Category Archives: Privacy
Obama’s Record Management Memo – 4 months later
Last November, Obama stated in a memo ‘Managing Government Records’ to government agencies the requirement to improve records management. The memo suggested that well-maintained records management could improve performance and promote openness and accountability by documenting agency actions and decisions.
What is a Privacy Policy and Why Do You Need One?
A privacy policy is a statement that discloses the various ways your organization gathers, uses, discloses, and manages client data. This data, also known as Personally Identifiable Information (PII), involves anything that can be used to identify someone as an individual, including his or her name, contact information, financial and medical records, credit report, and many other things.
Is your SharePoint Platform Content-Aware?
We know Microsoft SharePoint makes it easy to create and collaborate on content. And we also know that this results in an explosion of unstructured content, ranging from email to documents to blogs; all with the intention of having a collaborative conversation. SharePoint has also become core to operations with businesses increasingly making it their enterprise content management (ECM) system of choice.
We Matter in Knowledge Management!
It’s not every day you get recognized by a leading publication for being a major player in your space. Recently, we were named one of KMWorld’s 100 companies that matter in knowledge management.
FTC Privacy Judgments: Are you doing enough to protect consumers?
Over the last few years, we’ve seen FTC privacy judgements against the ‘Big Three’ web companies Google, Facebook and Twitter. In all these cases, the ‘Big Three’ were not protecting the interest of the American consumer.
Notes from the Road: SharePoint Customer Journey
This week I’m on the road across the UK to discuss the SharePoint Customer Journey. After my first day with fellow presenters from Metalogix and KnowledgeLake, it is clear that migrating content into SharePoint is an issue. Both presenters have highlighted that it’s generally better that content is in SharePoint and the audience agreed as well. These companies come at SharePoint from two different perspectives – Metalogix to get the content into SharePoint and KnowledgeLake to find, capture, automate business processes and save content.
How to Prevent SharePoint Mistakes
Readin
g Mathew J. Schwartz’s article in Information Week, ‘10 SharePoint Security Mistakes You Probably Make,’ there were a few items of particular interest.
- The first was on the discovery that in the case of Bradley Manning leaking 250,000 U.S. State Department cables, the forensic expert “discovered Wget scripts on Manning’s computer that pointed to a Microsoft SharePoint server holding the Gitmo documents. He ran the scripts to download the documents, then downloaded the ones that WikiLeaks had published and found they were the same, Shaver testified.” (Source: Wired, Forensic Expert: Manning’s Computer Had 10K Cables, Downloading Scripts)
HiSoftware Wins GRC Technology Award
Yesterday HiSoftware was named one of the recipients of the Corporate Integrity’s inaugural GRC Technology Innovation awards. The award recognizes HiSoftware Security Sheriff™ SP as a GRC solution on the cutting edge of the industry. Michael Rasmussen, an internationally recognized expert on governance, risk management and compliance (GRC) and noted as the “Father of GRC” — being the first to define and model the GRC market in 2002 while at Forrester, said:
“HiSoftware is unique in its focus of applying GRC technology to the file level within Microsoft SharePoint, the most widely deployed ECM platform on the market today. Security Sheriff offers an unprecedented level of assurance that sensitive information can be secured inside SharePoint. HiSoftware has shown true innovation and leadership with this product.”
I’m so pleased to be part of a Company that is at the forefront of innovation for GRC. Read more here. For more information about the awards, visit Michael Rasmussen’s web site.
Massachusetts Data Security Regulations: 1 Month to Deadline
The final phase of the Massachusetts data security regulation law officially entitled, 201 CMR 17.00, comes into effect on the 1 March 2011. With a month to go, businesses need to have procedures in place if they or their third party contractors handle any Massachusetts’ residents’ data, whether or not the company is located in the State.
Essentially, if any contractor, supplier, technology provider and other third party holds data on Massachusetts residents, a contract needs to be signed that says they comply with the new regulation. While the company doesn’t need to audit the third party, the signed contract should reserve the right to audit these companies.
So what does this mean for data captured or stored online by a third party? Well firstly, let’s identify a few examples of the third parties this could include:
- A marketing company with a database of Massachusetts residents that will send materials on behalf of a company
- A contractor with addresses of customers they need to supply services to, on behalf of a company
- A web developer that hosts a company’s website and requires login details
- A third party that hosts on behalf of a hospital health records or financial information
All of these instances will need to have appropriate measures in place to protect Massachusetts’ residents’ information; even if they only have a few MA residents within their data. These third parties need to assure company’s they are protecting data or face losing their client/customer.
The regulation purpose is stated as
This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
As a MA resident, I think the regulation has the right purpose. As part of the online privacy community, I also think it’s a good reminder of the importance of protecting a business. The benefits of protecting customers’ privacy are far greater to a business than the alternative. Privacy helps to:
- Protect your organization’s reputation internally and externally by assuring that your website properties are trustworthy and safe
- Immediately identify issues for correction before problems can arise
- Monitor for content or programming issues that could affect privacy requirements during website development
- Ensure that information collected from site visitors can be audited for compliance
- Create custom reports for internal website compliance management
- Earn customer confidence by providing a trusted environment of Internet confidentiality
For any company using the web to store private MA residents’ information, remember this is both internally and externally. You need automated privacy tools in place and that’s not just to enforce it, but to monitor against any breaches as it will only help to improve your data protection and help differentiate yourself against other businesses as you can show specific reporting examples, on demand, for your corporate customer or clients.
Global Data Privacy Day: Are you doing enough?
On the 28th Ja
nuary, organisations are being asked to take stock of how they handle data protection. Are your customers’ details safe? Your employees? Are you doing enough to ensure an individual’s right to protection of personal information as a fundamental freedom?
Data Privacy Day is an annual international awareness initiative that commemorates the signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. In this networked world, in which we are thoroughly digitized, the day promotes awareness about the many ways personal information is collected, stored, used, and shared, and educates about privacy practices that will enable individuals to protect their personal information. It brings together advocates from businesses, governments, academics and not-for-profit organizations to promote collaboration and encourage dialogue on the issue of privacy.
Michael Kaiser, executive director, National Cyber Security Alliance said about the day, “As people across the globe continue to integrate the Internet into their daily lives, it becomes increasingly important that everyone understands privacy in the digital age, how to safeguard their data and own their online presence.”
Data Privacy Day is celebrated across the United States and Canada with European Privacy Day 2012 serving as the day’s counterpart in Europe. The European Privacy Day 2012 summaries the need for the day:
2011 was a year with privacy discussions about Facebook, use of hacking by journalists, use of intelligent CCTV by police forces, use of twitter during urban riots, face recognition, smart houses and smart viewing of houses, and ICT for active ageing.
Declarations and writings stating that ‘privacy is dead’ confirm the urgent need for more debate about these issues.
When pondering over all these online and offline developments, the first impression is not only that many facets of privacy are at stake, but that attitudes and responses of people are evolving. Despite all the declarations on the death of privacy, 2011 has shown that people do care about privacy both offline and online and are highly imaginative in the ways to strike back at these developments.
Resources
In honor of Data Privacy Day, you’ll find a compilation of white papers and on demand Webinars to help you make 2012 the year you take charge of your privacy initiatives. This extensive library of free resources provides valuable strategies, advice and processes from industry thought leaders to help you put an effective privacy program in place and ensure that sensitive data is kept private and secure.
Use these resources to ensure your organization is complying with privacy laws and regulations and start earning consumer confidence.
Subscribe to our RSS Feed 
Follow Us on Twitter 
Find us on LinkedIn 