Making compliance real for those in the trenches (2010) resource Articles OCEG Reviewed
Introduction: Until fairly recently, information security people were buried away in server rooms configuring firewalls and patching servers. With the sudden surge of compliance and regulatory requirements being placed onto a business, IT security people are now required to understand and help implement compliance solutions.
Organizational Transformation: A Framework for Assessing and Improving Enterprise Architecture Management (Version 2.0) (GAO, 2010) resource Standards and Guidelines OCEG Reviewed
Summary: Effective use of an enterprise architecture (EA) is a hallmark of successful organizations and an essential means to achieving a desired end: having operations and technology environments that maximize institutional mission performance and outcomes.
United Kingdom, The Information Commissioner’s response to the Ministry of Justice’s call for evidence on the current data protection legislative framework (October 2010) resource Agency Guidances OCEG Reviewed
Introduction: "The Information Commissioner has responsibility in the UK for promoting and enforcing the Data Protection Act 1998 (DPA) and the Freedom of Information Act 2000. The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Compliance vs. Security: Which Should Lead Corporate Governance? (August 2010) resource Articles OCEG Reviewed
Introduction: Too often companies are so focused on following the letter of the law to pass the internal and external audits mandated by federal regulations that they lose sight of the original intents of the mandates themselves.
France: Data Protection Act (CNIL) resource Agency Web Sites OCEG Reviewed
The Principles: 1) Loyalty in the collection of data 2) Purpose of the files 3) Information of individuals 4) Reinforced protection of sensitive data 5) No decision concerning an individual may be taken based only on a processing
Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act – Notice of Proposed Rulemaking (July 2010) resource National Regulations OCEG Reviewed
Advancing Privacy and Security in Health Information Exchange - The public comment period runs through Sept. 13, 2010, for proposed modifications to the HIPAA Privacy & Security Rules.
FTC, Peer-to-Peer File Sharing: A Guide for Business (January 2010) resource Agency Guidances
Introduction: Most businesses collect and store sensitive information about their employees and customers, like Social Security numbers, credit card and account information, and medical and other personal data. Many of them have a legal obligation to protect this information. If it gets into the wrong hands, it could lead to fraud and identity theft.
Risk and Incident Management: Getting the Right Information at the Right Time resource Archived Webinars Member contribution
When an issue is brought forward in a face to face conversation with a manager or HR, how do you ensure the follow up is consistent across your organization? Answer this question and more as you join David Wilber, COO for Eggleston Services, for an in-depth webinar on risk and incident management.
OCEG Benchmarking Series Report 2009 - Managing Privacy Practices resource OCEG Reviewed
This benchmarking report provides the responses of 90 organizations to questions about their approach to maintaining information privacy, their concerns about increased regulation and their planned responses to additional requirements.
Record Retention & Data Management group
