Resources to Protect Personal Privacy and Mobile Security

What are you doing to celebrate Data Privacy Day? Led by the National Cyber Security Alliance, a nonprofit focused on cyber security education for online citizens, Data Privacy Day is celebrated every January 28th. Data Privacy Day recognizes the 1981 Convention 108, which was the first legally binding international treaty dealing with privacy and data protection, according to StaySafeOnline.org.

Business Data Security Resources
The purpose of Data Privacy Day is to empower people to protect their privacy and escalate the protection of privacy and data. The first step to empowerment is knowledge. Therefore, I have put together a number of personal privacy, mobile security and HIPAA & PCI compliance resources for businesses. Enjoy and celebrate!

Personal Privacy & Identity Theft

• Fighting Fraud with the Red Flags Rule: A How-To Guide for Business, Getting Red Flags Ready video and Do-It-Yourself Template for Low Risk Businesses:  Review these great FTC resources on the Red Flags Rule, which requires organizations to implements a written Identify Theft Prevention Program.
• Protecting Personal Information: A Guide for Business: The FTC offers tips for businesses to create a plan for safeguarding personal information
• Information Compromise and the Risk of Identify Theft:  Guidance for Your Business:  Steps to take and who to contact if sensitive data is compromised.
• Business Must Provide Victims and Law Enforcement with Transaction Records Relating to Identify Theft: Outlines how businesses should comply with the Fair Credit Reporting Act (FCRA).
• The Workplace Privacy Data Management & Security Report offers information and updates regarding privacy preventive strategies and solutions for the workplace.
• Generally Accepted Privacy Principles (GAAP): designed to help management address privacy obligations and risks and evaluate current privacy programs.
• DataGuidance is a comprehensive global privacy database that brings together legislation, code of practice and case law.

HIPAA and PCI Compliance

• HIPAA Compliant Hosting White Paper:  Describes a HIPAA compliant data center IT architecture, contractual requirements, benefits and risks of data center outsourcing and vendor selection criteria.
• HIPAA Glossary of Terms: A collection of basic HIPAA terms to help you understand HIPAA compliance.
• HIPAA Resources: Policies, Procedures and Training Materials:  HIPAA compliant resources for companies needing examples of HIPAA policies, procedures and training materials.
• Understanding HIPAA Privacy for Covered Entities:  Learn what entities must comply with the HIPAA Privacy and Security Rules, the requirements of the HIPPA rules, and assistance to implement and maintain HIPAA compliance.
• OCR Summary of HIPAA Privacy Rule:  Includes key elements of the Privacy Rule, who is covered, what is protected, individual rights, and uses and disclosures of protected health information.
• PCI Compliant Hosting White Paper: Explores the impact of the PCI DSS standard on data centers and server infrastructure, describes the architecture of a PCI compliant data center.
• What is PCI Compliance?: Understand the Payment Card Industry Data Security Standard (PCI DSS) requirements and who needs to be PCI compliant
• PCI Glossary of Terms: A collection of basic PCI terms to help you understand PCI compliance.
• PCI Report on Compliance:  A PCI Security Standards Council template for PCI compliance.

Data Privacy for Mobile Security

• Mobile Security White Paper: Explores approaches to mobile security from risk assessment, enterprise architecture, policies and technologies, and mobile security architecture.
• BYOD: From Concept to Reality: During this presentation, Kirk Larson, VP & CIO at Children’s Hospital Central California, explains how the hospital uses a virtual environment to securely manage a BYOD (Bring Your Own Device) environment.
• Overcoming Cloud-Based Mobility Challenges in Healthcare: This webinar reviews the common challenges associated with mobile enablement, and introduces the new technologies that are empowering healthcare providers to securely engage their patients and practitioners through the mobile channel.
• Bring Your Own Device: Addressing the Security Challenges of Employee-Owned Devices in the Workplace: Archived Recording of a National Webcast Initiative available from MS-ISAC (Aug. 25, 2011)
• 2012 State of Mobile Health IT: The 2nd Annual HIMSS Mobile Technology Survey, sponsored by Qualcomm Life, found that over 90 percent of respondents reported physicians using mobile technology in their everyday operations.
• Latest Federal Mobile Malware Report: The Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), recently released a report on the latest versions of mobile malware to affect Android smartphones.
• PCI Mobile Payment Security Recommendations Released by PCI SSC: The PCI SSC (Payment Card Industry Security Standards Council) just released a document addressing mobile device (smartphone, tablet or PDA) payments, PCI Mobile Payment Acceptance Security Guidelines, version 1.0.
• Bring Your Own Device: Dealing with Trust and Liability Issues: Forbes (Aug. 17, 2011)