If your healthcare facility were to have a data breach tomorrow, how would you go about notifying affected individuals? More importantly, how would you do it in a way that satisfies the HITECH requirements?
The answer isn’t easy. Even without HITECH, notification and subsequent response can take an alarming toll on the finances and resources of an organization.
A data breach can occur many ways. Even a data “warehouser,” who has implemented a policy to minimize data collection and retention while making necessary data accessible in a secure environment, may still be subject to a data breach. A data breach may still occur by accident or through malice even when a well written policy and procedure is adhered to seriously by computer users. Data is only as safe as the trustworthiness and reliability of the organization’s users.
Young adults often make poor choices when it comes to social networking; so, many people argue that the younger generation simply doesn’t care about their own privacy. However, a recent survey refutes that argument – entitled How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?, it reveals little evidence that young adults’ attitudes toward privacy are fundamentally different from those of older adults. What the data did show, however, was that a higher proportion of 18-24 year olds believe (incorrectly) that information privacy laws protect their data both online and offline than do other age groups.
The Federal Trade Commission (FTC) has pushed back the enforcement date for the Red Flags Rule yet again – this time to December 31, 2010. The original compliance date for this rule was November 1, 2008, and it has since been pushed back four other times: May 1, August 1, and November 1 of 2009, and then to June 1, 2010. The reasons for the delays have varied, mostly to give businesses that the FTC classified as covered entities the chance to further prepare. However, this latest delay comes at the request of several members of Congress, as they are considering legislation that may limit the scope of entities covered under the rule.
The average online computer user faces many security threats. Users are commonly reminded to keep their operating systems up to date, install virus software and firewalls, and have at least one anti-spyware program running at all times. Kroll investigators counsel members of our identity theft programs to reduce their fraud exposure to Internet threats with this advice. We also remind them not to fall victim to a false sense of security. Identity theft protection does not exempt consumers from following practices to reduce their likelihood of becoming a victim while online. When it comes to online safety, best practices involve avoiding questionable websites, using social networking safely and being stingy with personal information. Now, we add to our list of advice “close inactive browser tabs.” Why? To prevent a relatively new phenomenon known as “tabnapping.”
