Password Laziness

If you’ve not followed up on your New Year’s Resolution to use strong passwords, enable two-factor authentication where available, not enter the same password on multiple sites, or rely strictly on a password manager, then this past weekend’s gigantic breach should re-motivate you. On Saturday, hackers hauled in over 1.8 million user names, passwords, and…

Continue Reading

What is HIPAA and why should I care?

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996, which requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. *Ahem* ok, I’m asleep, you? Breaking it down, HIPPA’s overarching goal is to protect the confidentiality and security of healthcare information….

Continue Reading

Meanwhile Back at the EU: Privacy Showdown over Cookies and Opt-in

Let’s first get caught up on the status of the EU Commission’s proposed changes to the Data Protection Directive or DPD.  At the beginning of July, an important committee vote in the EU Parliament was delayed till September, at the earliest. This has been the third delay of a vote to bring the new regulations—which…

Continue Reading