Nothing to see here….

Posted on 13 September 2011 | Comments Off

Phew – its been a long few months, we’ve had the head stuck down and kind of forgot to come up for air!

We had planned to release product before now but had to change plans as, well, plans changed :)

If you want to be kept informed, dont forget to signup to our email list.

CMan

Its getting personal….

Posted on 8 April 2011 | Comments Off

This is interesting … many pieces of legislation in relation to data protection have some nod towards personal and directors responsibility in relation to non compliance, but seldom is the noose hung around an individuals neck. This changed a few days ago when the US Securities and Exchange Commission charged three executives for failing to protect customer data and imposed personal fines of between $15k and $20k. What is interesting is that the fines were imposed entirely based on privacy breaches, showing yet again that there is a very fine microscope now being directed world-wide at data protection and privacy issues. European legislation incorporates a responsibility on not only directors and managers but anyone in control of data to exercise a duty of care; it is now only a matter of time before individuals are brought in front of the man with the curly wig to explain their disregard of the rules. Interesting times ahead, watch this space.

HIPAA gets … HIP !

Posted on 31 March 2011 | Comments Off

The first quarter of 2011 seems to have kicked off with a pure blast of regulatory activity in the data protection and privacy legislation space, it seems like governments and industry specific regulators the world over are suddenly waking up from a deep sleep and the drum of compliance is beating louder than ever before. Over on the far side of the pond our US colleagues are subject to a particular piece of legislation known as “HIPAA” (Health Insurance Portability and Accountability Act) – in short, this mouthful relates to the protection of patients medical data. At the end of February, the US Department of Health and Human Services opened its mouth and barked – rather loudly … to the tune of $4.3m to be exact (yes, million…). A Maryland based healthcare organisation was fined $3m for failure to co-operate and hand over records and another $1m for failing to give patients access to their own medical records on request. Swiftly following this Massachusetts General Hospital was fined $1m for a data breach involving 192 patients. These fines are not trivial and reflect a global move by regulators to whip organisations into shape in relation to due care and attention to protection of personal data. We expect to see more fines imposed over the coming months as the US Department of Health and Human Services begins to offer training for attorney generals and their staff in how to file HIPAA federal lawsuits. The problem of is not compliance with all of these regulations… its the complexity of the detail required to comply – and that’s what we do at Isolate, we simplify compliance … but more of that later Winking smile

The technical effect….

Posted on 23 March 2011 | Comments Off

So, its almost time to lift our skirts and tell the world a bit more about what we do, but before that, we wanted to share a little something – that something is the technical effect. Most people know that in Europe one cannot patent software (per sae), what you can patent however is a technical effect, if you can prove that your software genuinely has one (or more). Understanding what exactly a technical effect is requires a small bit of work, and we shall explain it here in due course – in the meantime, if you want to understand the nuts and bolts of Patent Law as it pertains to Information Technology and Computing in Europe, you could do a lot worse than digesting this little tome:

Setting down the ground-rules…

Posted on 7 February 2011 | Comments Off

The founders of Isolate all have many years experience working in organisations large and small, and over time encountered people and situations we have learned from. Unfortunately, sometimes you have to work with complete jerks to appreciate the benefits of working with truly talented people who are driven by passion and have a healthy sense of respect for their colleagues and working environment. Not only is it unpleasant to work with jerks, it also poisons the environment and damages the productivity of an otherwise healthy culture to have them around. Frankly we believe that (so called) superstars should not get away with arrogant BS just because they pull in sales or produce magic wondrous code – these are short term fixes, not conducive to building a long term high growth business with solid customer and shareholder value. Isolate only works with the best, but we wont sacrifice integrity and ethics for superstars; if one cannot have a healthy working relationship with ones peers, what will they do to/with our customers?!

When we started the company it was built on the concept of doing something we enjoyed and were utterly passionate about – we believe that there’s absolutely no point in doing something unless you can have fun with it and genuinely enjoy the journey. At Isolate, we are building a company with real values, not one that pays lip-service; we deal with people honestly and we don’t play games (but we have to admit the XBox Kinect is rather cool Smile). When we say we can do something, we mean it, we don’t flash smoke and mirrors around, we talk straight and we have a couple of simple rules that keep things together – these are our ground-rules, once we stick to these, the magic happens..

No Bulls**t – simply, no lies, no positioning, no arrogance, be respectful to team, suppliers and customers and the Karma will take care of itself.
No A**holes – we wont have them at our company, its that simple, from the top down, no excuses
Passion and fun – if its not there, we are doing something wrong, find out what and fix it
Be healthy – building a successful business cannot happen if you are not taking care of #1, trash the junk, hit the gym, get fit, stay healthy – you’ll be able to work harder and think faster.
No dithering – decisions have to be made, good and bad, the important thing is to make them, mistakes get made, so long as we learn from them and are moving forward we are doing the right thing.
Look at the big picture – don’t get bogged down in detail (except where its necessary), always keep the big picture in mind
Keep learning – education and knowledge acquisition are important to us – its part of what we do, and keeps us sharp

And that’s the bones of it, in a nutshell:

“Be nice, Work hard, Play hard, Truly learn from mistakes, Keep focused on goal…”

Our combined experiences have shaped us, but we’ve learned a lot from some reading along the way as well, here’s a few reads that are worth investing some time into… 

Oh dear….

Posted on 23 January 2011 | Comments Off

We all know the old saying about people in glass-houses … when operating in a particular industry, one has to be extra careful to ensure that we are paying attention to the little things – that includes the tiny little things like website favicons!  At this stage pretty much every dog in the street assumes that in a web-browser, when a wee little “lock icon” is present in the toolbar, it indicates a secure connection. In the Data Protection and Security sector, we take this kind of thing quite seriously – after all, security has to be built on a foundation of trust. When you go to a website then, and see this right next to the web-address, what are you to think!?

AvoSecFail

Mmm, oh yea, a run through a spell-checker would be a good thing as well my friends..

For the record, here’s the secure lock icons for Internet Explorer: imageand Firefox: image. Unfortunately they are not both at standard locations in the respective browsers – a pity really!   #Fail!

We’re putting on our lippy…

Posted on 22 January 2011 | Comments Off

We have been chasing a nice meaningful logo for a while, and recently engaged with a fantastic logo designer via 99Designs.com. We gave a brief that outlined what Isolate does, our company culture, likes and dislikes and let fly. The first two designs that came back were nothing to shout about, but the third really hit the spot. The designer had really taken what we said on-board and implemented it in a very meaningful graphic…

“The icon forms multiple shapes to tie in with your ideals. the top half forms an eye shape to portray the data privacy aspect of what you do. a human form is held within to show that all this affects real people at the end of the day, but he’s shown at a rising perspective to combat the idea of being trapped within the bubble. rather he is the backbone of it. The entire form is held within the bubble to show the security features you provide.”

Perfect, simply perfect Smile

So now, lets don some lippy and welcome our new logo into the world – we are looking forward to seeing it in many forms over the next few years!

IsolateLogoMed

Downstream control and contracts

Posted on 18 December 2010 | Comments Off

Jeff Drummond over at the HIPPA Blog has an unfolding story about a woman who received delivery of a product she ordered only to discover that it was packed with shredded paper that wasn’t shredded well enough. On examination there was clearly visible medical information printed on the paper … with full contract details of the physicians office it came from including details of the patients ailment, treatment etc. While the finger will of course point to the shredding company for not doing a good enough job, ultimately it is the Physicians office that is responsible for the breach (at least under EU legislation). The Data Protection Commissioners frequently say that organisations “can outsource data processing, but cannot outsource their responsibilities”, and here is a clear case illustrating the concept. There has been much press over the last 18 months about contracts for processing outside the EU but in the midst of this the contract between Data Controller and Data Processor is frequently forgotten about. It is critical that if any part of data processing is outsourced (yes, including processing manual data – shredded paper!), that there is a contract in place between the Data Controller and the Data Processor and that where possible that the Data Controller shows some level of control or awareness of the Data Processors own data handling and processing procedures and capabilities.

Cinderella finds her slipper…

Posted on 10 December 2010 | Comments Off

There is a lot of interest at the moment in security, data loss prevention and data protection in general. While the media interest surrounding data breaches continues and reputations are slowly torn at the edges, some interesting things have happened recently that are pointing towards a very interesting future ahead for those of us involved in the sector. I’m not going to go into much detail – suffice to say that the unfolding storm that is Wikileaks has focused the attention of Corporate leaders on the issue. Couple this with serious fines imposed this year in relation to data loss by the Information Commissioner in the UK (£160k), the UK Financial Regulator (£2.28m) and most recently the award of $1.3bn (yes, read that again, its billion!) won by Oracle against SAP for software/data theft in the US. Finally, in November, the German Data Protection Authority imposed a fine of €200k for using customer data for marketing purposes without consent.

Suddenly it seems security is being taken seriously – its no longer the Cinderella in the room. In these turbulent times it beholds every executive to examine their processes carefully and ensure that they mitigate risk and the untold damage that security breaches can do by embedding solid security principals right in the centre of the organisation. Neil MacDonald of Gartner wrote a very interesting article earlier this year where he talked about the importance of getting away from focusing on data loss prevention and instead looking at data lifecycle protection, in the article he reiterated a clear conclusion: “Data protection is the process of identifying and understanding where and how sensitive information is created, consumed, processed, moved, shared, stored and retired and protecting it throughout this lifecycle.”  And that is really what it is all about – Data Protection is not about silver bullets, its not about raising impenetrable steel walls, its about embedding security and data protection in at every stage of the business process – clearly it makes good business sense, and it absolutely can add value when done correctly. Data Protection is tightly linked with Data Quality and our colleagues over at Castlebridge Associates have been flying this flag for a long time. The Information Commissioner of Ontario Canada, Dr. Ann Cavoukian has been advocating a system called “Privacy by design” for a long time. She has a free eBook available which is a very good primer and worth reading.

In the meantime, we will go back to solving the big problem – making compliance easy, one slipper step at a time…

Watch this space!

The bulldog finally bares his teeth…

Posted on 25 November 2010 | Comments Off

Wednesdays announcement by the UK Information Commissioners office of its first public fines now shout loud and clear to leaders of organizations that the legislation is real, and penalties for not doing the right thing in relation to personal and sensitive data is considerably more than a slap on the wrist. Hertfordshire County Council was fined £100,000 for a breach of protection, allowing details of a child abuse case intended for a barrister, to be sent to the wrong fax address and A4E Limited, a company which operates the Community Legal Advice Centres in Hull and Leicester and also has other contracts with public sector, was fined £60,000 for failing to comply to multiple points within the legislation. A4E critically failed to secure a laptop that was being used by a remote worker which contained very sensitive personal information on clients and was stolen from the remote workers home. The Data Protector has interesting comment on his site here. Stewart Room also talks a lot of sense.

http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Notices/hertfordshire_cc_monetary_penalty_notice.ashx
http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Notices/a4e_monetary_penalty_notice.ashx

older posts »

Recent Posts

Tag Cloud

Avast beta business compliance Contracts Data loss Data protection design Dont Click Send Fail Finance fines HIPAA HIPPA ICO Isolate Launch Legislation Medical Outsource Privacy by design secret sauce Security Software UK United States

Meta

Isolated comments… is proudly powered by WordPress and the SubtleFlux theme.

Copyright © Isolated comments…