Home
Identity Theft Blog
Victim Solutions
Identity Theft Overview
Identity Theft Laws
Identity KAOS
Theft Prevention
Credit Card Fraud
Travel Security
Computer Security
Fraud Detection
Identity Theft News
Workplace Security
Identity Theft Test
Free Newsletter
Resources
Contact /Advertise
About
Services

XML RSSSubscribe To This Site

XML RSS
Add to Google
Add to My Yahoo!
Add to My MSN
Subscribe with Bloglines

Workplace Information Protection

Businesses, small and large, have to deal with workplace information protection and privacy to some extent. The degree, to which these businesses and their management protect their confidential information including employee and client personal information, depends largely on a) their self-interest, b) the regulated environment in which they operate and must comply with, and c) their desire for good business practice.

Self Interest

Many businesses have trade secrets, which if stolen can provide competitive disadvantage and either end their business life, or if they’re lucky, just vanish their expansion and growth aspirations simply put. Therefore, they must protect that business confidential information at any price or they’ll disappear in no time. Businesses spy on each other all the time for valuable trade secrets to help them gain competitive advantage over whether it’s the launch of a new product and service or improvement of existing processes to increase efficiency, productivity and client base. Each business must determine what information is important to them and place security controls around them to secure their business viability and future growth. This is what I mean by “self interest”, protecting something that’s important. Other areas of self interest are financial fraud and to a lesser degree management attachment to the information protection field as certain key management members may be more security conscious than others, possibly due to their past professions and experiences, and therefore place importance on workplace information protection.

Regulations

Some businesses, depending on the nature of their business and industries in which they operate, have been scrutinized for many years and continue to be heavily regulated by the government such as financial institutions and healthcare companies. Businesses spend a lot of money just to keep up and comply with such regulations. Although, we can always debate over the usefulness of these laws and whether they’re worth the cost companies have to pay in order to comply, there is no doubt that following many of the business scandals and loss of public confidence, the government had to do something to prevent another corporate financial disaster that wipes out people’s retirement accounts, or another personal data leak that leads to mass identity theft and identity fraud. In my opinion, these laws, to some extent, help improve the corporate security controls by raising awareness, visibility, authority and oversight, and ensure confidentiality, integrity and availability of personal and financial data, but we need a national law, similar to the European Data Protection Directive, to address the corporate security issues in a consistent manner. There are too many laws floating around, at the federal and state level, overlapping each other, which if consolidated can address most of the risks in a consistent manner. But right now, the laws are too scattered, and may or may not apply to certain industries or even address all workplace information protection risks. Below are a few of the laws that companies have to comply with:

The Gramm Leach Bliley Act or GLBA was created to modernize the financial institutions' privacy law. In general GLBA relates to a "best practices" protection for an individuals' banking statements, social security number, credit card numbers, tax information or other personally identifiable information (PII).

Health Insurance Portability and Accountability Act or HIPAA, which applies to practically all healthcare plans and providers, required improved efficiency in healthcare delivery by standardizing Electronic Data Interchange, and protection of confidentiality and security of health data through setting and enforcing standards.

The Sarbanes-Oxley Act was signed into law in 2002 to improve corporate governance and ensure integrity of financial data. It introduced stringent new rules to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.

The details behind some of these laws and others that impact identity theft and information security can be found in the identity theft laws section. These regulations often require establishment of many security components such as policies, procedures, standards, and an executive security position for managing workplace information protection risks among others.

Good Business

Having adequate workplace information protection controls just makes good business sense and not only can it save money spent on endless investigations, public relations, consumer notification and recovery of lost data, but can also build consumer confidence. Would it not make sense to secure the online transactions and protect the business and client information at the same time? Consumers are more reluctant to do business online as news of data leaks continue to emerge in the business sections of major newspapers almost weekly, but, would be more inclined to trust doing business online if businesses were able to buy their confidence back through their actions.

We will explore in detail 1) the scope of the information that needs protection, 2) the nature of the information to be protected, 3) rational for and extent of data protection, and 4) strategies for managing workplace information protection.

General Risk Areas

Travel Security Increase your security awareness when you travel.
Computer Security Apply the minimum computer security measures.

Workplace Information Protection Articles

Information Security Shortfalls - Companies often face varying degrees of information security shortfalls which might be voluntary and with serious long term consequences for themselves, their industries and society.
Electronic Health Record - Patient health information is converting to electronic health record and to expedite the transition, the US government is offering a unique cash incentive program to eligible program participants.
Information Security Purposes - Depending on the type of organization, there are generally three information security purposes; securing the business information, protecting customer information, and, complying with various laws.
Internet Security Initiative - An internet security initiative was announced by the Department of Homeland Security (DHS) which aims to improve cyberspace and secure online identification.
Define Personal Information - We must first define personal information per the appropriate privacy laws in order to properly identify and protect them.
Protect Stored Information - As confidential information is stored on mobile storage devices, management must protect stored information through policies and automated tools for detecting and preventing unauthorized storage.
Thought Authentication - Although somewhat futuristic, thought authentication may just be the next generation of authentication mechanism for accessing systems.
Influential Information Security Leader - I have identified the top three characteristics of an influential information security leader to be trust, credibility and reporting level within the organization.
Customer Role - Businesses must acknowledge the customer role as a business partner in the battle against identity fraud and provide the necessary customer awareness and education.
Company Identity Theft - Similar to consumers, businesses are not immune to identity theft and in fact company identity theft is a serious threat to any business with credit lines and great reputation.
Certified Identity Protection Advisor ™ - Become a Certified Identity Protection Advisor ™ (CIPA). Learn about the exam and certification process.
Employing Ex Hackers - Employing ex hackers to help identify computer security vulnerabilities is a smart idea as they are highly skilled, but such actions must be carefully managed.
Disgruntled Employee - A disgruntled employee is a workplace information protection risk that should be taken seriously, especially during massive business changes.
Identity Theft Lawsuits - I've recently been asked what the future holds for companies and consumers from an identity theft risk standpoint. My answer is more identity theft lawsuits.
IdentityMate Consulting - IdentityMate is an identity risk management firm providing workplace information protection solutions to both consumers and companies.
Privacy or Security - Some people still lack the knowledge about the privacy or security roles. This article might shed some light on their differences and similarities.
Poor Identity Management - The purpose of this article is to discuss poor identity management practices on the part of business management and consumers which lead to identity theft, fraud, privacy violations and poor overall workplace information protection practices.
2008 Security Incidents - It was recently reported that the 2008 security incidents were on the rise compared to 2007 and there are very good reasons why. Let's explore the causes for these incidents.
Identity Management Institute - Identity Management Institute is established to redefine the identity management field, help professionals connect to one another, increase identity risk awareness and help solve identity challenges.
Policies and Procedures - Policies and procedures are major tools to reduce an organization's risks and as such must be carefully developed for high risk areas of any organization.
Identity Safeguard - Companies which must collect and manage customer private information as part of their business operations must incorporate and monitor the identity safeguard controls.
TJ Maxx Identity Theft - The computer intrusion case inflicted upon TJ Maxx continues to be one of the largest and most complex identity theft casees in recent history.
System Accounts - System account management is one of most challenging workplace information protection areas that must be properly managed to reduce the risk of account misuse and lack of ownership.
Data Breach Notification - Following a personal information security incident, a consumer data breach notification is necessary to team up with customers to prevent and detect fraud.
Security Negligence - Information security negligence is a common occurrence although businesses are starting to slowly address business related information security risks.
Chief Education Officer - Large and regulated companies must assign a Chief Education Officer to coordinate all corporate training efforts and manage business risks including regulatory compliance.
Corporate Security Accountability - Management must assume corporate security accountability to effectively protect consumer information and comply with information security laws and regulations.
Just Needed Training - Employee training needs must be properly assessed to develop a focused training scope. Just Needed Training provides a process to effectively define, prioritize and provide training.
Information Security Risks - These are some of the most important information security risks for the information security function within any organization in possession of confidential information assets.
Data Security Breach - As we continue to see more data security breach cases, their causes continue to remain the same.
Increased Secretary Power And Access - Once in a while, executives might assign administrative task to their assistants requiring boss’s privileged access rights, thus increasing secretary power.
A Factual Article Is Not Inclusive Of All Risks - When writing an article about a certain risk, some factual article may be based on objective facts as evidenced in the news, but others may just be based on subjective judgment.
Fraud Notification Process - When companies face stolen or lost personal information, they must carefully consider the fraud notification process, which includes discovery, identification and fraud probability assessment.
Information KAGE Security Framework - The Information KAGE security framework is created to simplify management’s process for developing an information security strategy and risk management.
Why Some Executives Abuse Power - Some corporate executives abuse power and ignore internal controls related to workplace information protection for many reasons. The rational for such decisions and consequences for their companies are briefly discussed.
Fist In A Bucket Of Water - Some may think an employee is just a fist in a bucket of water, but without key performer employees, long term business success may not be assured.
Information Security Strategy - Businesses have often confidential and personal information that they need to protect and as such must have a workplace information protection strategy.
Stop Crook Employers - Beware of crook employers and CEOs who would sell their client and employee information to make an extra buck.
Unauthorized Sale Of Personal Information - Believe it or not, trusted company employees sell consumer data to criminal gangsters for profit. It's a win-win for both parties.

Visit IdentityMate for workplace information protection solutions.

Enter your E-mail Address
Enter your First Name (optional)
Then

Don't worry -- your e-mail address is totally secure.
I promise to use it only to send you Identity Management Journal.

footer for workplace information protection page