Pages

Showing posts with label data security. Show all posts
Showing posts with label data security. Show all posts

Survey reveals doubts that businesses are doing enough to prevent discrimination and identity theft

Today's post comes from G.Neil's HR News Weekly:

According to a recent survey of 1,000 people for the Chubb Group of Insurance Companies, approximately one out of every three Americans has concerns that businesses are:

•    Protecting employees from gender discrimination – 30%
•    Guarding employees from other forms of workplace discrimination – 32%
•    Shielding consumers from theft of personal information – 32%

Chubb executives offered an explanation for the survey results, as well as precautions for businesses operating in such a legally sensitive and tech-driven environment.

Pointing out that a record-high number of discrimination charges have been filed with the EEOC, Catherine Padalino, vice president and employment practices liability product manager for Chubb, advised, “ … employers should continually review and adhere to anti-discrimination and anti-retaliation policies and procedures, keep abreast of changes in employment laws and seek outside counsel when facing discrimination charges or considering employee layoffs.”

Regarding potential cyber breaches, Tracy Vispoli, senior vice president and Chubb’s worldwide cyber security liability manager, shared, “A company’s board of directors needs to understand the risk associated with the theft of employee and customer information. This is more than just an IT issue. Although companies can help mitigate the risk by following best practices, they also need to have contingency plans in place before a data breach occurs.”

Train your staff to prevent harassment and protect your business from legal claims with Harassment-Free Workplace – Take Control, an easy-to-use, four-module DVD training program.
Share/Bookmark
Posted on Tuesday, May 17, 2011 by The G.Neil blog team 0 comments
Labels: , , , , ,

Life's a "breach" if you mishandle protected health information

In late August 2009, the Department of Health and Human Services (HHS) issued new regulations requiring entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their protected health information (PHI) is compromised. Specifically, the HITECH Act requires businesses to report breaches affecting 500 or more individuals to HHS within 60 days of discovering the breach. It also requires that HHS post on its website a list of these reported breaches.

The “Breach Notification Rule’ is now in full play. Last week, HHS posted a list of breaches of unsecured PHI that affected 500 or more people. As summarized in the report, 27 of the breaches resulted from thefts of paper or electronic records. Other breaches were described as “Hacking/IT Incident,” “Loss,” “Incorrect Mailing,” “Unauthorized Access,” “Misdirected Email,” and “Phishing Scam.” The breach affecting the largest number of individuals was reported by Blue Cross Blue Shield of Tennessee. There, a theft of hard drives resulted in breaches of unsecured PHI affecting half a million individuals.

Does the new rule apply to you?

It does if you’re a HIPAA-covered entity or business associate, including most health care providers, health plans and health care clearinghouses. Employers who act as sponsors of group health plans may also be covered entities, depending upon their level of involvement.

What is a breach?

A breach occurs when 1) there has been “unauthorized” access, use or disclosure of “unsecured” PHI that violates the rule and 2) the disclosure “compromises the security or privacy” of the PHI, which means that it “poses a significant risk of financial, reputational or other harm to the individual.”

“Unsecured” PHI is any information that has not been rendered unusable, unreadable or indecipherable to unauthorized individuals through the use of a technology such as encryption and destruction.

Encryption - Proper encryption should use an algorithmic process to transform data into a form that is meaningless without a confidential process or key (which also must be protected).

Destruction - Hard copy PHI, such as paper or film, needs to be thoroughly shredded or destroyed so that it cannot be read or reconstructed.

Beyond enhancing your data security efforts, you have a responsibility to:

=> notify individuals when their health information has been compromised
=> update your HIPAA policies and procedures
=> educate employees on new procedures

Cover all the bases with our HIPAA Forms CD-ROM and Poster Bundle. It includes all the HIPAA compliance materials you need - from an Employee Information Poster and HIPAA Privacy and Security Policy to a Breach Incident Log and other essential forms - to stay in compliance.

For additional direction with your compliance questions, go to HIPAA FAQs.
Share/Bookmark
Posted on Thursday, March 04, 2010 by The G.Neil blog team 0 comments
Labels: , , , ,

Employees putting your data security at risk?

Odds are good that they are, according to the latest research.

More employees are ignoring data security policies and engaging in online activities that could put their employer at risk, according to a survey released by Ponemon Institute. Even more worrisome is knowing that they’re doing it even if they understand it’s wrong.

The top data security offenses include copying secure data to USB drives or disabling security settings on mobile devices like laptops. Some employees admit to losing USB sticks that stored confidential corporate data, but failed to report it to the company immediately, the report said.

Almost 31% of employees surveyed said they also engaged in social-networking activities from work computers. More than half (53%) said they downloaded personal software on company computers, heightening the risk of infecting the corporate network with malicious software.

Mobile technologies that let employees do more while on the road are contributing to the issue, said Larry Ponemon, chairman and founder of Ponemon Institute, in a blog entry. As the use of mobile devices grows, the inability to enforce data security policies could increase the possibility of data breaches. "I'm seeing a confluence of conditions that appear to be contributing to this challenge to data integrity," he said. (PC World)

Negligent online activity puts not only data security at risk, but could also be putting the company’s reputation in a vulnerable position. Remember the Domino’s incident?

About 60% of corporate executives feel they have the right to know how employees portray themselves and their organizations in online social networks, according to the Deloitte LLP Ethics & Workplace survey. However, most employees (53%) say their activity on social networks should be none of their employers’ business.

Whether it’s your data security or corporate reputation you’re looking to protect, having a sound social media policy is your first line of defense. We’re all adults here, but once in a while we all need a friendly reminder of what it means to be responsible online.

Social media policies will differ from company to company, but they all share a few key points: understanding what unacceptable online behavior is, being mindful of the business’ image, using good judgement and knowing that employees represent of the company.

For more help on developing a social media policy, read these past posts:

Bosses concerned over employees’ online behavior, employees say “butt out”

Domino’s employees fired, charged after “gross” video goes viral

The impact of social media on corporate culture

Dangers of using social networking sites to screen applicants
Share/Bookmark
Posted on Wednesday, June 24, 2009 by The G.Neil blog team 0 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)
 

Labels :

HIPPA com i
Copyright (c) 2010. Blogger templates by Bloggermint