MVP Seminars - All Blog Entries

Book Reveals Red Flags for Businesses

Barring last week's reprieve by the Federal Trade Commission, more than 10 million small organizations nationwide would have been required to comply with the Red Flags Rule on November 1. The FTC announced that compliance will be delayed six months until May 1, 2009 because many businesses were not only unaware of the compliance date, but unaware of the Red Flags Rule. Dr. Joseph Campana, a privacy and information security consultant who focuses on helping small enterprises says "small businesses are generally uninformed when it comes to today's legal and ethical requirements to protect sensitive information. I wrote a do-it-yourself guide for small businesses to raise their awareness and show them how to come into compliance quickly and inexpensively."

Privacy: Blogging and Online Communities

I participate in an electronic community (aka online community, social network) that is aimed at business professionals. It is very likely that you or one or more of your employees are one of the more than 18 million people who are part of this one community or one of many more like it. During the last couple of weeks I noticed and answers are clearly inappropriate. Some members of the community argue that being professional excludes having fun, and all they are trying to do is liven up the community by having fun. What it really comes down to is appropriate vs. inappropriate -- not fun vs. boring agony.

Electronic communities, blogs, and email have become a valuable source of information for character references and character assassination? Character assassination is usually done by the hands of the victims themselves by being inappropriate in w

Identity Theft Conjures Disturbing Images

We recently invited our circle of businesses contacts to provide a critique on our revamped website, www.JCampana.com. One characterized a few of the dynamic images displayed on our home page as "disturbing." These were images of the 9-11 terrorist attack.

"What does toppling towers and foreigners scaling border walls have to do with information security, privacy, and identity theft?"

Terrorists, illegal immigrants, and other criminals often hide behind assumed identities -- identities of real people like you and me. The 19 terrorists who flew the planes on 9-11 had 368 separate identities or about 20 apiece. Most of the estimated 20+ million illegal immigrants in this country are here to work. Most employers require a social security number (SSN) to abide with laws. How do illegals get a SSN? They buy

New Year's Privacy Compliance Resolutions

What is your business doing to become privacy friendly in the New Year? Here's a list of critical items to review with the person in your enterprise responsible for compliance:

FACT Act - Applies if you have employees or customers

State Breach Notification Laws - Applies in every state in which you have customers or employees.

PCI-DSS - Applies if you accept credit cards

GLB Act - If you are classified as financial services or a service provider

HIPAA - If your business qualifies as a covered entity or business associate

Other privacy and information security regulations applicable to your business

Risk assessment completed for applicable regulations

Policies and procedures completed for applicable regulations

Employee education and training documented for applicable regulations

Regularly scheduled employee training and audits for applicable regulations

January 20, 2008 Posted by Joseph Campana, Ph.D., CIPP/G, CITRMS | privacy training, privacy education, privacy, information security training, information security education, information security, identity theft training, identity theft education, identity theft, FACTA, FACT Act | Comment (0)

'Tis the Season . . . of Identity Theft!

The holiday season is huge for retail sales, and it's big for pickpockets and identity thieves too. The thieves are interested in your credit cards and personal identification, not the cash. ID's are more valuable. Identity thieves will steal your wallets mail, and trash; and scam you by telephone, mail, and the internet. They want your good name.

Some Holiday Tips and New Year's Resolutions for you to put into practice to manage your identity are:

Protect your wallet or purse at all times. Men, carry your wallet in your front pocket when shopping. Ladies, put the strap of your purse over your head. Don't EVER leave your purse unattended and unattached to you, for example, in a shopping cart, on a counter, or on the front seat of your car even when you are close by, for example, pumping gas!
Purge your wallet or purse of ALL identification cards showing your social security

Are You Privacy Compliant? Hire a Lawyer?

In a business forum I recently asked the question, "does your business have a privacy officer?" A young attorney quipped, "hire an attorney, they'll tell you if you need one?" According to best privacy practices; a National Academy of Sciences report, numerous other compliance bibles; and a multitude of federal and many state laws, all enterprises should have a privacy advocate, typically called a chief privacy officer (CPO) no matter whether your business comprises one or tens of thousands of associates.

In a related incident, a CEO of an international privacy credentialing institute shared a newspaper article with me out of frustration. It was written by an attorney that stated that ALL businesses were required to comply with the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA) - two of many privacy laws. That's simply inaccurate.

Two weeks ago, a client described what he was

Scaring People into taking Action

I recently received an invitation to address a group of professionals about identity theft. While chatting with the organizer to learn how I could best customize my presentation to the audience, the organizer nonchalantly said, "don't scare them."

Since that conversation, I have been pondering on how one could talk about the world-wide identity theft pandemic without scaring anyone in the audience. A "How-To" workshop entitled "Identity Theft for Fun and Profit" targeted to an audience of scoundrels could leave the audience walking out confident and enthusiastic about the future opportunity of becoming an identity thief. But even one or two of the rogues, who lacked the nefarious skills of the others, might get scared that they might be made or not be able to swindle as much as the more skilled villains.

It occurred to me that talking about identity theft and countermeasures is like talking about global warming o

THE AMC MADMEN PROGRAM: corporate suite fragging

Just imagine working for the imaginary Cooper Sterling Advertising Agency? A Creative Director is hiding a past life that started when he assumed the identity of a commanding officer who was killed next to him in a Korean War battlefield incident. A sex obsessed senior partner has suffered a heart attack while indulging in a tryst on company premises. Publication of an article/book by one of the copywriters is greeted by ridicule and personal put downs by fellow employees. An arrogant junior employee who undermines his boss is retained on staff because of the importance of his family's connections.

Gossip and scandal seem to run the Cooper Sterling Company. The quality of product and financial health of this company seem to be of secondary importance. Is it any wonder that an employee who feels passed over has started to search for ways to bring down his boss (and perhaps the company?)

During the Vietnam war 120 officers were

Identity Theft Education Ã¢â‚¬â€œ WhatÃ¢â‚¬â„¢s Your Objective?

Education on identity theft and privacy is not discretionary; it is required as part of a defensible best practices program and mandated by federal and state laws.

If your organization were launching an employee wellness program, which speaker(s) would you select from the following two sets: (1) an oncologist (cancer surgeon) or a nutritionist; (2) a fitness trainer or cardiologist (heart surgeon)? Cancer may result from poor nutrition and heart disease from lack of physical activity. The nutritionist and fitness trainer focus on prevention and wellness. The surgeons address the illness resulting from neglect of wellness. Surgeons may tell riveting stories about the victims of cancers, their tumors, their surgeries, and their recovery or demise. Participants may find such presentations entertaining, eye opening, and even scary. But what did they learn? How many employees will get scared into healthy nutrition and exercise? The

Educate Employees on Business Fraud

I was recently copied on an email alerting and scaring the email distribution about a decade old scam. The infamous 90# scam targets businesses. You or one of your employees receive a phone call from the phone company. They are requesting assistance in troubleshooting phone lines (aren't you honored that Ma Bell is calling you for help?). The caller asks that you press 9, then 0, then #, and asks you to hang up. They have a dial tone on your phone line, they dial a long distance call to their friends, and you get the bill.

Truth or legend? Both!

Do you dial 9 to get an outside line? If not, the 90# scam will not work. Therefore it doesn't affect residential customers as often implied (that's the legend). The truth is that the scam only works in "organizations" that use PBX equipment (Private Branch Exchanges).

With a little knowledge and education you can foil the scam and many more like it.

The scam

[Read More]

October 11, 2007 Posted by Joseph Campana, Ph.D., CIPP/G, CITRMS | social engineering, scam, privacy, pretexting, phishing, information security, identity theft, fraud, 90 | Comment (0)