Wilson Technology Group and More

Your One Stop IT and Telecommunications Firm

Leave a comment

More on Data Security

What questions do you need to be asking yourself?

When was your last Risk Analysis? Did it include a vulnerability scan? Pen test? On-site walkthrough?

Encryption? Are your portable devices encrypted?

BYOD – do you have signed agreements in place?

What is your policy on employee use of social media? The breach notification clock starts when “known or, by exercising reasonable diligence would have been known.”

What does your HIPAA training training say about security? Or does it only address privacy? For instance, passwords, use of mobile devices, proper use of email, etc.?

Do you have a contract with your vendors? Who is paying for breach remediation?

Find us on Facebook and LinkedIn


Leave a comment

New Florida Data Breach Law Section 501.171

Section 501.171 repeals and wholly replaces Florida’s existing data breach law and went into effect on July 1, 2014. It applies to every business that handles “personal information” of Florida residents and requires these businesses to take proactive “reasonable measures” to secure data.

The definition of personal information is quite broad and includes social security numbers, healthcare information, health insurance policy number, credit card numbers, and “a user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account.

It includes a data records disposal provision: “…Such disposal shall involve shredding, erasing, or otherwise modifying the personal information in the records to make it unreadable or undecipherable through any means.”

There is no private right of action, but a “violation of this section shall be treated as an unfair or deception trade practice in any action brought by the Florida Attorney General…against a covered entity or third party agent.” Civil penalties are not to exceed $5000,000 and will go into the General Revenue Fund.

Find us on Facebook and LinkedIn

Leave a comment

The Office of Civil Rights (OCR)

The OCR has been quite active, particularly since 2011. Recent settlements include:
1) UCLA Health System $865,500 Workers were found snooping on celebrity patients
2) Alaska Dept. of HHS $1.7M Unencrypted portable media device was stolen from care of employee
3) Affinity Health Plan $1,215,780 Returned copiers to a leasing agent without erasing the copies hard drives

Who has obligations? Regulated businesses include healthcare and financial services.

Nonregulated businesses also have obligations. This includes the (FTC) Federal Trade Commission. They work for consumers to prevent fraudulent, deceptive and unfair business practices. They have the authority to pursue any company that has engaged in unfair or deceptive acts or practices in or affecting commerce. The FTC will take action against individual owners.

The Florida Information Protection Act (SB 1524) broadens Florida’s existing data breach law. It requires that each covered entity, governmental entity, or third party agent shall take reasonable measures to protect and secure data in electronic form containing personal information.

What is personal information? An individual’s first name or first initial and last name in combination with any one or more of the following data elements for that individual: SSN; driver’s license or ID card number; credit or debit card no. (with security code, access code, password); healthcare information; individual’s health insurance policy number, etc.)

What does it mean to take reasonable measures to protect and secure data in electronic form containing personal information? Businesses must address administrative, physical and technical safeguards.

Find us on Facebook and LinkedIn

Leave a comment

The BYOD (Bring Your Own Device) Movement

According to Forbes Magazine, “the primary business driver is getting work done. Business users do not want to compromise. They want convenience. They want to be able to do the work without being tethered to their laptops. People deserve and demand a great user experience.” Thus the BYOD movement.

As of May, 2013, 91% of US adults own a cell phone. This equates to 57% of all Americans going online using a mobile phone.

What else are people doing with their cell phones? Downloading applications!

The use of mobile devices have shifted from single use (one device for work and one device for personal) to dual use – one device for work and personal. Why? Convenience, increased integration of work and personal lives, less maintenance and increased cost savings are the reasons.

Leave a comment

The Focus is on Data Security

It is not difficult to understand why there is a current focus on data security. Target had 70 million records compromised along with 40 million cards. They are facing 100+ lawsuits and numerous investigations by the AG and FTC. HIPAA breaches have impacted more than 31 million individuals resulting in class action suits and government investigations.

The OCR (Office of Civil Rights) is becoming more active. They have settled 19 suits since 2011 totaling $22,546.500. These numbers will likely pale in comparison to the next 12 months.

What does the OCR look for? A few of the identified problems include: failure to conduct a Risk Analysis in response to a new environment; portable devices; and workforce numbers.

Employees need to be trained and trained on an on-going basis. Appropriate sanctions need to be applied. Security measures need to be installed to monitor unauthorized access such as workforce members repeatedly snooping on patients.

Portable devices need encryption and security measures. Policies and procedures are needed which address incident identification, reporting and response. Access to unauthorized users needs to be restricted.

Find us on Facebook and LinkedIn

Leave a comment

Do You Know The Value Of Your Data?

In the 1930’s when the newly formed SEC demanded that public companies account for their true costs and profits in regular reports, most of their assets were physical – machines, factories, buildings, land – and assessing their value was straightforward. Now the most important assets for many companies are comparatively abstract and may include patents, copyrights and trademarks. Increasingly, a good chunk of the value of a company lies in the fields of a data base and in secret algorithms used to cut and combine data to reveal new insights. Think of Dun and Bradstreet – they only buy and sell information. It is nothing that you can touch.

Determining the value of your data will also determine your budget to protect it. Obviously, the more value it has, the more to be budgeted to protect it.

To learn more, contact Wilson Technology Group or your IT provider.
Find us on Linked In.

Leave a comment

Dollars for Data

It is no surprise that data has a dollar value.  A classic example is the ticker data that flows from stock and futures markets.  A real-time feed of New York Stock Exchange stock prices for use by online media outlets, for instance, costs $25,000 per month.

All personal and corporate data is for sale, from legitimate and black-market brokers alike.  Quick and dirty web research offers the following shopping list:

  • individual criminal histories – $13.95
  • database of US physicians – $239.99
  • DNA for tracing family history – $99
  • 4 million fresh email addresses – $75.95 per week
  • major league baseball game statistics feed – $1,900 per month
  • consumer mailing list – 2.5 cents per record

For more information visit us on:  http://www.wilsontechgroup.com

Find us on LinkedIn and Facebook