This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml



Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

Complying with breach notification laws, 25.7.05



Strategies for compliance

  • Identify systems containing personal information and enhance mechanisms to detect unauthorized conduct on networks. Because breach notification statutes are triggered when personal information is compromised, organizations should identify the systems on which such data is stored and enhance the means used, such as logging capabilities, to detect when a breach has occurred.
  • Encrypt personal information. The majority of the state statutes only require notification if a breach compromises unencrypted personal information. Organizations that encrypt personal information will not only better protect consumers but also avoid onerous notification obligations.
  • Amend incident response plan to require that key decision-makers are immediately alerted when breaches are detected. Because the statutes are likely triggered as soon as an intrusion has been detected by the IT department, organizations should ensure that incident response plans provide for timely reporting of incidents to those responsible for making notification decisions.
  • Adopt a corporate incident response policy that provides for notification. As noted, the statutes are modeled on California's law and generally provide more flexibility when 'a person or business maintains its own notification procedures as part of an information security policy for the treatment of personal information.' Companies now have significant incentive to develop their own form of incident response plans.
  • Ensure that third-party contracts involving the transfer of personal data include appropriate information security provisions. Breach notification laws provide no exception for when data within the possession of a third-party is compromised. Organizations should ensure that their contracts contain provisions requiring that vendors or subcontractors provide immediate notification of suspected breaches, and allowing the organization both to participate in the investigation of incidents and exercise control over decisions regarding external reporting.


Post a Comment



Integrity Incorporated

Site Feed

 Feedblitz email:

 RSS: http://linkingintegrity.blogspot.com/atom.xml

"We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
Compromise need not mean cowardice. .."

John Fitzgerald Kennedy, "Profiles in Courage"


07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08