In recent weeks, leaks have been at the forefront of news. This is mostly in a political spectrum, but it illustrates the importance of managing how information flows through an organization. There have been examples other than those coming from the White House though. Being non-political in nature, they have different consequences and lessons to be learned. Continue reading this post…Posted on March 23, 2017 by Ben Siegel - No Comments
A new year usually means setting a goal to remodel that extra bedroom, cut out caffeine, or finally hit the gym for 30 minutes a day. This year you have an even greater goal in mind, the improvement of your privacy program. Here are some great ways to start you on your way to achieving just that. Continue reading this post…Posted on January 17, 2017 by Ben Siegel - No Comments
Data Privacy Day (DPD), held every January 28 and coordinated by the National Cyber Security Alliance (NCSA), is an international effort highlighting “Respecting Privacy, Safeguarding Data and Enabling Trust.” DPD provides an opportunity for you to re-enforce these themes within your organization to improve privacy awareness. The result is that you will increase your customer’s trust in your organization while reducing costs and liabilities due to human error while handling personal information. [Disclosure: My company, Privacy Ref Inc., is a sponsor of Data Privacy Day.]
Recently I saw an interesting image on twitter from @darrencauthon. The image was a television with an alleged FBI notice notifying the individual that their new smart TV had “suspicious files” and that they were being penalized $500 before they could use their TV again. All of this is accompanied by legal jargon meant to frighten the user into believing the hoax. The bottom of the note is even signed by FBI Director James Comey himself apparently. This is your classic example of ransomware and I immediately had a thought on what may cause this issue. Continue reading this post…Posted on January 4, 2017 by Ben Siegel - No Comments
Within 24 hours, I have had some interesting interactions with strong, or sometimes not-so-strong, passwords. I figured now was a good time to go over some of the pitfalls you might encounter when trying to implement a new password policy for your customers or employees.
A few weeks ago, I was auditing a CIPP/US class that Bob Siegel was teaching on behalf of the IAPP. Someone brought up the idea of openness and allowing individuals access to the data you have about them. At this point, Bob discussed the principles behind this, such as how the OECD Guidelines approach it. Bob also mentioned that under GDPR (and the EU Privacy Directive) a user should be able to see and correct information an organization has about them.
Bob then mentioned it would be interesting to see what would happen if I asked a company about what data they had about me. I immediately thought of Facebook.
Recently, a large number of YouTubers and other celebrities have been “hacked” or lost control of their accounts. The truth of the matter is that they aren’t being hacked, but instead the person taking control of these accounts is just having others do it for them. The people and groups helping them are not who you think. They are not hackers, black market data dealers, or even criminals, but they are customer service representatives and other professionals who are meant to protect your data.
If you attended our most recent quarterly data breach review, you probably heard a new term: “metagame.” The idea, put in its simplest form, is to take information from outside a scenario and use it to influence your choices. It is amazing how using information that is not necessarily inside your environment can allow you to adjust and prepare for a lot of scenarios. This in turn keeps you ahead of the game.
One question that I am frequently asked is “what is the difference between privacy and security?” It sounds simple enough, but the response often gets complicated. Maybe an analogy will help. Continue reading this post…Posted on May 24, 2016 by Bob Siegel - 1 Comment
Throughout my years in IT, product management, software development, and systems analysis, my Mother never understood what I do. It hasn’t been her fault, but mine; I couldn’t explain in “plain English” what I did. Since becoming a privacy professional she now understands. It may be not as good as being a doctor, but at least she can explain it to her friends.
February 8, 2017
March 23, 2017Continue reading this post...
January 17, 2017Continue reading this post...