DFARS 252.204-7012 is going to define new winners and losers in defense contracting

Kevin McDonald has just published his latest article of DFARS (Defense Federal Acquisition Regulations Supplement) at SearchCompliance.TechTarget.com.

If you fall into this category, a recently implemented rule from the Department of Defense called the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 will impact how you handle controlled unclassified information (CUI).

Kevin writes to the important issue that is certain to impact contractors’ revenues. Compliance here is certain to make for new winners and losers in the defense contracting space. Which side you land on will depend largely where you fall this year with regards to DFARS compliance.

Read Kevin’s full story here - DFARS compliance targets 'controlled unclassified information'

 

Aligning IT and compliance procedures increasingly a business priority

Kevin McDonald writes for TechTarget SearchCompliance on Aligning IT and compliance procedures increasingly a business priority.

He says, "When I've asked IT pros about HIPAA Security Rule compliance within their organization, they've typically responded with, "That is the compliance officer's realm" or "Risk handles compliance." If you ask executives about the IT functions required under the Security Rule, you will very often get, "The IT folks assure us they follow industry security best practices." Or "I have no idea what they do; it is all Greek to me."

IT personnel -- and executives -- often have too much trust that someone else is taking care of compliance. They're also often all too willing to remain ignorant of any IT-specific issue that might be even slightly outside their domain."

Read the full story here - Aligning IT and compliance procedures increasingly a business priority.

IT solution providers speak out on the Silicon Valley/Trump Summit meeting

Irvine, CA - IT solution providers have never been a shy bunch. In this article by CRN - Solution Providers Cheer Trump Tech Summit, Hoping It Will Help Channel Partners Create More Jobs, many share their thoughts on where our president-elect and big tech leaders should take policy. Alvaka's EVP Kevin McDonald is one of those tapped for his opinions.

Data Privacy: What are the Risks?

If you are handling PII (Personally Identifiable Information) for your clients or anyone else you should read this article. It is delivered in the context of a sweepstakes type of program, but it is applicable to anyone handling PII. The article is care of The Morningstar Law Group.

Promotions and Data Privacy: What are the Risks?

...Have A Privacy Policy In Place

Hopefully, your business already has a privacy policy in place. If you collect information from consumers or have any type of web presence, you should have a privacy policy on your website. Ideally, the consumer information that is collected as part of your promotion should be afforded the same protection as any other consumer information that you collect (aside from financial information and personally identifiable information, which is afforded a higher level of protection).

Be Up-Front With Consumers

Additionally, if you plan to maintain information that you collect from consumers as part of your promotion, you need to make sure that you notify consumers that you are keeping their information for use beyond possible notification of whether they won the sweepstakes.

Say What You Are Going To Do, And Do What You Say

A good rule of thumb when handling consumer information – say what you are going to do and do what you say you will do. DO NOT use consumer information beyond the bounds of what you have received permission from the consumer to do. Please note that even if you put the consumer on notice that you plan to keep the information shared to provide additional information or sales opportunities, and the consumer consents to such use (the method of consent varies depending on how you collect entries), you must still consider issues that are raised by the CAN SPAM Act, the Telephone Consumer Protection Act (TCPA) and various other federal and state law concerns, which may restrict such uses....

To read the whole column click here for Promotions and Data Privacy: What are the Risks? by Catherine Otto.

Don't go on a phishing trip!

Kevin McDonald guest writes a blog for Dave Berkus' Berkonomics

TUESDAY, June 21st, 2016

Don’t go on a phishing trip!

By Kevin McDonald

Phishing, a play on the word “fishing,” is a dangerous form of executive or CEO email fraud, and is negatively impacting individuals and companies worldwide. You certainly have seen some form of this social engineering - where criminals pretend to be an organization or individual such as the IRS, a creditor, partner, CEO/CFO or other key executive.

The goal is to “phish” a person into taking actions they shouldn’t. An attack may involve a call demanding payment to the phisher for past due invoices from a legitimate supplier, or verification of credit card data to create facilitate the fraudulent transaction. Phishing can hook you through infected emails - or links to a fake website containing malware - or information capturing forms you are asked to complete.

Many websites are compromised and have been hacked with or set up with embedded nefarious software.  A successful attack can lead to you or one of your associates providing highly sensitive personal details of self, customers or employees – including social security numbers, usernames, passwords, and/or banking information. Phishing victims have been known to transfer large sums of money as a result of appeals, threats, or claims.

Some attacks are rudimentary, but... To read the rest of this story, please click here to go to BERKONOMICS.COM