Fri
03/25/11
Category Archives: Compliance

Follow-Up on CAIT Information Security Roundtable – Data Security Breach Notification Issues

As promised to the good folks at Washington University’s Center for the Application of Information Technology, I have collected and posted the various documents and state breach notification laws that we referenced in the discussion yesterday (March 24).  Here they are with a few other relevant statutes and comments thrown in:

The Connecticut Department of Insurance Regulations (5 days & Unencrypted)

Massachusetts Standards for the Protection of Personal Information

Proposed Amendment to the Hawaii Data Breach Notification Statute

A few additional notes:

1.  What Law Applies in the Event of a Breach: Massachusetts has certainly set the tone for this discussion by repeatedly making the claim that ANY business that maintains the personal information of a Massachusetts resident is subject to Massachusetts data protection laws — regardless of where the business operates or is organized.  That claim of jurisdiction extends to both the breach notification as well as the requirement for businesses to implement a comprehensive, written information security program (as noted in the link above).

2.  Other “Short” Timelines for Breach Notification: Many participants asked about other states, agencies, or regulators that have compressed time requirements for notification.  Here are a few others:

California Health and Safety Code

Puerto Rico Breach Notification Law

Florida Data Breach Notification Law

Note that the Florida law has a 45 day requirement for entities that maintain personal information on their system (Data Owners) but it has a 10 day notice requirement for those that maintain the personal information on behalf of others (Data Licensees).  Thus, the compressed time allows for the Owner to get the notice from the Licensee in enough time to comply with its 45 day requirement.

3.  Third Man In:  And by far the most requested piece of information — the clip of the Dancing Man from the Sasquatch Music Festival.  Or try it this way:  http://www.youtube.com/watch?v=Frd0CPYuZgU

Thanks again to the facilitators and participants from the CAIT Security Roundtable.  It was my pleasure and honor to join you in the discussion. I will post a few more of the specific reports, laws, surveys, and studies shortly.

**UPDATE: I also learned that one of the participants at the Security Roundtable received a breach notification from TripAdvisor WHILE we were discussing breach notification.  Glitch in the Matrix.  Here is more on the TripAdvisor issue.

Blog | Compliance | Corporate Governance | Data Protection | Employee Privacy | Network/Security | Risk Assessment   |  posted by AM

share:      


Upcoming Seminar: RedPoint on Panel to Address Privacy Issues in Social Media

Anthony Martin from RedPoint Privacy Advisors will be on a panel of lawyers and experts to discuss the privacy, security, and legal challenges that Social Media and Social Networking create for users, companies, ad agencies, and employers.  The event was trending toward SOLD OUT a few days ago.  (RedPoint would LOVE to claim some credit for that rush for tickets, but the last St. Louis Social Media Club event was also sold out and featured Happy Hour prices on drinks rather than a panel.)  Regardless, RedPoint is excited about the growth and enthusiasm of the St. Louis Social Media scene.  It is a pleasure and an honor.

 

For more information on the event.  Click HERE.

 

Event Details

What: Monthly SMCSTL Meetup and a Panel on Privacy, Security and Legal Protection in Social Media

When: Wednesday, March 23rd at 6:00 pm

Where: Moulin Events Center, 2017 Chouteau Avenue

Join us for a panel about privacy, security and legal issues companies should be aware of when engaging in social media. The evening begins with drinks and networking at 6 pm, and a panel discussion from 6:30 -7:30 pm to discuss current concerns, risks and issues related to content sharing and participatin in the social networking space. We will also open up for questions from the audience.

Businesses of all sizes will benefit from this event as our experts answer questions related to:
  • Ownership and rights to content posted on social network sites
  • Terms and conditions of social networks – what you really need to know
  • Social Media Policy for your organization: protecting the company and the employee
  • Protecting private or valuable company data shared or posted to social sites
  • Protection from spammers on social sites
    …and more

 

This is a free event but we ask that you please register on this page. A cash bar will be available throughout the evening.

 

Panelists:

 

Pete Salsich Pete Salsich

Intellectual Property Litigator and Counselor, Entrepreneur, Founding Principal of The BrickHouse Law
@PeteSalsichLinkedIn |  Blog

Craig Moore Craig Moore

Litigation Attorney at Armstrong Teasdale LLP, Co-Chair of  Social Media Practice Group
@CraigGMoore@AT_LawLinkedIn

Anthony Martin Anthony Martin
Privacy Lawyer, Professor and Founder of RedPoint Privacy Advisors, a data protection firm
@AMPrivacyLinkedInBlog

 

 

 

Blog | Compliance | Corporate Governance | Data Protection | Employee Privacy | Network/Security   |  posted by AM

share:      


Why Training Is So Important to Information Privacy and Data Security

Privacy and security are learned behaviors.
There may be some argument that notions of “personal” privacy are innate. Even children readily request time to just be left alone.

But, increasingly we see proof that protecting the privacy and security of our modern information is not something that comes easily to us. In fact, it seems quite the opposite. Maybe curiosity, desire, greed or other base instincts take charge over the latent respect for privacy — especially of others. And there is certainly some fault to be given to obtuse, over-lawyered policies or documents that were never written with the intent of actually equipping people with proper guidance or direction on how to protect personal information privacy and the confidentiality of data, whether business or personal.

So, we follow our new maxim that privacy and security are learned behaviors. Our challenge now is to figure out the best and most effective ways to teach, educate, and train our  friends, family and employees to respect privacy and data security.

That is what we try to do here.

Blog | Compliance | Corporate Governance | Data Protection | Employee Privacy | Network/Security   |  posted by AM

share:      


Upcoming Seminar: RedPoint Tabbed to Lead Discussion on Privacy Issues To Watch Out for 2011

Anthony Martin from RedPoint Privacy Advisors will be leading a discussion on legal and compliance issues concerning information privacy with the local members of the International Association of Privacy Professionals (IAPP) on February 22.  The St. Louis group of Privacy Professionals is a very collaborative and growing bunch of IT, legal, audit, and compliance professionals.  We posted the information from the invitation below.  If you are interested in attending, please email Anthony  (AM@redpointprivacy) or Kathie Dingley (kdingley@jordanlawrence.com).

Here is the Notice / Invitation:

Please join us at the upcoming St. Louis, MO KnowledgeNet on February 22, 2011. Hear from Anthony Martin, Founder of RedPoint Privacy Advisors on the topic “History Sniffing: An Examination of The Events of 2010 and What They Tell Us About the Information Privacy Landscape for 2011.” Lunch will be provided.

KnowledgeNets are a member benefit exclusively for IAPP members. They are free networking meetings that provide the privacy community an opportunity to network, make acquaintances and share ideas.

For more information about KnowledgeNets, please visit https://www.privacyassociation.org/events_and_programs/knowledgenet1/.

Speaker:
Anthony Martin, Founder of RedPoint Privacy Advisors

Anthony is a privacy lawyer and a founder of RedPoint Privacy Advisors, a data protection and strategic communications firm focusing on information security awareness training programs. Anthony also teaches the Information Privacy Law curriculum at St. Louis University School of Law.

Topic:
History Sniffing: An Examination of The Events of 2010 and What They Tell Us About the Information Privacy Landscape for 2011


Anthony Martin will take a quick look back at the significant information privacy and data security issues of 2010 and outline how those events are likely to have an impact on legal and compliance obligations for organizations in 2011.

Date:
Tuesday, February 22, 2011
Time:
11:30 a.m. – 1 p.m.
Location:
Jordan Lawrence
Suite 300
14567 North Outer Forty Drive
Chesterfield, MO 63017
Lunch will be provided.

ATTENTION IAPP-CERTIFIED MEMBERS:

This KnowledgeNet will be eligible for 1.5 hours of continuing education credit (CPE) toward your CIPP, CIPP/G, CIPP/C, or CIPP/IT requirements. If you have an IAPP certification and sign the attendance sheet at the event, you will automatically be given credit for the session, if available.

Compliance | Data Protection   |  posted by AM

share:      




TWITTER

CATEGORIES
  • Blog


  • ARCHIVES
  • September 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • December 2010