Cyber-risk oversight guide aims to inform boardroom decisions

(Jan 13, 2017) The National Association of Corporate Directors at a press conference in Washington yesterday released guidance for directors struggling to manage cyber risks in the boardroom, Angelique Carson, CIPP/US, reports for The Privacy Advisor. Government officials from the Department of Justice and Department of Homeland Security joined the Internet Security Alliance and the NACD in releasing the "Director's Handbook on Cyber-Risk Oversight,” and took the opportunity to encourage private-sector busines... Read More

Resolutions for your health info privsec plan

(Jan 12, 2017) Kick off the new year with a health privacy and security plan with help from Davis Wright Tremaine's 2017 Health Information Privacy and Security New Year's Resolutions available in the IAPP Resource Center. The checklist maps out annual, quarterly and monthly tasks allowing you to set goals for completion and add completion dates for many important elements of a robust privacy and security program. Included are tasks like conducting a website privacy policy checkup, breach notification training... Read More

2017 Health Information Privacy and Security New Year's Resolutions

(Jan 11, 2017) Davis Wright Tremaine has created this checklist of potential health information privacy and security resolutions. It offers annual, quarterly and monthly lists to map out your privacy and security tasks for the year, and then you can check them off as you complete them. There are also empty rows for you to add your own resolutions.Read Now (PDF 1.45M)... Read More

An Introduction to Privacy Engineering and Risk Management in Federal Systems

(Jan 6, 2017) This document from NIST provides an introduction to the concepts of privacy engineering and risk management for federal systems. These concepts establish the basis for a common vocabulary to facilitate better understanding and communication of privacy risk within federal systems, and the effective implementation of privacy principles. This publication introduces two key components to support the application of privacy engineering and risk management: privacy engineering objectives and a privacy ... Read More

NIST publishes report on privacy engineering and risk management

(Jan 5, 2017) The National Institute of Standards and Technology has published its Internal Report 8062, "An Introduction to Privacy Engineering and Risk Management in Federal Systems." In a blog post announcing the report, NIST's Sean Brooks, Mike Garcia, Naomi Lefkovitz, Suzanne Lightman and Ellen Nadeau describe the report as a "document that we believe hardens the way we treat privacy, moving us one step closer to making privacy more science than art." They continue: "NISTIR 8062 introduces the concept of... Read More

Social engineering still a trouble spot for health IT

(Jan 3, 2017) Health care privacy and cybersecurity are hot topics among industry professionals, and nearly everyone has an opinion on what direction health care will go. One of the most troubling problems health care organizations face is handling and minimizing the amount of spearphishing attacks. While health care organizations can implement strong technological solutions to protect data, the human element involved in spearphishing attacks makes it a more vexing issue for providers to take on. Indiana Un... Read More

Hackers steal employee credentials from two NY law firms

(Jan 2, 2017) The Wall Street Journal reports two law firms in New York have suffered a major cyberattack. A criminal indictment unsealed by the Manhattan U.S. attorney’s office revealed three Chinese men stole law firm credentials from employees at both Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP. The men used the credentials to access internal emails at the firms. Using information obtained in the emails, the three men made more than $4 million in illegal stock trades. The incident high... Read More

Getting the Right Information to the Right Health Care Providers at the Right Time: A Road Map for States to Improve Health Information Flow Between Providers

(Dec 22, 2016) This report from the National Governors Association is designed to help governors, their senior health policy officials, state lawmakers, state health IT officials and state legislative counselors evaluate and implement changes to achieve better health, better care and lower costs, by increasing the flow of clinical health care information between health care providers while protecting patient privacy, as a step toward nationwide interoperability. Read Now (PDF 5.8M)... Read More

Ethically Aligned Design: A Vision for Prioritizing Human Wellbeing with Artificial Intelligence and Autonomous Systems (Version 1)

(Dec 22, 2016) IEEE published this document to advance a public discussion of how artificial intelligence and autonomous systems can be aligned to moral values and ethical principles that prioritize human wellbeing.It comprises eight sections, each addressing a specific topic and including recommendations and concerns voiced by committees within the IEEE Global Initiative. Read Now (PDF 1.46M)... Read More

NTIA releases initial findings on vulnerability research disclosures

(Dec 16, 2016) In a post for the National Telecommunications & Information Administration, Deputy Assistant Secretary for Communications and Information Angela Simpson announced the release of initial findings, recommendations and resources for vulnerability research disclosures. Part of a new cybersecurity multistakeholder process, the effort hopes to "enhance cooperation and lead to a more secure digital ecosystem," Simpson writes. "Vulnerability disclosure has long been an ... important issue in cyberse... Read More