Tag Archives: data breach
There is no shortage of buzzwords that speak to the upside and downside of data. Big Data, Data as an Asset, the Internet of Things, Cloud Computing, One Version of the Truth, Data Breach, Black Hat Hacking, and so on. Clearly we are in the Information Age as described by Alvin Toffler in The Third Wave. But yet, most organizations are not effectively dealing with the risks of a data-driven economy nor are they getting the full benefits of all that data. They are stuck in a fire-fighting mode where each information management opportunity or problem is a one-time event that is man-handled with heroic efforts. There is no repeatability. The organization doesn’t learn from prior lessons and each business unit re-invents similar solutions. IT projects are typically late, over budget, and under delivered. There is a way to break out of this rut. (more…)
This is the first in a series of articles where I will take an in-depth look at how state and local governments are affected by data breaches and what they should be considering as part of their compliance, risk-avoidance and remediation plans.
Each state has one or more agencies that are focused on the lives, physical and mental health and overall welfare of their citizens. The mission statement of the Department of Public Welfare of Pennsylvania, my home state is typical, it reads “Our vision is to see Pennsylvanians living safe, healthy and independent lives. Our mission is to improve the quality of life for Pennsylvania’s individuals and families. We promote opportunities for independence through services and supports while demonstrating accountability for taxpayer resources.”
Just as in the enterprise, over the last couple of decades the way an agency deals with citizens has changed dramatically. No longer is everything paper-based and manually intensive – each state has made enormous efforts not just to automate more and more of their processes but more lately to put everything online. The combination of these two factors has led to the situation where just about everything a state knows about each citizen is stored in numerous databases, data warehouses and of course accessed through the Web.
It’s interesting that in the PA mission statement two of the three focus areas are safety and health– I am sure when written these were meant in the physical sense. We now have to consider what each state is doing to safeguard and promote the digital safety and health of its citizens. You might ask what digital safety and health means – at the highest level this is quite straightforward – it means that each state must ensure the data it holds about its’ citizens is safe from inadvertent or deliberate exposure or disclosure. It seems that each week we read about another data breach – high profile data breach infographic - either accidental (a stolen laptop for instance) or deliberate (hacking as an example) losses of data about people – the citizens. Often that includes data contents that can be used to identify the individuals, and once an individual citizen is identified they are at risk of identity theft, credit card fraud or worse.
Of the 50 states, 46 now have a series of laws and regulations in place about when and how they need to report on data breaches or losses – this is all well and good, but is a bit like shutting the stable door after the horse has bolted – but with higher stakes as there are potentially dire consequences to the digital safety and health of their citizens.
In the next article I will look at the numerous areas that are often overlooked when states establish and execute their data protection and data privacy plans.
As a routine matter of delivering care, billing for services and operating their hospitals and physician practices, healthcare providers deal with patient’s protected health information all day, every day. Dealing with the data becomes routine and it’s easy for sometimes onerous security and privacy policies and procedures to be overlooked. While we’d all like that not to be the case, delivering healthcare (and getting paid for it) is a hugely complex undertaking and focusing exclusively on human processes and calling for constant vigilance and attention to detail can only go so far. (more…)