This week, GRC chases social media, hospitals find themselves unprepared for new changes in records management and corporations risk losing valuable data.
Privacy v. Google Buzz
It’s not often that the worlds of social media and GRC overlap, but such is the case with Google Buzz. As you probably know, Buzz is Google’s social networking and messaging tool designed to integrate into Gmail.
As the rest of the world tries to figure out how exactly to embrace Buzz, financial advisers are also trying to figure out the compliance and regulatory ramifications. Since Google automatically enrolled Gmail users to the Buzz service and revealed the identities of the people whom they email most frequently -- users' full names, not their nicknames -- to every one of their contacts.
Additionally, financial advisory professionals must archive their social media content, and at present Buzz doesn’t offer an easy solution. Concerns over privacy are at the heart of the matter, of course. Just another way that social media is shifting the line between private and public that is sure to keep the financial industry up at night.
HITECH Leaves Many Unprepared
New privacy and security requirements for health information technology contained in the economic stimulus law have gone into effect. Already providers are reporting difficulties in complying with the new rules.
The Health Information Technology for Economic and Clinical Health (HITECH) Act is intended to increase the use of Electronic Health Records (EHR) by physicians and hospitals and according to a recent survey, nearly a third of the 200 hospitals said they are not ready to meet all the law’s privacy and security requirements by the deadlines.
Much of the uncertainty points to a requirement of significant resources for implementation, but little guidance for how to do it.
Protecting High Value Data from Spammers
It’s becoming easier and easier to execute successful spamming strategies online. According to a NetWitness' report, 68,000 account logins were stolen from 75,000 botted PCs in corporate networks and as a result corporations are having a difficult time keeping ahead of it.
Organizations without continuous, real-time monitoring in place will find themselves unable to detect this type of activity. Rather than focusing on the defense of network perimeters or on meeting compliance checklists, corporations can be better prepared by focusing on protecting high-value corporate data.