Compliance

11/12/2009

Secure Value by Providing Privacy for Your Customers

Use free DMA tool to build privacy policy -- and then follow it!

The Direct Marketing Association offers a free Privacy Policy Generator.  It is touted as a tool that "Webmasters and administrators can complete a questionnaire (basing their answers on their site information policies) and create a privacy policy statement to be posted on their own Web page."

I suggest you use it a little differently.

Don't simply rely on your webmaster or an administrator to fill the survey in.  Use it as a chance to discuss your online privacy practices.  Do you do what you say you will do?  Real trust can only be built by your being transparent about your practices.  If you are collecting information on customers but don't want to admit to it are you operating in a way that builds consumer trust?

If you are building a new web based business use the survey to guide a discussion with your developer.  Only collect information that you need to serve the customer best.  If you aren't going to use it, don't collect it!

If you have an existing web facility use the survey to guide a discussion of your current practices.  Are you collecting information that isn't used?  Why?  If you aren't using it but collecting it you are either exposing yourself if you aren't properly protecting it or spending money to protect something that you don't need in the first place!


Related articles by Zemanta

Reblog this post [with Zemanta]

Posted at 07:39 AM in Committee Action, Compliance, Information Security Basics, Policy, Privacy, Secure Value, Secure Web Development, Social Media | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , ,

|

10/23/2009

Secure Value by Keeping an Eye on RedFlags ... some small businesses may be exempt!

Red flagImage via Wikipedia

Trying to manage the incoming waves of regulations is bad enough ... but keeping track of what is on and what is not on anymore is a tough job when you really just want to run and grow your business!

Short one this week.  You want to keep an eye on this news.  According to an article in SCmagazine.com there is a bill working its way through Congress that may exempt some small business from the RedFlags rules.

Related articles by Zemanta
Reblog this post [with Zemanta]

Posted at 09:20 PM in Compliance, Red Flags, Secure Value, Small Business | | Comments (0) | TrackBack (0)

Technorati Tags: , , ,

|

10/16/2009

Do Business in Nevada? Secure Value by Complying with New Security Act

NevadaImage via Wikipedia

Does your company transmit, process or store payment card data about any individual who lives in the State of Nevada?

If so you need to be aware of the new Security of Personal Information Act passed into law in Nevada.  In a nutshell, data collectors or merchants who collect card data to do business will be required to be compliant with PCI DSS in order to legally conduct business in Nevada.

I'm not going to spend time writing something up if I find something insightful already available.  Read the write up on the Nevada Security of Personal Information Act at InfoSecCompliance.

Reblog this post [with Zemanta]

Posted at 09:53 AM in Compliance, Information Security, Online Business, PCI, Secure Value | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , ,

|

09/25/2009

Business working with health care records? -- Secure Value by complying with HIPAA Breach Notice

Effective September 23, 2009

Just in case you forgot to put this on your calendar OR because it slipped your attention as you were trying to run and grow your business.  By way of HIPAA Breach Notice 74 Fed. Reg. 42740: "Any privacy breaches or security issues that are exposed on or after September 23, 2009 must be recorded and individuals notified.  This rule applies to group health plans and many other HIPAA-covered entities, and will be strictly enforced by HHS"

If you work with health care records of any type or provide services to entities that do, you need to understand what this means for your business.

 

Related articles by Zemanta
Reblog this post [with Zemanta]

Posted at 01:27 PM in Compliance, Secure Value | | Comments (0) | TrackBack (0)

|

09/15/2009

Secure Value by Protecting Yourself, Your Company, Your Customer

Secure PumpImage by david.nikonvscanon via Flickr

Understanding the Security Risks With Social Media for Business

We have taken the plunge as a firm and use Twitter, LinkedIn and Facebook to promote our personal brands, market our business and build community with customers and prospects.

While we've embraced the 2.0 world, we've done so with eyes wide open. As we use the technology to create benefits we also acknowlledge we create risks that must be identified, addressed and managed.

Most professionals, most firms using these new technologies are not "professional paranoids" like we us. 

If you are using Social Media and have concerns about the risks ... or if you have balked at adopting the technology because of your fears of those risks ... please join me for:

Understanding the Security Risks With Social Media for Business
September 21st, 2009
11:00 am — 1:00 pm

Register to join us.  We will discuss:

  • Privacy issues related to social media use
    • For yourself 
    • For your company 
    • For your customers 
  • Tactics to maintain privacy
  • Techniques to maintain security

You will certainly get a chance to network with other busy professionals.


Related articles by Zemanta

Reblog this post [with Zemanta]

Posted at 02:22 PM in Compliance, Information Security, Online Business, Policy, Privacy, Secure Value, Small Business, Social Media, Speaking Engagement | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , ,

|

08/31/2009

Secure Value by Understanding Your Customers' Data Protection & Compliance Issues

Be aware of your customers' data protection concerns to help build trust

Alphabet Soup II
Alphabet Soup II,
originally uploaded by cdw9.

All of these government regulations stand in the way of gettting things done sometimes ... FERPA, HIPAA, HITECH, COPPA ...  but understanding your customers' data protection needs as they relate to government compliance is a path to build trust.

While I was in Boston at the Campus Technology Conference I picked up a couple new followers to my Twitter account from the Other Side Group.  The Other Side Group is "a marketing and new media firm that helps organizations in the higher ed and non-profit spaces learn about and implement new communications techniques."  Their focus on higher ed and passion for non-profit work caught my attentino so I've been following their blog. 

I managed to eke out a decent comment on their blog to an entry they had written on Legal Issues and Social Media Use in Organizations and they repost it as a guest entry Follow up: Legal Issues and Social Media.

The key takeaway on my comment was "when you are dealing with a regulated business in areas that touch on protected data take some time to understand the issues. "  That fit the Other Side Group's work in higher education but it translates as important advice for anyone working in almost any business to business entity today.  Your customers care about protecting their data.  You had better care about it, too.


Reblog this post [with Zemanta]

Posted at 09:45 AM in Compliance, Secure Value, Small Business | | Comments (0) | TrackBack (0)

Technorati Tags: , , , ,

|

06/25/2009

Secure Value

Secure Value

Consideration for protecting company information in all business decisions builds and protects value.

Information security protects and builds value for businesses of all sizes.  Yet, executives, entrepreneurs and business leaders who make business decisions about the information in their business do not have the tools to include information security into their decision making.  This blog will detail information security topics at an executive level to assist business leaders, executives and entreprenuers in making decisions that build value.

As an entrepreneur I understand how critical trust is to success.  People aren’t going to do business with organization’s they don’t trust.

As president of an information security solution provider, Jacadis (www.jacadis.com), Columbus, Ohio, I work with business leaders and executives nervous that their company's critical data might be exposed and who are scared they are not compliant with the layers of government rules and regulations. 

Taking it one step further they should concern themselves with building a trustable business.

Most executives and entrepreneurs don’t have enough working knowledge of information security to include it planning.  The field is highly technical filled with jargon, complicated technologies, rules and regulations all supported by an alphabet soup of acronyms.  And so great business ideas get built and launched with little to no practical information security protections. Value is limited or exposed.

We don't build buildings without locks. 

Decisions about how we collect, store, process and protect data impact customer trust.  Yet, we do build technology solutions, information driven processes and innovative products without "locks".  Why?

Is trust important in your business? Do you extend a trustable network to your customers?  Do you have the tools to answer?

 

Posted at 12:09 AM in Compliance, Information Security, Secure Value, Small Business | | Comments (5) | TrackBack (0)

Technorati Tags:

|

My Photo

About

TypePad Profile

Get updates on my activity. Follow me on my Profile.

Twitter Updates

    follow me on Twitter
    Subscribe to this blog's feed
    Blog powered by TypePad
    Creative Commons Attribution-ShareAlike 3.0 Unported