Forget a National Data-Security Standard; I’d Be Happy with a One-Word Correction

I recently had the opportunity to watch recorded versions of the congressional hearings on cybercrime and the post-Thanksgiving data breaches. I came away confused and longing for a simpler time.

Not for a time, as you may think, when we didn’t have international computer hackers. I’m longing for a time when language didn’t fail us, when words would capture a concept and the definition would be so right that it addressed whatever future circumstances brought.

More from Jane Carpenter

Top 10 Data Privacy Tips for 2014 #DPD14

By Dana Simberkoff, CIPP/US

With privacy breaches and security threats making headlines around the world on a daily basis, it’s becoming increasingly obvious to most enterprises that the personal information and sensitive data they hold is an extremely valuable commodity. However, shared inappropriately—whether by accident or breach—the disclosure of sensitive data can have dramatic financial impacts on an organization and erode consumer trust. The good news here is that this should be highly preventable. So in honor of Data Privacy Day—which will be celebrated this year on Tuesday, January 28—here are 10 tips for improving your privacy and data protection programs in 2014.

More from Dana Simberkoff

The Year in Review

2013: The Year of Privacy

Privacy Perspectives word cloud

If there ever was a “year of privacy,” surely it was 2013. A year that ends with dictionary.com selecting “privacy” as “word of the year;” with privacy making front-page headlines in The New York Times and The Washington Post (not to mention The Guardian) on a weekly, indeed almost daily, basis; with cross-Atlantic ties stretched to the limit over privacy issues, the UN passing a privacy resolution and armies of lobbyists spinning BCRs and Do-Not-Track in Washington bars and Brussels cafes—ladies and gentlemen, 2013 was the year of privacy.

More from Omer Tene

Cyber Insurance

Cyber Insurance: Three Common Myths Debunked

By Michael Bruemmer, CIPP/US

In the past, cyber insurance was a polarizing issue in my discussions with privacy and risk professionals. Some professionals where adamant about the benefits of cyber insurance, while others worried that the policies currently on the market didn’t meet its needs or were too costly.  However, I believe the industry is maturing and the coverage options today are much better than just a few years ago.

More from Michael Bruemmer

Breach Notification

The Many Lives of PII

By Annie C. Bai, CIPP/US

Can you believe how many different state laws we privacy pros need to reference just to determine what is PII? I mean, how many definitions could there be for one short phrase? I am not talking about Pi, the mathematical term, but the acronym for the likewise complex concept of “personally identifiable information.” 

The definition of PII is important because it is a trigger for breach notification requirements in 48 U.S. jurisdictions (that’s 46 states plus D.C. and Puerto Rico). But it varies so much that I find myself constantly referencing complex charts, links and statutes to check on its meaning in a given state. Thankfully, the spirit of Halloween has bestowed upon me some inspiration in my search for broader understanding of these definitions. I’ve clustered the 48 definitions of PII into seven groups with similar definitions and dressed them up for Halloween. It’s easier to get acquainted with these definitions when I imagine each cohort as a persona. These personae are the seven PII archetypes.

More from Annie C. Bai