Jay Heiser

A member of the Gartner Blog Network

Entries Tagged as 'regulatory compliance'


Summer of Cloud Incidents

by Jay Heiser  |  September 25, 2013  |  2 Comments

Although the actual events took place at widely varying times, the summer of 2013 has witnessed the public release of 3 major ‘inappropriate use of the cloud’ incidents. On July 28, Oregon Health & Science University (OHSU) felt compelled to notify 3,044 patients that while there was no reason to believe that their data had [...]

2 Comments »

Category: Cloud IT Governance     Tags: , , ,

Do Your Lawyers Actually Know What the Law Is?

by Jay Heiser  |  June 20, 2012  |  Comments Off

It is only Wednesday, and already I’ve reviewed at least 3 different policies that require employees to obey applicable laws. This is not just self-evident—its a professional cop-out. Somebody doesn’t need to spend years at a prestigious law school and then suffer through an 80-hour a week apprenticeship at a major law firm to provide [...]

Comments Off

Category: IT Governance Policy risk management     Tags: , , ,

Yes, we CAN be arrested

by Jay Heiser  |  March 16, 2012  |  Comments Off

Earlier this week, the Guardian reported the arrest of Mark Hanna, News International’s head of security.  While details are vague, it appears to be the case that the UK justice system is accusing him of criminal offenses in regards to the ongoing phone hacking scandal at News of the World. Articles by the IT trade [...]

Comments Off

Category: Policy risk management security     Tags: , ,

How Much Should We Know About the Lives of Others?

by Jay Heiser  |  March 3, 2010  |  Comments Off

By Jay Heiser and Carsten Casper, with Terry Allan Hicks A new court ruling on data retention practices in Germany is getting a lot of attention from the media, and from some Gartner clients. On Tuesday, 2 March, the German Federal Constitutional Court overturned a three-year-old law that required telecommunications providers and Internet service providers [...]

Comments Off

Category: Uncategorized     Tags: , , , , , , , ,

Do We Need Cloud Computing Laws?

by Jay Heiser  |  February 24, 2010  |  1 Comment

I’m concerned that we’re going to legally mandate the application of last century’s standards and practices (SAS 70, FISMA, etc) to new computing models that we have only begun to understand. I’m in favor of revisiting the US privacy regulations, but it would be premature to apply them to cloud computing in any highly specific way. Commercial and goverment entities that want to store PII in unproven multi-tenanted services should be held accountable if that experiment fails.

1 Comment »

Category: Uncategorized     Tags: , , , , , , , ,