Copyright Law and Your Blog

January 24, 2011

While browsing through e-mails today, I noticed one from Legal Zoom with a really interesting subject line, “Blogging and Intellectual Property Law.” I started to think about my blog, and if I’m violating any laws when I quote other articles, post links, or share pictures other people have created. It struck me that many of my friends write blogs and may have the same questions so I wanted to share this article with you. Some of the interesting topics covered include how to obtain a copyright, who owns that copyright and what infringes on that work.

Here is a link to the post on Legal Zoom.


$3,000,000 spent and nothing picked up by insurance!

August 26, 2010

Sorry for the absence but things have been crazy around the office and I let blogging get left behind. While I’ve been gone there has been a ton of data breaches and other related events happening so I hope you’ve been able to keep up. While reading an article today I found one that might hit home for some of you. A data storage company suffered a breach and lost HIPAA information for a large number of patients. That information caused the client to spend over $3,000,000 dollars to comply with the breach notification laws.

The client has come back on the storage company who reported the loss to their insurance company only to find out a breach of data isn’t covered on the general liability policy. This is an instance that a cyber liability or data privacy policy would respond to. Because the broker wasn’t educated in the space, someone is going to have to come up with over $3,000,000 to reimburse the client for their expenditures. This isn’t a situation I’d want to find myself in.

To read the entire article, click here.

One great way to protect your company from a data breach

February 11, 2010

There was a great article in the National Journal yesterday about insurers helping protect companies from a cyber attack. In 2002, the Bush administration worked hard with insurance companies to broaden coverages helping protect a company in the event of a breach. These coverages have been slow to take off but due to the recent well publicized breach last week involving China and Google some experts think companies will begin to take this coverage more seriously.

To read the National Journal article, click here.

Does your company have a culture of privacy?

January 18, 2010

In a recent blog post written by the Ponemon Institute they discuss how to create a culture of privacy in your organization. Just as organizations who take employee safety seriously have less risk of an injury, companies who take data security seriously have less of a chance of suffering a breach. Put up reminders in the office to make sure all attachments are secure before sending them out, reminding people to change passwords and set passwords on laptops and mobile devices, or hold an annual seminar to keep employees aware of relevant issues. These are just a few of the many things you can do to create a culture of privacy in your organization.

To read the complete post, click here.

Avoid the Facebook Virus

October 5, 2009

If you get a friend request on Facebook from a blonde girl who you don’t know, DONT ACCEPT! It is most likely one of over hundreds of fake profiles that are being used to spread a virus and to collect your personal information. The fake profile links you to a home video which is actually a site that collects your personal information while making you think you’re installing an anti-virus program.

To read more about this virus and how to avoid it, click here.

Records Management and Privacy Tips

September 8, 2009

There was a great article in SC Magazine recently about records management and privacy. They listed some areas and tips to securing records that include:
Maintain a well kept inventory of your records
Set a retention period for records
Properly store your records
Encrypt your records during transmission
Properly dispose of your records

To read the entire article, click here.

Is Your Business PCI Compliant?

June 16, 2009

It occurred to me that many business owners out there might not be aware what they have to do to be compliant with the PCI DSS (PCI data security standards). Not only will complying with the standards make your network more secure, it will help you avoid fines if you do suffer a breach. Fines for violating the PCI DSS can be stressful on your business and should be avoided at all costs. As published on the PCI Security Standards website, the six main steps to PCI DSS are:
1. Build and Maintain a Secure Network
2. Protect Cardholder Data
3. Maintain a Vulnerability Management Program
4. Implement Strong Access Control Measures
5. Regularly Monitor and Test Networks
6. Maintain an Information Security Policy

For more information on PCI DSS go to