Thursday, April 19, 2007

Prior Proper Planning...

You know the Seven Ps of Preparation, don't you? Prior proper planning prevents p*ss poor performance. (Some would substitute the coarser word in that phrase with "pretty", but I'm an ex-Navy man and that's the way I learned it.)

Getting back to the issue of preparation, I had the privilege of introducing Beth Givens of the Privacy Rights Clearinghouse to members of the Ponemon Institute's RIM Council today during the monthly RIM conference call. Beth pointed us toward an excellent article from February's Law.com. The article by White & Case lawyer David Bender, entitled "Why You Must have a Security Breach Response Plan," serves as a great thumbnail for any organization that may be wondering what they need to do should they experience a breach.

Of course, I'm pleased to see that David has included a couple bullets related to communications. The communications portion of David's checklist requires it's own plan to make certain an organization is prepared to let the public and other audiences know what's going on and to do so in a manner that is consistent with the truth and in keeping with the law. It is possible to say the wrong thing even if intentions are good, but with a plan in place in advance, the chance for such occasions are minimized.

Sunday, April 15, 2007

New Thinking

When I read blog entries such as this one at ZDNet, I get both amused and frustrated at the lack of critical thinking that drives opinion on these and other important issues. You'd think it's an either/or proposition, and that the only available options outside of inaction are both evil and unacceptable. Yet, while hand-wringing goes on over current practice and worst option alternatives, no one's talking about other available approaches to the vexing challenge of maintaining watch lists without violating privacy.

IBM's Jeff Jonas figured the solution out a while ago and writes about it often in his blog (which is worth reading for a host of reasons). This entry is worth reading for a safe, innovative take on the issue of managing watch lists effectively, and without the troublesome privacy issues that most folks are worried about.