Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

You Are Here:Home » Archives: April 2010

Daily Archives: April 12, 2010

NIST: Guide to Protecting the Confidentiality of Personally Identifiable Information

by on

NIST Special Publication 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), Recommendations of the National Institute of Standards and Technology, Erika McCallister, Tim Grance, Karen Scarfone, April 2010.

  • “The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and organizations. Individual harms may include identity theft, embarrassment, or blackmail. Organizational harms may include a loss of public trust, legal liability, or remediation costs. To appropriately protect the confidentiality of PII, organizations should use a risk-based approach; as McGeorge Bundy once stated, “If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds.” This document provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommendations in this document are intended primarily for U.S. Federal government agencies and those who conduct business on behalf of the agencies,5 but other organizations may find portions of the publication useful. Each organization may be subject to a different combination of laws, regulations, and other mandates related to protecting PII, so an organization‘s legal counsel and privacy officer should be consulted to determine the current obligations for PII protection. For example, the Office of Management and Budget (OMB) has issued several memoranda with requirements for how Federal agencies must handle and protect PII. To effectively protect PII, organizations should implement the following recommendations.”

    • Federal Reserve Bank of Atlanta: Too Big to Fail after FDICIA

    by on

    Too Big to Fail after FDICIA, Larry D. Wall, Economic Review, Vol. 95, No. 1, 2010 “In 1993, when this article was originally published, Congress had recently passed the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) to reduce taxpayers’ exposure to financial system losses, including their exposure at “too big to fail” financial… Continue Reading

    New GAO Reports: IP and Pirated Goods, USPS, Federal Desktop Core Configuration Requirements

    by on

    Intellectual Property: Observations on Efforts to Quantify the Economic Effects of Counterfeit and Pirated Goods, GAO-10-423, April 12, 2010 U.S. Postal Service: Strategies and Options to Facilitate Progress toward Financial Viability, GAO-10-455, April 12, 2010 Information Security: Agencies Need to Implement Federal Desktop Core Configuration Requirements, GAO-10-202, March 12, 2010 Information Security: Concerted Effort Needed… Continue Reading

    FTC Tips for Consumers Weighing How to Settle Their Credit Card Debts

    by on

    News release: “Consumers with overwhelming credit card debt may be tempted to seek help from companies that promise to erase their debt for pennies on the dollar, but the Federal Trade Commission urges caution. In a new consumer publication, Settling Your Credit Card Debts, the FTC says that there is no guarantee that debt settlement… Continue Reading

    The State of America’s Libraries, 2010

    by on

    News release: “When jobs go away, Americans turn to their libraries to find information about future employment or educational opportunities. This library usage trend and others are detailed in the 2010 State of America’s Libraries report, released April 11, 2010 by the American Library Association. The report shows that Americans have turned to their libraries… Continue Reading

    Federal Cyber Security Outlook for 2010

    by on

    “How well prepared are IT professionals within U.S. government agencies to respond to foreign cyber threats? Will government initiatives, such as the Comprehensive National Cybersecurity Initiative and the creation of the U.S. National Cybersecurity Coordinator role, be effective in addressing the challenges facing U.S. critical IT infrastructure? What is the impact of compliance on security… Continue Reading

    Letter Report for the Committee on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy

    by on

    “This report [by the Committee on Deterring Cyberattacks; National Research Council] is the first phase of a larger project to conduct a broad, multidisciplinary examination of deterrence strategies and their possible utility to the U.S. government in its policies toward preventing cyberattacks. This first phase identifies the key issues and questions that merit examination. The… Continue Reading

    Brookings Governance Study: Saving Money Through Cloud Computing

    by on

    Saving Money Through Cloud Computing, Darrell M. West, April 7, 2010: “The U.S. federal government spends nearly $76 billion each year on information technology, and $20 billion of that is devoted to hardware, software, and file servers (Alford and Morton, 2009). Traditionally, computing services have been delivered through desktops or laptops operated by proprietary software.… Continue Reading

    EPA OIG: Need Continues for a Strategic Plan to Protect Children’s Health

    by on

    EPA OIG Evaluation: Need Continues for a Strategic Plan to Protect Children’s Health, Report No. 10-P-0095, April 5, 2010 “Five years after providing Office of Children’s Health Protection (OCHP) with recommendations related to the strategic and annual planning processes, agreed-to corrective actions have not been completed. According to OCHP, which is now the Office of… Continue Reading