NIST Updating Catalog of Controls

Eric Chabrow,,  Wednesday, February 29, 2012

More than a year in the making, the National Institute of Standards and Technology issued Feb. 28 an initial public draft updating one of its premier special publications, SP 800-53: Security and Privacy Controls for the Federal Information Systems and organizations, which incorporates expanded privacy controls and addresses new threats that were unheard of when NIST issued revision 3 in 2009.

White House Releases ‘Privacy Bill of Rights’ for Consumers

Sarah Rich, Government Technology,  Thursday, February 23, 2012

The Barack Obama administration released on Thursday, Feb. 23, a new set of voluntary guidelines called the Consumer Privacy Bill of Rights in response to growing concern about how companies are using online data they collect from citizens.

Lawmakers want answers from Google on privacy

Tony Romm, PoliticoPro,  Friday, February 17, 2012

Reports that Google had tracked iPhone users browsing the Web triggered outrage on Capitol Hill, where lawmakers said the company needs to answer for its conduct — which, even if unintentional, amounts to a serious privacy blunder. Rep. Mary Bono Mack (R-Calif.), the top lawmaker on the House commerce subcommittee, told POLITICO on Friday she believes Google has “some tough new questions to answer in the wake of this latest privacy flap” and should “come in for another briefing” with lawmakers on Capitol Hill.

Google must remember our right to be forgotten

Richard A. Falkenrath by Richard A. Falkenrath, Chertoff Group
Wednesday, February 15, 2012

Last month the European Commission proposed adding a new “right to be forgotten” to privacy law. This deceptively simple idea is a ticking time-bomb in the booming internet economy. It is also essential – both for Europeans and Americans – to protect personal privacy in the age of pervasive social media and cloud computing. The stakes are huge. Two weeks ago Facebook announced an initial public offering valuing the company at $80bn upwards. Facebook is worth so much because of the data it holds on its 800m users. Yet it succeeds only to the extent it can monetise the data. If a sizeable fraction of users could easily compel Facebook to delete all their personal data, the company’s value would be lower.

Google's Apps for Education and the New Privacy Policy

Dian Schaffhauser, Campus Technology,  Wednesday, February 15, 2012

In late January when Google announced that it was replacing 60 different privacy policies across its multiple sites and services with a single one, you might have thought Congress had taken up SOPA and PIPA again. That's how loud the outrage was from much of the social galaxy, as reflected in this Gizmodo headline: "Google's Broken Promise: The End of 'Don't Be Evil.'" Other observers, such as Forbes "privacy pragmatist" Kashmir Hill, questioned what the big deal was; after all, she wrote, Google wasn't changing much other than how it targets ads to users and creates new innovative services: "Using information from Gmail to suggest more appropriate YouTube videos or reminding an Android smartphone user that they have a Google calendar appointment in a half hour on the other side of town doesn’t strike me as the work of Lucifer."

Are cloud providers HIPAA business associates?

Ed Moyle, SearchCloudSecurity,  Friday, February 10, 2012

As the use of cloud computing becomes more prevalent in health care, organizations that must comply with HIPAA face a number of compliance challenges, including the question of whether they should consider cloud service providers as HIPAA business associates. It matters because business associates have certain privacy and security requirements under the law that other third parties don’t -- and in turn, covered entities have specific requirements when it comes to business associates. Since guidance is tough to come by and consensus isn’t yet established, the decision can be complex.

Cloud computing and the looming global privacy battle

Michael Chertoff by Michael Chertoff, Chertoff Group
Thursday, February 9, 2012

A grave threat is said to be stalking Europe. No, it isn’t the financial crisis and the potential demise of the euro. It’s the “rapacious” U.S. approach to privacy — which portends, for those engaged in the development of cloud architecture, a coming “clash” of privacy laws.

Will your cloud be HIPAA compliant?

David Chernicoff, ZDNet Five Nines: The Next Gen Datacenter,  Wednesday, February 8, 2012

...But the Health Insurance Portability and Accountability Act (HIPAA) means that the security of medical data is an absolute necessity for any vendor that deals with medical information. And this isn’t just a set of suggestions; datacenters have to meet very strict standards for data protection to be HIPAA certified. The certification steps range from specific training for datacenter workers who have access to protected data, to government audits by HIPAA inspectors that assure that the requirements in the Code of Federal Regulations are met. Additional reporting requirements are required and guarantees must be in place for the security of the data. Breaching those guarantees can result in a variety of penalties.

HIPAA business associate agreement key to company’s cloud migration

Marcia Savage,,  Wednesday, February 8, 2012

With aging hardware and a growing business, GWR Medical Inc. faced the prospect of costly infrastructure upgrades. Instead, the company, which provides topical oxygen therapy to heal wounds, decided to shift its IT operations to Verizon’s cloud-based computing service.

Lawmakers’ meeting with Google over privacy spurs more questions

Cecilia Kang, Washington Post,  Thursday, February 2, 2012

House lawmakers met with Google officials on Thursday to discuss controversial changes to the firm’s privacy policy, with some saying they left the meeting with greater concerns and more questions.