Eric Chabrow, GovInfoSecurity.com, Wednesday, February 29, 2012
More than a year in the making, the National Institute of Standards and Technology issued Feb. 28 an initial public draft updating one of its premier special publications, SP 800-53: Security and Privacy Controls for the Federal Information Systems and organizations, which incorporates expanded privacy controls and addresses new threats that were unheard of when NIST issued revision 3 in 2009.
Sarah Rich, Government Technology, Thursday, February 23, 2012
The Barack Obama administration released on Thursday, Feb. 23, a new set of voluntary guidelines called the Consumer Privacy Bill of Rights in response to growing concern about how companies are using online data they collect from citizens.
Tony Romm, PoliticoPro, Friday, February 17, 2012
Reports that Google had tracked iPhone users browsing the Web triggered outrage on Capitol Hill, where lawmakers said the company needs to answer for its conduct — which, even if unintentional, amounts to a serious privacy blunder. Rep. Mary Bono Mack (R-Calif.), the top lawmaker on the House commerce subcommittee, told POLITICO on Friday she believes Google has “some tough new questions to answer in the wake of this latest privacy flap” and should “come in for another briefing” with lawmakers on Capitol Hill.
Richard A. Falkenrath,
Wednesday, February 15, 2012
Last month the European Commission proposed adding a new “right to be forgotten” to privacy law. This deceptively simple idea is a ticking time-bomb in the booming internet economy. It is also essential – both for Europeans and Americans – to protect personal privacy in the age of pervasive social media and cloud computing. The stakes are huge. Two weeks ago Facebook announced an initial public offering valuing the company at $80bn upwards. Facebook is worth so much because of the data it holds on its 800m users. Yet it succeeds only to the extent it can monetise the data. If a sizeable fraction of users could easily compel Facebook to delete all their personal data, the company’s value would be lower.
Dian Schaffhauser, Campus Technology, Wednesday, February 15, 2012
In late January when Google announced that it was replacing 60 different privacy policies across its multiple sites and services with a single one, you might have thought Congress had taken up SOPA and PIPA again. That's how loud the outrage was from much of the social galaxy, as reflected in this Gizmodo headline: "Google's Broken Promise: The End of 'Don't Be Evil.'" Other observers, such as Forbes "privacy pragmatist" Kashmir Hill, questioned what the big deal was; after all, she wrote, Google wasn't changing much other than how it targets ads to users and creates new innovative services: "Using information from Gmail to suggest more appropriate YouTube videos or reminding an Android smartphone user that they have a Google calendar appointment in a half hour on the other side of town doesn’t strike me as the work of Lucifer."
Ed Moyle, SearchCloudSecurity, Friday, February 10, 2012
As the use of cloud computing becomes more prevalent in health care, organizations that must comply with HIPAA face a number of compliance challenges, including the question of whether they should consider cloud service providers as HIPAA business associates. It matters because business associates have certain privacy and security requirements under the law that other third parties don’t -- and in turn, covered entities have specific requirements when it comes to business associates. Since guidance is tough to come by and consensus isn’t yet established, the decision can be complex.
Thursday, February 9, 2012
A grave threat is said to be stalking Europe. No, it isn’t the financial crisis and the potential demise of the euro. It’s the “rapacious” U.S. approach to privacy — which portends, for those engaged in the development of cloud architecture, a coming “clash” of privacy laws.
David Chernicoff, ZDNet Five Nines: The Next Gen Datacenter, Wednesday, February 8, 2012
...But the Health Insurance Portability and Accountability Act (HIPAA) means that the security of medical data is an absolute necessity for any vendor that deals with medical information. And this isn’t just a set of suggestions; datacenters have to meet very strict standards for data protection to be HIPAA certified. The certification steps range from specific training for datacenter workers who have access to protected data, to government audits by HIPAA inspectors that assure that the requirements in the Code of Federal Regulations are met. Additional reporting requirements are required and guarantees must be in place for the security of the data. Breaching those guarantees can result in a variety of penalties.
Marcia Savage, SearchCloudSecurity.com, Wednesday, February 8, 2012
With aging hardware and a growing business, GWR Medical Inc. faced the prospect of costly infrastructure upgrades. Instead, the company, which provides topical oxygen therapy to heal wounds, decided to shift its IT operations to Verizon’s cloud-based computing service.
Cecilia Kang, Washington Post, Thursday, February 2, 2012