Minimize

Ask Rebecca Herold your IT compliance questions!
 Contact Rebecca Herold
 through email, the
 discussion board, or IM.
  Learn more...

     

Presented by Realtimepublishers
Welcome to Realtime IT Compliance!

Welcome to Realtime-IT Compliance, the Web's first IT Compliance community!  Follow along as IT Compliance expert Rebecca Herold leads interactive forums, blogs, news stories, articles, podcasts, and webcasts to create a new type of interchange between compliance and information security practitioners, academia, vendors, consultants, auditors and regulators...and anyone else who is interested in these intriguing topics.

Where can you hookup with local women?

Are you needing to find sex using the internet? We've used our IT company to review the technology of the best Sex Centre on the internet. Right now, there is about 30 different sex sites for local singles we can recommend, if your best one isn't on the list, make sure you leave us a review at fuck singles.

Why do you need sex sites?

When you need to a free sex dating sites - you have to see what the other members are like. That's why I have been using them to meet the sexiest ladies I can, for very little money!

Realtime-IT Compliance provides a learning environment allowing all levels of information sharing about the vast array of ever growing IT Compliance issues.  If there is a topic or issue you would like to see covered here, please send a message to Rebecca and let her know!  She is happy to hear from you and wants to answer your questions!

 

it_podcast_medium.png it_weblog_medium.png 

     

Latest Articles on Realtime IT Compliance Minimize
The Business Leader Data Retention & E-Discovery Primer by Rebecca Herold - Friday, August 04, 2006

Many organizations are taking advantage of using a wider range of communication systems and technologies than ever before. For example, just to name a few:

  • Voice over IP (VoIP) is used not only for voice communications but also often integrated with the corporate email system. 
  • Instant messaging (IM) is commonly used to allow real-time interactive business communications. 
  • Blackberry messaging devices are used by a large number of business personnel to send and receive email no matter where they are at, at any time of the day.
These are certainly timesaving and efficient business tools. However, business leaders need to consider the archiving, retention, and discovery requirements that are involved with these technologies to ensure they are not unknowingly putting the business at information security, privacy, and/or legal risk with the ways in which the technologies are implemented.  In this paper I discuss some of the important data retention and electronic discovery issues that each organization must consider and plan for.  These issues can cost organizations much time, resources and money if not addressed properly.  

The Business Need for Information Security and Privacy Education - Wednesday, July 26, 2006
Your organization's personnel hold the security and privacy of the organization's information in their hands; both figuratively and literally. Businesses depend upon their personnel to handle their valuable data responsibly and securely. Without effective personnel education, businesses face significant negative business impact and even possible business failure from the consequences. You cannot expect personnel to know how to effectively protect information if you do not communicate to them on an ongoing basis how to provide that protection while doing their day-to-day job responsibilities.  There are many compelling reasons for businesses to implement an effective information security and privacy education program, including addressing legal and regulatory requirements, raising awareness and understanding, and helping to reduce insider threat of information misuse and fraud.  This paper discusses the reasons why businesses must implement an effective privacy and information security education program.  
The Business Leader’s Primer for Incorporating Privacy and Security into the SDLC Process - Friday, July 21, 2006
It is important for business leaders throughout the enterprise to understand the system development life cycle (SDLC) and how decisions made can impact, negatively or positively, the entire business. First and foremost, systems and applications must be built to support the business in the most efficient and effective manner possible. Business leaders must be involved with the process to ensure systems and applications are being developed to meet this goal; the information technology (IT) areas cannot create applications and systems on their own and reach this goal. Second, applications and systems must be created to reduce risk to the level acceptable by the business, as well as to meet compliance with applicable laws, regulations, and contractual requirements. This paper provides an overview for business leaders about the importance of incorporating information security and privacy into the SDLC, and key information security and privacy activities to address within each SDLC phase.  
What Healthcare Organizations Need to Know About HIPAA, Minors and Privacy by Rebecca Herold - Monday, July 10, 2006
The Health Insurance Portability and Accountability Act (HIPAA) has some specific requirements related to handling the protected health information (PHI) for minors and for the types of access that can be allowed to this information, even to parents and guardians. Many state-level laws also have requirements for restricting parental and guardian access to minors’ PHI under certain conditions. With the commonplace practice of allowing individuals access to their account information via Internet applications, particularly among health insurance companies and pharmacies, it is important that covered entities consider the issues and impacts of providing access to the PHI of minors through such automated means as well as in person. This paper provides information about the issues organizations, such as healthcare insurers, healthcare providers and pharmacies, need to address when establishing ways to restrict access to minors' PHI.  
     

Industry Watch Minimize
Education Dept. Offers Free Credit Monitoring - Friday, August 25, 2006
(The WBAL Channel) - The Education Department said Wednesday it would arrange for free credit monitoring for as many as 21,000 student loan borrowers after their personal data appeared on its Web site.  Terri Shaw, the department's chief operating officer for federal student aid, said the people involved are holders of federal direct student loans who used the department's loan Web site - www.dlssonline.com - between Sunday and Tuesday.  It is the latest in a string of data thefts and security breaches affecting more than a half-dozen federal agencies in recent months.  
Identity Theft: Are YOU Ready? - Friday, August 25, 2006
(American Chronicle) - We're fast approaching the high time of year when we all start getting those emails that want to purloin our secret codes and passwords. You know the ones that have subject lines like: “Your Account Is About To Be Closed,” “There’s A Block On Your Account,” “Could You Help Me Claim My Funds,” or my all-time favorite “Congratulations – You’ve Won The UK Lottery.”  This is the time of year when we start thinking about shopping for gifts for family or customers, and the last thing we need is for our bank or credit cards account to be hindered. That is exactly what these “identy thieves” are counting on, and unfortunately some of us are tempted to follow the instructions sent to investigate.  
Policewoman is jailed after leaking secret info to felon - Thursday, August 24, 2006
(ic Berkshire) - A BENT copper is behind bars after she admitted leaking confidential information to her friends about a convicted felon.  PC Victoria Hazell and her boyfriend PC Duncan Mollison were arrested in February last year after their home in Little Horse Close, Earley, was bugged.  
AT&T files suit to stop unauthorized access to phone records - Thursday, August 24, 2006
(The Business Journal of Milwaukee) - AT&T Inc. filed a lawsuit in federal court Wednesday against two dozen so-called data brokers who the telecommunication company alleges fraudulently collected call records on 2,500 customers. AT&T spokesman Walt Sharp says the lawsuit involves 25 unidentified brokers, who the company claims set up unauthorized online accounts posing as the customers in order to find out whom their customers have been calling.  
S.D., Texas top list for data security hubs - Wednesday, August 23, 2006
(North Jersey) - Almost heaven, South Dakota. Low-cost labor. Nice, secure location.  That's the tune being sung by The Boyd Co., a Princeton-based real estate consultant.  The firm just completed a marketing study on top locations for data security centers, as banks are expected to increase investment in that area amid growing concern over terrorism, natural disasters, identity theft and fraud.  
Report: Software glitch affects student loan Web site - Wednesday, August 23, 2006
(SeaCoastOnline) - A software glitch at a federal Department of Education student loan account Web site allowed some users to access other people's personal information early this week, The Boston Globe reported Wednesday. The newpaper reported the problem affected people who accessed their accounts between Sunday night and Tuesday morning and tried to use certain parts of the Web site. Holders of federal direct student loans can manage their accounts at the site. Other types of student loans are managed through private companies.  
Effectively using vulnerability management data - Tuesday, August 22, 2006
(Search Security) - Many organizations have found that outsourcing their vulnerability management (VM) services helped reduce headcount, administrative overhead, and equipment and personnel expenses. But before getting too excited about what outsourcing vulnerability management could do for your organization, keep in mind that how well you set expectations upfront will determine, in part, how successful the project is. Outsourcing veterans know that creating clear and direct service level agreements (SLAs) and ensuring all the contractual "T"s are crossed and "I"s are dotted can help prevent after-the-fact confusion, such as escalation snafus and accountability mishaps. But what may be overlooked is who will control access to and sharing of the collected data.  
Transforming Information into Valuable Business Assets - Tuesday, August 22, 2006
(SDA Asia) - While information is oft-described as the lifeblood of business, the sheer volume of data generated in the course of everyday work makes the analogy of knowledge workers drowning in an ocean of information a more apt one. Indeed, data volumes are growing at such a rapid clip that Meta Group[1] has projected aggregate storage growth of 45% annually, yielding an increase of 34 times in storage floor space within the next five years. In addition, not all data are created equal: 90 percent of the data stored is rarely accessed, and the value of specific data may change significantly over time[2]. Further compounding the data challenge is the enactment of regulations such as HIPAA and Sarbanes-Oxley, governing the use, storage and retrieval of corporate information.  
Reasonableness prime in employees' privacy rights - Monday, August 21, 2006
(Law Times) - Because privacy law has become increasingly codified over the last few years — the federal government, Alberta, British Columbia and Quebec all have privacy statutes — it's easy to forget that reasonableness is still a significant consideration in privacy law, particularly for employers.  Jeffrey Goodman says two Alberta privacy decisions illuminate how employers can and can't use information about employees.  "Even with consent, organizations may collect, use or disclose personal information only for purposes that a reasonable person would consider to be appropriate in the circumstances," says Jeffrey Goodman of Heenan Blaikie LLP's Toronto office.  
AOL Fires CTO Over Search-Record Disclosure - Monday, August 21, 2006
(CIO News Alerts) - AOL, Time Warner’s Internet arm, fired its Chief Technology Officer, Maureen Govern, and two additional employees in response to the recent firestorm the Web giant faced from journalists, critics and privacy activists alike over its early August release of the results millions of searches performed by more than 650,000 of its users between March and May, The Wall Street Journal reports.  The news comes from sources close to the move who spoke with the Journal.  
Data protection: our rights to privacy - Sunday, August 20, 2006
(Times of Malta) - Our reader is the honorary secretary of a newly-founded association which has been set up for philanthropic purposes. He is asking whether there are any obligations under the Data Protection Act.  Indeed there are certain obligations to be complied with - as the association is made up of members, a list of these individuals is kept and this membership list or roll will, as a minimum, contain in relation to every member the name and surname, the address and other contact details.  
The United Kingdom Data Protection (Processing of Sensitive Personal Data) Order 2006 - Sunday, August 20, 2006
(Compliance and Privacy) - The UK Data Protection (Processing of Sensitive Personal Data) Order 2006 sneaked onto the United Kingdom statute books without any great fanfare on 25 July 2006. It allows the Police to pass details of cautions and convictions relating to certain offences of viewing child pornography over the internet, to banks and card providers, so that they can cancel the credit/debit/charge cards that were used in purchasing such images.  Until now, the banks would not have been able to find out that someone had used their card to commit an offence, as the Data Protection Act protects sensitive personal data (including cautions and convictions) from disclosure unless certain conditions are met. However, the Government can make an order allowing disclosure of such data in certain circumstances, which is what they have done here.  
CIA software raises privacy concern in Canada - Saturday, August 19, 2006
(CTV) - Software that will help sort millions of Canadian health records was developed by a company funded through the CIA's venture capital partner, sparking concerns about the confidentiality of patient data. Privacy advocates are raising questions about Canadian use of the Initiate Systems indexing program given its creator's financial connection to In-Q-Tel, a private firm that helps the U.S. Central Intelligence Agency zero in on promising technology.  
Gearing Up for New Rules' EDD Nuances - Saturday, August 19, 2006
(Law.Com) - On Dec. 1, 2006, assuming no last-minute action from Congress, new Federal Rules of Civil Procedure governing electronically stored information go into effect. The new rules will apply to all cases filed after Dec. 1, and to all pending cases to the extent "just and practicable." You've heard the news before, probably attended CLE programs discussing them, and may even have the text of the rules on your desk to read sometime soon. But do you understand what these rule changes really mean, as a practical matter, to you and your clients? Are you prepared?  
     

Join the Conversation Minimize
RE: Skype, security and compliance concerns?
in Ask Rebecca
RE: Skype, security and compliance concerns?
in Ask Rebecca
RE: Skype, security and compliance concerns?
in Ask Rebecca
Skype, security and compliance concerns?
in Ask Rebecca
RE: Unified Messaging and eDiscovery
in Ask Rebecca
RE: Guidelines for troubleshooting Windows XP Professional using System Monitor
in Ask Rebecca
Guidelines for troubleshooting Windows XP Professional using System Monitor
in Ask Rebecca
RE:Unified Messaging and eDiscovery
in Ask Rebecca
RE: Do you think there will be an increased focus on enforcing HIPAA?
in Ask Rebecca
Do you think there will be an increased focus on enforcing HIPAA?
in Ask Rebecca
   

• Privacy Statement