• Letter from the CEO
• Compliance News
• Upcoming Events
• Getting It: Compliance Case Study
• Compass Q&A
• Cautionary Tales
• Success Stories

What will Google think of next? Gmail, the search engine behemoth’s latest entrée into better technology than everyone else, offers a gigabyte of storage for each free account – but caveat non-emptor, by accepting that storage space you’re also consenting to having the content of your email scanned and contextual ads served up alongside your message. On the other hand, free online email services already scan incoming and outgoing email for spam-like activity. We haven't objected to scanning when it was advantageous before!

Creepy? Outrageous? Genius? You be the judge. Visit some opinions on this topic from Slate, the California State Senate, Salon, and from Google itself.

In this issue, we look at spyware in its many forms, from software to hardware. It wasn’t until the Janet Jackson incident that many TiVo users were aware that their behaviour was being tracked. What are the implications? What is research, and what is information, and how do companies ensure that they are being compliant? Email marketing firm ThinData has developed a set of resources that will help you be certain you have made all the required compliances initiatives.

Let us know what you think of what you read here. Email me at Carolyn@integrityincorporated.com - or clburke@gmail.com - with your feedback and questions!

Best regards,

Carolyn Burke
CEO Integrity Incorporated

P.S. We encourage forwarding of these newsletters so feel free to share with an interested colleague!

Calgary SPIE Meeting
April 29, 2004
Integrity CEO Carolyn Burke will deliver a presentation entitled The Impact of IT Advancements in Security and Privacy.

CIPS Informatics 2004
May 16-18, 2004
Carolyn L Burke, CEO, will present a half day workshop on CMM and Security Standards.

InfoSecurity 2004
June 1-3, 2004
Integrity CEO Carolyn Burke will be presenting at the Metro Toronto Convention Centre.

How a US hospital undertook the onerous task of readying itself for HIPAA, the US equivalent of PIPEDA (albeit more focused on medical information)

A FIVE PHASE PROCESS FOR HIPAA COMPLIANCE:
A CASE STUDY IN PROCESS
By Timothy D. Miller, FACHE, President & COO, Maryland General Hospital, Baltimore, MD and Ravinder J. Singh, Vice President, Phoenix Health Systems, Inc., Montgomery Village, MD

The Place: Maryland General Hospital

Maryland General Hospital (MGH) located in Baltimore, Maryland was founded in 1881. Today, it is a 300-bed community teaching institution affiliated with the University of Maryland Medical System. MGH has emerged from the starting gate as a leader in the work toward HIPAA compliance. Tim Miller, MGH’s President & COO, encouraged his staff to begin the HIPAA project education, stating, "We recognized that Maryland General faces a major undertaking in achieving compliance with the HIPAA regulations. Maryland General’s leadership wanted to give ourselves the benefit of a longer window of opportunity in which to prepare."

[read more]

UPDATE: The compliance education program mentioned in last month’s case study launched globally this month, and Integrity Incorporated is delighted to announce that Canada’s program sat atop the performance rankings in first place.

We invite you to submit questions on security, privacy and governance compliance to compass@integrityincorporated.com.

Dear Compass,

Why does spyware proliferate? What can I do to prevent it?

RV, Victoria, BC.

Compass responds:

Many spyware programs are in fact legally viable business applications currently. Although many of these programs appear at first glance to violate in many ways, they don't legally. Legislation is usually reactive - regulating an existing technology or business process, rather than regulating to govern the intended use. We see this in many areas of technology, not just here.

So how do we make a change? There are two things we can do: First, there are the actions we take as individuals. We continue to fight back personally by using better spyware removing tools, and by refusing to use software that permits piggyback installation of spyware. Install good preventative software. Run it regularly. Read the privacy policies before installing 'normal' software. Second, encourage more proactive legislation that could prohibit certain types of business application - such as hidden data gathering, or such as third-party personal information collection. Let your local and federal politicians know about your concern. Educate them about the dangers and problems.

Since the issues are impactful in many ways, expect the latter to go through many iterations before we can expect reasonable regulation to play a significant protective role.

Be careful before you spyware purge. Some of those purge programs may in fact be spyware in sheep’s clothing. Check this invaluable resource to make sure:

http://www.netrn.net/spywareblog/

and an article on the problem:

http://news.com.com/2100-1032_3-5153485.html

EarthLink said it uncovered an average of 28 spyware programs on each PC scanned during the first three months of the year and calls it a ‘spyware epidemic’. Your tools to combat the epidemic include:

• InterMute's SpySubtract,
• Iolo Technologies' LLC Mechanic, Sygate's SSE firewalls and
• Tenebril's GhostSurf Pro.
• Lavasoft, which makes freeware and professional spyware removal software called Ad-Aware. The professional version sells for $39.95 per desktop.
• a freeware product called Spybot.

info@integrityincorporated.com Integrity Incorporated 155 Dalhousie Street, Ste 701 Toronto, ON, M5B 2P7 Canada T/ 416 369 0113     F/ 416 369 0148