Big Data Best Privacy Practices, FTC-style

Did you miss the keynote address given by FTC Commissioner Ramirez at the Aspen Forum? No worries, you can find the full text here, and it will make good iPad reading while you’re at the beach. Titled “The Privacy Challenges of Big Data: A View from the Lifeguard’s Chair”, the Commissioner’s speech turned into a…

Continue Reading

Data Protection for IaaS

Running an Infrastructure as a Service (IaaS) business comes with its fair share of technical challenges: availability, multi-tenancy, redundancy, scalability, etc.  Running an IaaS for the financial services sector presents even more complexity, especially with respect to data protection. Options, global provider of IaaS for the financial services sector, has over 130 financial services clients…

Continue Reading

PCI DSS 3.0: Get With the Program

Earlier this month, the folks at the Payment Card Industry released a preview of their long awaited Data Security Standard version 3, better known as PCI DSS 3.0. In a nine-page document, the PCI standards group sketched out the high points of their proposed changes, 12 in all, that will be finalized in November. What…

Continue Reading

New PII Discovered: License Plate Pictures

After finishing up some research on personally identifiable information I thought, mistakenly, that I was familiar with the most exotic forms of PII uncovered in recent years, including zip code-birth date, movie ratings and other consumer preference information, social network relationships, and facial images. And then I came across an article in Forbes that forced…

Continue Reading

Government’s New Mobile Code of Conduct: PIIs Get Noticed

You know those short notices that pop up right before you install a mobile app? That’s the splash screen that provides some information about what functions are being accessed and, in general terms, what information is being collected from users. After studying this matter for about a year and getting input from the usual stakeholders…

Continue Reading

HIPAA’s Teeth: What happens when you’re non-compliant?

Here’s how the regulation describes the penalties: Civil penalties can reach $50,000 per violation with annual maximum of $1.5 million Criminal can include fines and up to 5 years in prison So what really happens if we fail to comply with HIPAA or suffer a data breach?  Let’s look at some real world examples: 2003…

Continue Reading

Death, Taxes, and Identity Theft

One area of identity theft that doesn’t receive nearly as much attention is benefits fraud. Unlike credit card related abuses, health or tax refund fraud involving another’s identity takes longer to play out and consumers may not even know they’ve been a victim until years later. According to the US Internal Revenue Service, in 2012…

Continue Reading

Criminal Minds: Thinking Like a Hacker Makes Good Data Governance Sense

What can you learn from reading the exploits of the most successful hacking ring ever brought to justice? Last week, the US Attorney’s Office in NJ unsealed their indictment against a mostly Russian—one American co-conspirator was also named—gang of cyber-criminals who are alleged to have snatched over 160 million credit card numbers resulting in more than…

Continue Reading

5 Big Challenges for Google Glass

Google Glass, for all its promise, has some scary implications.  Here is my list of 5 potential challenges for Glass: User Experience Social Awkwardness Privacy (or lack thereof) Obsession Humanity User Experience It’s early days right now, so I don’t want to harp too much on UX challenges, but there are a few worth mentioning,…

Continue Reading

If HIPAA was a video game, e-PHI would be the princess

The million dollar question: What does HIPAA define as e-PHI? Well, it doesn’t, really. It defines e-PHI only as Information that can “reasonably” be linked to an individual. That’s just great guys. Way to give us clear guidance on how to stay compliant! So, data that can be linked to an individual — that’s easy…

Continue Reading