It’s Privacy Monday again – and summer is winding down.
Here are three bytes of privacy/security information to start your week:
1. House Committee Releases HHS Breach Investigation
If you are subject to HIPAA and the oversight of the Department of Health and Human Services (HHS), schadenfreude will probably best describe your reaction.
A report recently released by the House Energy & Commerce Committee reveleaed that hackers have breached at least five divisions of HHS — including the FDA — in the last three years.
“What we found is alarming and unacceptable,” committee Chairman Fred Upton, Michigan Republican, and Oversight and Investigations Subcommittee Chairman Tim Murphy, Pennsylvania Republican, said in a joint statement. “At a time when sensitive information is held by so many in the public and private sectors, Americans should not have to worry that the U.S. government is left so vulnerable to attack.”
The 27-page review of HHS information security found that the breaches were unsophisticated and the affected agencies “often struggled to provide accurate, clear and sufficient information on the security incidents” during the course of their investigation. According to the committee, officials at two breached agencies were unable to provide accurate details about security incidents within their own networks. “These incidents raise questions about whether information security officials have the appropriate level of expertise,” the report reads.
2. More FTC Enforcement of US-EU Safe Harbor
Some good pointers from the FTC’s Business Blog:
Be a tickler stickler. Once your company has complied with the Safe Harbor Framework’s self-certification requirement, use the tickler feature on your calendar to revisit it before your certification expires. Consider if any changes at your business have affected those seven privacy principles. If you’re still compliant, honor your annual obligation to renew your certification.
3. Privacy Webinar Reminder – August 26
Third party vendor risk is a difficult risk for companies to manage, and yet it is one of the most pervasive vulnerabilities in the security supply chain. Join us for a discussion of vendor risk management and data protection next Wednesday, August 26 at 1 PM ET. Since it’s a webinar, you can even log in from one of those last days at the beach … we won’t ask.
Registration is here.