Showing posts with label POPI. Show all posts
Showing posts with label POPI. Show all posts

Monday, January 05, 2015

US: Boston Hospital Settles Data Breach Suit Over Unencrypted Laptop




Beth Israel Deaconess Medical Center in Boston has agreed to pay $100,000 to settle the Massachusetts Attorney General’s lawsuit over a 2012 data breach involving the theft of a physician’s unencrypted laptop.  In addition to the financial penalty, the hospital will also have to revise its data security measures to ensure compliance with state and federal law.  The consent agreement requires BIDMC to track and encrypt all hospital-purchased devices and to implement ActiveSync or other technology that prevents unencrypted smartphones and tablet devices from accessing personal information on the hospital’s email servers.  BIDMC must also review its policies and procedures regarding portable device security and train employees on how to handle personal and protected health information.  
© Copyright 2014 Steptoe & Johnson LLP. Steptoe & Johnson LLP 

How to avoid a similar risk at your organisation?
i) establish your current position against the applicable legislation
ii) determine realistic goals to achieve the recommended position in terms of data protection
iii) Implement appropriate deliverable, including but not limited to a Data Protection Policy, IT Security Policy, Mobile Device policy and BYOD policy
iv) Implement standard training and audit procedures at your oganisation.
Posted by at No comments:
Labels: , , , , , ,

Thursday, September 25, 2014

Document Management Systems (#DMS) solutions - audit

Paper documents take up space, they are difficult to store and waste time when people have to handle them. Businesses are further faced with more and more electronic communications via #email, #fax2email and social media communications, and all of this needs to be managed effectively.

 There is currently a big drive to use technology to manage documents, records and information better, however not all technology solutions comply with the Protection of Information Act (#POPI) and Consumer Protection Act (#CPA) and other Records Management legislation

 Before selecting a #DMS solution for your business, contact us to assist you in the evaluation of the solution and to confirm whether it, or the proposed information process adhere to POPI, CPA and other relevant Records Management legislation.
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)