Resources

Below are posts, articles, summaries, white papers, government agency reports, research studies, and other materials to help members develop background knowledge about some of the key developments and issues in the data breach area.

• White Papers
  Data Breach - Are You Adequately Insured?
  Data Breach - Are You Legally Compliant?
  Background Checks on Current Employees
  Uncovering Myths About Data Privacy for PEOs
  Beware and Avoid Myths for Title Companies
  Beware and Avoid Myths for Franchisors
  
  
• Reports
  2014 Verizon Data Breach Investigations Report
  Guidelines for Information Security Policy - NYS Office of Cybersecurity
  Internet Crime Report 2011
  Symantec Global Internet Security Threat Report
  FCC - Cybersecurity for Small Business.
  
  
• Privacy Organizations and News Outlets
  National Institute of Standards and Technology (NIST) - founded in 1901 and part of the U.S. Department of Commerce, NIST is one of the nation's oldest physical science laboratories. NIST’s Technology Portal provides a wealth of information concerning cyber security and standards for emerging information technologies and applications. Examples of some of the more helpful materials are provided below:
  
  Guidelines for Conducting a Risk Assessment (Sept. 2012)
  Security Incident Handling Guideline (Aug. 2012)
  Malware Incident Protections for Desktops and Laptops (Aug. 2012)
  Guidelines for Managing and Security Mobile Devices (July 2012)
  Cloud Computing Synopsis and Recommendations (May 2012)
  Guidelines for Securing Wireless Local Area Networks (Feb. 2012)
  Guide to Protecting the Confidentiality of PII (Apr. 2010)
• Electronic Privacy Information Center
  EPIC is a public interest research center in Washington, D.C., established in 1994 that focuses public attention on emerging civil liberties issues relating to privacy, the First Amendment, and constitutional values. Below are links to helpful resources provided by EPIC:
  
  E-mail and Online Newsletter
  Online Guide to Privacy Resources
  Legislative and Other Developments Concerning Cybersecurity
  Protecting Children's Privacy Online


• Privacy Rights Clearinghouse
  PRC is a California nonprofit corporation with a two-part mission -- consumer information and consumer advocacy. It was established in 1992 and is based in San Diego, California.
  
  Comprehensive List of Reported Data Breaches Since 2005
  Privacy Basics for Individuals
  Checklist for Responsible Information Handling Practices
  
  
• International Association of Privacy Professionals (IAPP)
  IAPP is the largest and most comprehensive global information privacy community and resource established to, among other things, help organizations manage and protect their data. IAPP’s resources include:
  
  A Guide to Data Governance for Privacy, Confidentiality, and Compliance
  The Daily Dashboard, a FREE daily enewsletter (subscription required)
  
  
• Active Blogs and News Sources
  Concerning Data Privacy, Security and Data Breaches:
  
  PHIPrivacy.net
  Privacy.org
  SCMagazine.com
  PogoWasRight.org
  Databreaches.net
  Workplace Privacy, Data Management and Security Report
  Privacy Law Blog
  Other blogs collected by IAPP


• Governmental Resources
  FTC - Consumer Protection and Privacy at Federal Level:
  Business Center
  Children's Privacy
  Data Security
  
  U.S. Dept. of Health and Human Services – Provides information concerning “protected health information” under HIPAA, HITECH and the Patient Safety Rule:
  HIPAA Breach Notification Guidance
  Frequently Asked Questions
  Summary of the Privacy Rule
  Summary of the Security Rule