Next law up for revision may be ECPA

Citing the drastic changes in the technological landscape since the law was first passed, a coalition of tech industry heavyweights has launched an effort to persuade Congress to update or revise the Electronic Communications Privacy Act…

As cloud computing gains momentum, so does government attention to privacy and security

While still marked by more hype than tangible success, cloud computing remains an area widely viewed as inevitable in both commercial and public sector markets. Whether you accept the predictions of cloud service vendors or favor…

Better access restrictions needed for medical information

A fair amount of attention is appropriately being focused on the need to maintain appropriate access controls on electronic health record systems and other sources containing personal health information. Among the HIPAA privacy provisions that were…

FTC settlement with Dave & Buster’s shows broad range of security failures

In a notice published yesterday, the Federal Trade Commission (FTC) announced the terms of a settlement to which entertainment chain Dave & Buster’s agreed stemming from FTC charges that the company failed to adequately protect customer…

Federal information security focus shifting to next-generation FISMA, continuous monitoring

While we have seen perennial efforts in Congress to revise or replace the Federal Information Security Management Act (FISMA) and shift government agencies’ security focus off compliance efforts and reporting mountains of paperwork on their information…

How much security is enough and, is the answer the same in a courtroom?

One of the recurring questions in information security management is how much security is “enough”? For organizations that have adopted risk-based approaches to information assurance, the level of security protection they put in place is directly…

ONC to survey public on attitudes about health information exchange

Providing further evidence that the HHS Office of the National Coordinator (ONC) is increasingly focused not only on addressing personal privacy concerns related to the use of health IT and health information exchange but also on…