5 Big Challenges for Google Glass

Google Glass, for all its promise, has some scary implications.  Here is my list of 5 potential challenges for Glass: User Experience Social Awkwardness Privacy (or lack thereof) Obsession Humanity User Experience It’s early days right now, so I don’t want to harp too much on UX challenges, but there are a few worth mentioning,…

Continue Reading

If HIPAA was a video game, e-PHI would be the princess

The million dollar question: What does HIPAA define as e-PHI? Well, it doesn’t, really. It defines e-PHI only as Information that can “reasonably” be linked to an individual. That’s just great guys. Way to give us clear guidance on how to stay compliant! So, data that can be linked to an individual — that’s easy…

Continue Reading

The Ubuntu Forums Breach: Yet Another Reminder About the Cost of Password Laziness

If you’ve not followed up on your New Year’s Resolution to use strong passwords, enable two-factor authentication where available, not enter the same password on multiple sites, or rely strictly on a password manager, then this past weekend’s gigantic breach should re-motivate you. On Saturday, hackers hauled in over 1.8 million user names, passwords, and…

Continue Reading

What is HIPAA and why should I care?

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996, which requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. *Ahem* ok, I’m asleep, you? Breaking it down, HIPPA’s overarching goal is to protect the confidentiality and security of healthcare information….

Continue Reading

Meanwhile Back at the EU: Privacy Showdown over Cookies and Opt-in

Let’s first get caught up on the status of the EU Commission’s proposed changes to the Data Protection Directive or DPD.  At the beginning of July, an important committee vote in the EU Parliament was delayed till September, at the earliest. This has been the third delay of a vote to bring the new regulations—which…

Continue Reading

For Better IT Security, Uncle Sam Wants You to Monitor

Remember when the President signed the Critical Infrastructure Executive Order a few months ago? Essentially, the order directed the federal government to focus its considerable resources on cybersecurity threats to our core oil, electric, and transportation systems. It turns out that a good part of the government’s program involves sharing both classified threat information and…

Continue Reading

On That Fine Point About Cloud Services and the HIPAA Final Rule

With the publication of the HIPAA Final Omnibus Rule in January, regulators formally cleared up some questions about business associates —“person that creates, receives, maintains, or transmits” electronic protected health information (e-PHI) for a covered entity—and their compliance with HIPAA’s foundational Security and Privacy Rules. The plain-speak answer is that HIPAA’s security obligations and penalties…

Continue Reading

Red Alert: A Data Breach Report

Can you detect a data breach in real-time?  Most people can’t. Our new Red Alert Research Report, based on survey data from 248 information security professionals, indicates that only 6% of companies have automated breach detection. Why is this a problem? Data breaches are on the rise, and according to Verizon’s 2013 DBIR, 67% of…

Continue Reading

Big Data and Privacy: Resist the Urge to Re-identify

On Tuesday, Julie Brill, one of the four FTC commissioners, delivered a keynote address, titled “Reclaim Your Name”, at a data privacy conference. Brill points out that NSA revelations help open a larger and parallel discussion over data privacy in the area of e-commerce. Brill feels that just as we debate how much privacy to…

Continue Reading

Yet Another Reminder that Cybercrime Isn’t Going Away

Last week, PricewaterhouseCoopers released their 2013 US State of Cybercrime Survey. Coming on the heels of Verizon’s 2013 Data Breach Investigations Report, recent ID theft data from the FTC, and our own Privacy and Trust Survey, the PwC report fills in additional details on what is an all too familiar background: many companies are unprepared…

Continue Reading