|| Print ||
|Articles - July/August 2013|
|Monday, July 08, 2013|
BY SHAWN M. LINDSAY
As a business, do you ever handle or use a client’s credit card number or social security number? How about a client’s financial documents, date of birth, driver’s license number, medical records or any other sensitive personal information? If none of these, maybe your website collects information from children under the age of 13, or maybe you have a smartphone app that uses location services? For most of you, the answer will be yes, and the manner in which you handle the information is serious business.
Information privacy and data security issues involve nearly every facet of a business. With the rapid development of digital and information technology, businesses of every size now collect, process and warehouse all sorts of personal information with a variety of technologies, from USB drives to tablets to the cloud. The laws and regulations that govern the handling of personal information are numerous, complex, vary by location and are constantly changing. If a business does not take appropriate care to protect against prohibited access to or loss of personal information, it can be subjected to significant fines and, more important, considerable damage to its reputation.
A few recent examples illustrate the exposure to risk. In February of this year, while on vacation in Hawaii, a hospital surgeon had his laptop — containing personal health information of approximately 4,000 patients — taken during a burglary. The hospital involved offered patients free identity theft monitoring, among other things. This past March, the online note-taking servicer Evernote was hacked, and all of its 50 million users needed to reset their passwords. And late this spring, the Utah Department of Technology Services revealed that 780,000 individuals were affected by the theft of Medicaid information, including social security numbers. Utah had to send a report to the U.S. Department of Health and Human Services to assess potential violations of HIPAA.
Big businesses are not the only ones experiencing technology breaches. Breaches have recently occurred with small dental and medical offices, grocery stores and online retail stores. As a business, what can you do to protect your clients’ confidential information and reduce your potential liability? You can promote prevention, detection and correction.
Interestingly, most data breaches are caused by mundane events like employees losing a USB drive or smartphone, or unwittingly misusing the Internet. One way you can promote prevention is by educating employees. Negligent employees are the top cause of loss. Privacy and security risk is no longer just an IT department problem; it is everyone’s problem. Empower employees to take responsibility for the security processes in place. You can do that yourself, or there are partners that can help you do it. For example, Swan Island Networks offers a solution, Cybero, which provides employees with real-time alerts about the latest social engineering exploits, social media activism and manufactured scams.
You can promote detection by evaluating your risks and improving your compliance. You can do this yourself, or you can partner with experts to assist. For example, ID Experts is a Portland company that can conduct a compliance assessment, a penetration test, a security-risk analysis and an incident response test. With this information, you can then promote correction by formulating a comprehensive remediation plan.
What’s most important is to have a privacy and security team in place. When dealing with privacy and security risks, there is no margin for error. So get that team in place and make sure privacy and security is a priority. It’s always better to build a fence on top of the hill then have an ambulance at the bottom of the hill.
Tuesday, February 17, 2015
BY TAMSEN LEACHMAN | OB GUEST CONTRIBUTOR
It is important to understand the EEOC’s priorities, and ensure that your leadership understands the shifting expectations of regulators and the heightened standards to which you (and they) may be held.
Monday, February 23, 2015
BY JESSICA RIDGWAY | OB CONTRIBUTOR
Live, Work, Play: Catching up with Chris Johnson.
Tuesday, February 24, 2015
BY LINDA BAKER | OB EDITOR
At Oregon State University, a 21st century version of the bad dream — nuclear terrorism — is alive and well. This winter, the Department of Nuclear Physics and Radiation Health Physics created a new interdisciplinary graduate emphasis in nuclear forensics, a Sherlock Holmes-sounding program that aims to identify how and where confiscated nuclear and radiological materials were created.
Wednesday, February 25, 2015
BY KIM MOORE | OB RESEARCH EDITOR
Friday, March 27, 2015
BY LINDA BAKER
My daughter turned 18 last week, and for her birthday I got her a Car2Go membership. Not to label myself a disruptor or anything, but it felt like a groundbreaking moment. The two of us, mother and child, were participating in a new teen rite of passage: Instead of handing over the car keys, I handed over a car-sharing card — with the caveat that she not use the gift as her own personal car service.
Friday, February 27, 2015
BY OB STAFF
Oregon Business held its 22nd annual 100 Best Companies to Work For in Oregon celebration Thursday night in the Oregon Convention Center.
Thursday, March 26, 2015
BY LINDA BAKER
Everyone knows cell phones and driving are a lethal combination. The risk is especially high for teenage drivers, whose delusions of immortality pose such a threat to us all. Enforcement alas, remains feeble; more promising are pedagogical approaches aimed at getting people to focus on the road, not their devices.
|Bike Chic: 7 stylish options for cyclists|
|Beam Me Up|
|Get on the bus!|
|Emperor of the Sea|
|Epitaph for a Boondoggle|
|WikiLeaks allows visitors to search database of hacked Sony documents|
|VW recalls minivans with Chrysler-made ignitions|
|Netflix adds subscribers at record pace|
|EU charges Google with antitrust claims|
|Tech industry urges Congress for protection on patents|
|Is your job the best?|
|Value of college degree increasing|
A new report highlights how Oregon bankers are giving back to their communities.
Since 1932 Tidewater Transportation & Terminals (operating as Tidewater Barge Lines and Tidewater Terminal Company) has operated a multicommodity transportation and terminal company based in Vancouver, Washington. The friendly expression on the company’s shipping containers reflects the attitude of about 330 safety and community-conscious employees but belies how complicated the barge business really is.
The Port of The Dalles has run marine facilities since the 1930s, but they are part of a larger mission to strengthen the local economy. They focus on regional economic development with a strong bent toward adding good-paying jobs in high tech, manufacturing and other industries.
Providing attendees with unique taste of the Northwest Reception.
CFM Strategic Communications turns 25 this year and is celebrating with a revamped website, special events for firm alumni and clients, a special-label wine and a list of 25 stories about its client work over the past quarter century.
The Atkinson Graduate School of Management at Willamette University has maintained its business accreditation by AACSB International—The Association to Advance Collegiate Schools of Business.