Thursday, October 31, 2013

The lady doth protest too much, methinks.


From the headlines of the worldwide press:

Chinese DM urges stronger information security
China says it will take measures to uphold its information security in ...
China to step up own security after new NSA allegations

This is getting old. All countries spy on each other, and, IMHO, German (and France and Israel, for that matter) has never been a good ally, just a benefactor of American largess. And, China ... well, it's China.

I suspect much of this is theater for local enjoyment. No government can appear soft on something as "ungentlemanly" as this.

Tuesday, October 22, 2013

TSA Expanding Its Screening of Passengers before They Arrive at the Airport


So, according to the NY Times, the TSA "is expanding its screening of passengers before they arrive at the airport by searching a wide array of government and private databases that can include records like car registrations and employment information."

I find this far more worrisome than the masses of information the NSA is capturing, or Google, Apple, Facebook, and others of their ilk. It won't be long before the TSA is screening rail travel, buses, using the ubiquitous roadway surveillance cameras to prevent us from driving, (use your imagination here), ...

Unfortunately, it'll never stop. Like the DEA, which has a vested interest in ensuring that the war on drugs never ends, the TSA needs to insinuate itself into every aspect of our lives in order to guarantee its existence beyond the Rapture. God help us all.

Friday, October 18, 2013

GAO: Centers for Medicare and Medicaid Services Needs to Pursue a Solution for Removing Social Security Numbers from Cards

The GAO recommends that CMS initiate an IT project to develop a solution for SSN removal and incorporate such a project into plans for ongoing IT modernization initiatives. HHS agreed with GAO's recommendations, if certain constraints were addressed. However, GAO maintains that its recommendations are warranted as originally stated.

What they really need to do is de-identify and anonymize data.

Of course, we have books that will help solve the problem.

Guide to the De-Identification of Personal Health Information 

In this book Khaled El Emam, the founder and CEO of Privacy Analytics, Inc., offers compelling practical and legal reasons why de-identification should be one of the main approaches to protecting patients’ privacy, this book outlines a proven, risk-based methodology for the de-identification of sensitive health information. It situates and contextualizes this risk-based methodology and provides a general overview of its steps. The book supplies a detailed case for why de-identification is important as well as best practices to help you pin point when it is necessary to apply de-identification in the disclosure of personal health information.

The Complete Book of Data Anonymization: From Planning to Implementation

Data anonymization provides a systematic and integrated approach to privacy protection that goes far beyond simple data-masking or network security from external or internal theft. In book, Balaji Raghunathan of Infosys Ltd. discusses the analysis, planning, set-up, and governance, this timely manual illuminates the entire process of adapting and implementing anonymization tools and programs to increase the success of privacy protection in vulnerable organizations. Providing a 360 degree view of data privacy protection, it details data anonymization patterns, automation/tool capabilities, and the key factors for success in disguising the person behind the data.

Wednesday, October 9, 2013

Jay Trinckes to Speak at Financial, Operations Management/Information Technology Conference

Jay Trinckes will speak at the Financial, Operations Management/Information Technology Conference, November 12-14, 2013.

His topic is “Avoid Penalties: Ensuring Compliance with the September23, 2103 HIPAA Privacy and Security Omnibus Rule.”

Jay is the author of The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules and The Executive MBA in Information Security.