Showing 59 results
-
Apr 03, 2017
Data Security Compliance and DatAdvantage, Part I: Essential Reports for Risk Assessment
Over the last few years, I’ve written about many different data security standards, data laws, and regulations. So I feel comfortable in saying there are some similarities in the EU’s...
Michael Buckbee
4 min read
-
Aug 23, 2016
HHS to Investigate Smaller HIPAA Privacy Breaches
As a reader of this blog, you know all about Health and Human Services’ (HHS) wall of shame. That’s where breaches involving protected health information (PHI) affecting 500 or more...
Michael Buckbee
1 min read
-
Jul 19, 2016
Is Browsing Facebook While in the Hospital a HIPAA Violation?
A recently filed federal class-action suit claims that several healthcare providers are violating HIPAA’s rules on protected health information (PHI). If the suit succeeds, privacy advocates say it has the potential...
Michael Buckbee
2 min read
-
Jun 24, 2016
GDPR: Pseudonymization as an Alternative to Encryption
Have I mentioned lately that the General Data Protection Regulation (GDPR) is a complicated law? Sure, there are some underlying principles, such as Privacy by Design (PbD) and other ideas,...
Michael Buckbee
3 min read
-
Dec 11, 2015
What is the EU General Data Protection Regulation?
Table of Contents DPD 2.0 GDPR Vocabulary Articulating the Articles More Articles: The New Stuff Focus Your GDPR Compliance Note: This post now reflects the final version of the EU...
Michael Buckbee
7 min read
-
Sep 23, 2015
Penetration Testing Explained, Part I: Risky Business
In most of the security standards and regulations that I’ve been following there’s typically a part titled Risk Assessment. You can find this requirement in HIPAA, PCI DSS, EU GDPR,…
Michael Buckbee
3 min read
-
Jan 20, 2015
Inside the World of Insider Threats, Part I: Motivation
As someone once said in a different context, never let a good crisis go to waste. While we still don’t have definitive proof, there’s good evidence that employees were in...
Michael Buckbee
3 min read
-
Jan 16, 2013
From the HIPAA Case Files: Jail Time, Fines, and Access Rights
While I was conducting some research on compliance laws for a customer, I found myself reviewing the penalties written into the 1996 Health Information Portability and Accountability Act, otherwise known...
Michael Buckbee
3 min read
-
Nov 15, 2012
4 Secrets for Archiving Stale Data Efficiently
In order for organizations to find an effective solution to help deal with stale data and comply with defensible disposition requirements, there are 4 secrets to efficiently identify and clean-up stale data...
Rob Sobers
3 min read
-
May 15, 2012
Data Classification Tips: Finding Credit Card Numbers
Data classification is a critical piece of the data governance puzzle. In order to be successful at governing data, you have to know—at all times—where your sensitive data is concentrated,...
Rob Sobers
1 min read
-
Nov 29, 2011
Authorized Access – Understanding how US laws affect your authorization policies
In 1986, the United States Congress passed the Computer Fraud and Abuse Act (CFAA). While the intent of these laws were originally to protect government computers and information from hackers,...
Ken Spinner
3 min read