Recent HIPAA audits of provider and payer organizations conducted by contractor KPMG on behalf of the U.S. Department of Health & Human Services determined that many in the industry don't know which privacy regulations apply to them. An analysis of the audits by the HHS Office for Civil Rights unveiled this week found that out of 980 problems identified during 115 audits conducted last year, 289 (30 percent) were due to ignorance on the part of organizations. "Most of these related to elements of the Rules that explicitly state what a covered entity must do to comply," the analysis says.

As part of the Digital Government Strategy, agencies are embracing mobile computing and developing policies to address the emerging bring-your-own-device trend. Developing BYOD policies is beneficial because they will help agencies reduce costs and increase productivity. But federal agencies have particular challenges when it comes to implementing BYOD: They handle data that must be protected for reasons of national security or taxpayer privacy, and they are the targets of a determined subset of attackers.

Three years from now federal managers won’t have debates about the benefits of cloud computing because most will assume that services are being delivered via some type of cloud infrastructure. Instead, they will be talking about big data; how they can get better access to data and ask more intelligent questions of the data, says Shawn Kingsberry, CIO of the Recovery Accountability and Transparency Board.

Two organizations are teaming up to create a professional IT certification that combines information security with cloud computing. (ISC)2 and the Cloud Security Alliance will develop the credential, which will build on existing certifications offered by both organizations, including (ISC)2’s Certified Information Systems Security Professional and CSA’s Certificate of Cloud Security Knowledge. The new credential will focus on the technical knowledge required to design business systems based on cloud computing.

The annual report shows why cybersecurity is top of mind among policymakers, network managers, and intelligence professionals. The report analyzes more than 47,000 security incidents, including 621 confirmed data breaches which yielded more than 44 million compromised records. The report indicates that the majority of confirmed data breaches (as opposed to overall incidents) are coming from outside of targeted networks, not from inside jobs or internal security lapses.

On April 12, 2013, the Department of Commerce’s International Trade Administration (“ITA”) issued a guidance document to clarify how the U.S.-European Union Safe Harbor Framework facilitates the transfer of personal data from the European Union to the United States in the cloud computing context. The document underscores that the U.S.- European Union Safe Harbor Framework is an officially recognized means of complying with the adequacy requirement of EU Data Protection Directive 95/46/EC. ITA has received a number of inquiries from Safe Harbor participants indicating that they (and their EU clients, customers and partners) have heard conflicting information and are unsure about how the Safe Harbor Framework may enable data transfers to cloud service providers in the United States.

The American public is waking up to a reality that many in government have known for some time — the threat of cyber espionage and intrusions, particularly from China. For years, many have identified significant efforts being mounted by Chinese actors to exploit vulnerability in cyber systems developed and deployed in America and the West. But only recently have those efforts emerged publicly.

Internet security threats are a growing and unique challenge to governments and public sector organizations: • They must protect themselves against the same threats as the business sector: malware, data theft, vandalism, and hacktivism • They are targets in their own right for persistent attacks, espionage, and potentially even cyber attacks • Government bodies have a responsibility to protect citizens, the economy, and national infrastructure against attack by hostile governments and non-state actors such as terrorist groups, often in collaboration with the private sector

Are Google's March 2012 privacy policy changes legal? This is a question that the European data protection authorities have been working on since Google first announced its intention to change its privacy policies in January 2012. Soon after the announcement, France asked European data protection authorities to open an inquiry into the matter. In addition, U.S. Representative Edward Markey announced his intention to ask the FTC whether Google's privacy policy changes were also legal in the United States.

Advances in technology present opportunities to improve student learning, allow teachers and students to work more efficiently, and reduce operational costs for educational institutions. Many schools are taking advantage of these benefits by implementing online course systems and cloud computing services that allow students and teachers to access their programs, e-mails, and documents online from anywhere and almost any device.