|| Print ||
|Articles - July/August 2013|
|Monday, July 08, 2013|
BY SHAWN M. LINDSAY
As a business, do you ever handle or use a client’s credit card number or social security number? How about a client’s financial documents, date of birth, driver’s license number, medical records or any other sensitive personal information? If none of these, maybe your website collects information from children under the age of 13, or maybe you have a smartphone app that uses location services? For most of you, the answer will be yes, and the manner in which you handle the information is serious business.
Information privacy and data security issues involve nearly every facet of a business. With the rapid development of digital and information technology, businesses of every size now collect, process and warehouse all sorts of personal information with a variety of technologies, from USB drives to tablets to the cloud. The laws and regulations that govern the handling of personal information are numerous, complex, vary by location and are constantly changing. If a business does not take appropriate care to protect against prohibited access to or loss of personal information, it can be subjected to significant fines and, more important, considerable damage to its reputation.
A few recent examples illustrate the exposure to risk. In February of this year, while on vacation in Hawaii, a hospital surgeon had his laptop — containing personal health information of approximately 4,000 patients — taken during a burglary. The hospital involved offered patients free identity theft monitoring, among other things. This past March, the online note-taking servicer Evernote was hacked, and all of its 50 million users needed to reset their passwords. And late this spring, the Utah Department of Technology Services revealed that 780,000 individuals were affected by the theft of Medicaid information, including social security numbers. Utah had to send a report to the U.S. Department of Health and Human Services to assess potential violations of HIPAA.
Big businesses are not the only ones experiencing technology breaches. Breaches have recently occurred with small dental and medical offices, grocery stores and online retail stores. As a business, what can you do to protect your clients’ confidential information and reduce your potential liability? You can promote prevention, detection and correction.
Interestingly, most data breaches are caused by mundane events like employees losing a USB drive or smartphone, or unwittingly misusing the Internet. One way you can promote prevention is by educating employees. Negligent employees are the top cause of loss. Privacy and security risk is no longer just an IT department problem; it is everyone’s problem. Empower employees to take responsibility for the security processes in place. You can do that yourself, or there are partners that can help you do it. For example, Swan Island Networks offers a solution, Cybero, which provides employees with real-time alerts about the latest social engineering exploits, social media activism and manufactured scams.
You can promote detection by evaluating your risks and improving your compliance. You can do this yourself, or you can partner with experts to assist. For example, ID Experts is a Portland company that can conduct a compliance assessment, a penetration test, a security-risk analysis and an incident response test. With this information, you can then promote correction by formulating a comprehensive remediation plan.
What’s most important is to have a privacy and security team in place. When dealing with privacy and security risks, there is no margin for error. So get that team in place and make sure privacy and security is a priority. It’s always better to build a fence on top of the hill then have an ambulance at the bottom of the hill.
Thursday, January 29, 2015
BY JACOB PALMER | OB DIGITAL NEWS EDITOR
As the costs of college mount, and as employer demand for software developers soars, coding schools and classes are popping up everywhere.
Thursday, January 08, 2015
BY CAMBIA HEALTH SOLUTIONS & OREGON BUSINESS COUNCIL | OP-ED
Businesses have a significant stake in the health of Oregonians. In fact, we cannot succeed without it. By committing to using our companies as levers for good health, we invest in our people, our business, our quality of life and our economy.
Tuesday, December 02, 2014
BY LINDA BAKER
A conversation with attorney Erich Merrill about the latest way to raise money from large groups of people.
Friday, December 12, 2014
BY LINDA BAKER
Studying ground-running birds, a group that ranks among nature's speediest and most agile bipedal runners, to build a faster robot.
Friday, January 23, 2015
BY DAN COOK | PHOTOS BY JASON E. KAPLAN
A real-estate developer and a Lithia Motors executive aim to revamp the city's forlorn downtown.
Friday, December 12, 2014
BY LINDA BAKER
A conversation with Oregon state economist Josh Lehner.
Tuesday, January 27, 2015
Power Lunch at the Imperial.
Real Time - Oregon Business
Tweets by @OregonBusiness
|Will Medford Ever Be Cool?|
|The Carbon Calculus|
|The Human Factor|
|Raising the Stakes|
|Which Way to Chinatown?|
|GDP grows 2.6 percent in 4Q|
|Email scammers target younger demographic|
|McDonalds' head man steps down|
|Washington company recalls tainted beef|
|Commercial jet demand bolsters Boeing |
|Apple augments record quarter by shorting memory|
|Microsoft, Caterpillar woes lead Dow decrease|
Is your business ready to join us in the call for action? This opening panel includes Oregon businesses who will discuss why they signed the Oregon Climate Declaration, the investments they are making to reduce carbon emissions, and how their actions are affecting their companies.
Get ready for two days of special events produced with the EPA, Portland Timbers and ISOS before and after the GoGreen Conference on October 16.
hubbub health uses behavior change science to rethink wellness programs.
In Ashland, a public-private partnership results in online resources to help diversify the local economy.
How sports tourism is driving economic growth and making cities across Oregon a better place to live.
Sussman Shank LLP is pleased to announce that Matt Mertens has joined the firm. Matt will practice in the firm's Business, Litigation, and Business & Restructuring practice groups.
If you have given a former employee access to your company’s electronic information by virtue of assigning a desktop or laptop computer and you suspect he or she of having taken electronically stored data, there are several steps to follow to preserve electronic forensic evidence from spoliation.
The official launch will be Jan. 14.