You may have a top-notch security incident response plan and a crack team for data breach response…but have you checked to be sure that your company’s HR policies are on the same team with you? Personnel Management is one of the most important—yet often overlooked—of the 10 activity channels for effective data breach response. In the crunch of handling an actual data security incident, your company’s HR policies will either pave or block the road to a nimble, successful response.

Of course, various policies are important for prevention of data security breaches, including policies for such matters as authorized computer systems, e-communications, and Internet use; authorized data and system access; strong passwords; use of encryption and encryption keys; mobile device safeguards; precluding or limiting storage of company data on home or other personal devices; and the like. But other policy provisions are essential for effective security breach response:
Continue Reading Your HR policies should help, not hinder, data breach response

Wow, our group health plan premiums are crushing us. Wait a minute—what if we ramped up our company’s wellness program, using cool technology to help get our workforce in shape? Let’s get all our employees to use those wearable fitness tracker gizmos! We can fold those into our BYOD program, offer a device subsidy, and then have our employees report their stats and progress in some kind of fitness competition, with cool stuff as motivating rewards. Premium costs down, flab down, fitness up, profits up… what could possibly go wrong?

Plenty will go wrong, unless the company takes a breather and checks the pulse of information-related risks and compliance issues. So, let’s run a quick information governance circuit drill.
Continue Reading IG perspective: Are wearable fitness trackers fit for the workplace?