|| Print ||
|Articles - July/August 2013|
|Monday, July 08, 2013|
BY SHAWN M. LINDSAY
As a business, do you ever handle or use a client’s credit card number or social security number? How about a client’s financial documents, date of birth, driver’s license number, medical records or any other sensitive personal information? If none of these, maybe your website collects information from children under the age of 13, or maybe you have a smartphone app that uses location services? For most of you, the answer will be yes, and the manner in which you handle the information is serious business.
Information privacy and data security issues involve nearly every facet of a business. With the rapid development of digital and information technology, businesses of every size now collect, process and warehouse all sorts of personal information with a variety of technologies, from USB drives to tablets to the cloud. The laws and regulations that govern the handling of personal information are numerous, complex, vary by location and are constantly changing. If a business does not take appropriate care to protect against prohibited access to or loss of personal information, it can be subjected to significant fines and, more important, considerable damage to its reputation.
A few recent examples illustrate the exposure to risk. In February of this year, while on vacation in Hawaii, a hospital surgeon had his laptop — containing personal health information of approximately 4,000 patients — taken during a burglary. The hospital involved offered patients free identity theft monitoring, among other things. This past March, the online note-taking servicer Evernote was hacked, and all of its 50 million users needed to reset their passwords. And late this spring, the Utah Department of Technology Services revealed that 780,000 individuals were affected by the theft of Medicaid information, including social security numbers. Utah had to send a report to the U.S. Department of Health and Human Services to assess potential violations of HIPAA.
Big businesses are not the only ones experiencing technology breaches. Breaches have recently occurred with small dental and medical offices, grocery stores and online retail stores. As a business, what can you do to protect your clients’ confidential information and reduce your potential liability? You can promote prevention, detection and correction.
Interestingly, most data breaches are caused by mundane events like employees losing a USB drive or smartphone, or unwittingly misusing the Internet. One way you can promote prevention is by educating employees. Negligent employees are the top cause of loss. Privacy and security risk is no longer just an IT department problem; it is everyone’s problem. Empower employees to take responsibility for the security processes in place. You can do that yourself, or there are partners that can help you do it. For example, Swan Island Networks offers a solution, Cybero, which provides employees with real-time alerts about the latest social engineering exploits, social media activism and manufactured scams.
You can promote detection by evaluating your risks and improving your compliance. You can do this yourself, or you can partner with experts to assist. For example, ID Experts is a Portland company that can conduct a compliance assessment, a penetration test, a security-risk analysis and an incident response test. With this information, you can then promote correction by formulating a comprehensive remediation plan.
What’s most important is to have a privacy and security team in place. When dealing with privacy and security risks, there is no margin for error. So get that team in place and make sure privacy and security is a priority. It’s always better to build a fence on top of the hill then have an ambulance at the bottom of the hill.
Monday, July 13, 2015
BY KIM MOORE
A conversation with Greg Lambert, president of Mid Oregon Personnel Services.
Wednesday, August 19, 2015
BY GARY THILL | PHOTOS BY JASON E. KAPLAN
A storied institution climbs down from the ivory tower.
Thursday, August 06, 2015
Car and ride sharing services have taken urban areas by storm. Low-income and suburban communities are left at the curb.
Friday, July 10, 2015
BY JACOB PALMER
Most of the food Americans consume is trucked in from hundreds of miles away. Eric Wilson, co-founder and CEO of Gro-volution, wants to change that. So this past spring, the Air Force veteran and former greenhouse manager started work on an alternative farming system he claims is more efficient than conventional agriculture, and also shortens the distance between the consumer and the farm.
Wednesday, July 15, 2015
Oregon's roads are crumbling, and revenues from state and local gas taxes are not sufficient to pay for improvements. We asked readers if the private sector should help fund transportation maintenance and repairs. Research partner CFM Strategic Communications conducted the poll of 366 readers in February.
Monday, July 13, 2015
BY JACOB PALMER
Dean of the Atkinson Graduate School of Management, Willamette University
Tuesday, August 04, 2015
|Child care challenge|
|Is there life beyond Reed?|
|Downtime with Jill Nelson|
|Adidas produces special shoe for upcoming Timbers/Sounders match|
|Intel invests $60M in drone company|
|Congestion should be expected|
|How many devices are using Windows 10?|
|Aftermath of the Ashley Madison hack|
|Boy trips in art museum, rips $1.5M painting|
|U.S. stocks plummet|
Transforming the culture of Oregon’s educational leadership.
The Board dismissed a petition related to efforts to unionize the Northwestern University football team.
Every once in a while we receive a letter in the (fictional) mailbag that is tough to describe and quite compelling. This week, Isabel, the new HR manager at LabCo (and someone who is new to HR), wants to know whether she may fire the owner’s son for having an Oregon medical marijuana card. In passing, Isabel also makes a number of alarming admissions about her motivation. Here is Isabel’s nerve-racking question and our response to it.
Oregon Sick Leave is here, and changes to the federal white-collar worker regulations are on the way. This workshop will prepare you for both. We invite you to participate in an interactive discussion on how to start planning now for the future impact on your operations and finances.
Presented by OEN + CENTRL + YESpdx.
This Roundtable will cover numerous issues under the employer "shared responsibility" rules of the Affordable Care Act, including how to track the "full-time" status of variable-hour employees, temporary or seasonal employees, and employees who experience a change in status or a break in service. Additionally, we will provide a brief overview of Code sections 6055 and 6056, which require most mid-sized and large employers to submit their first information reports to the IRS in early 2016 regarding the health insurance coverage being offered to employees. We invite you to participate in an interactive discussion on how to prepare for the future impact of the shared responsibility rules on your operations and finances.