Preview: Compliance and Privacy News
Compliance and Privacy News
ComplianceAndPrivacy.com is full of news and views of on Compliance, Privacy and surrounding legislation in the global marketplace from a European perspective
Last Build Date: Thu, 09 Apr 2009 09:38:13 GMT
Saving Money With SFTP - Wick Hill
Thu, 09 Apr 2009 09:38:06 GMT
Everyone is looking to cut costs in the recession, but there is one solution which many companies don't realise has the potential to save money for minimal investment and minimal disruption, which also can provide fast ROI.
A lot of organisations still have legacy systems and are happy to live with them, given the huge upheaval and potential expense which replacement would mean. But those legacy systems have some costly aspects to them, which can easily be improved and which offer the potential for savings.
FTP file transfer from legacy systems normally goes on in the background without anyone paying too much attention to it. It's the part of legacy systems which is below the surface and which gets taken for granted.
Many companies rely on FTP for file transfer, however there are a number of issues which make FTP ripe for improvement and offer companies the potential to cut costs and gain ROI. The solution to the problems of FTP is to use SFTP (secure file transfer protocol) instead.
UK Information Commissioner targets firm selling vetting data
Wed, 11 Mar 2009 15:54:55 GMT
The Information Commissioner's Office (ICO) has taken stringent enforcement action against a business that it believes has been selling data about construction industry workers to prospective employees.
The action against the Consulting Association is further evidence of the proactive enforcement activity being adopted by the ICO. It's an interesting case study of the range of powers that the ICO has to:
- obtaining a warrant to obtain entry
- issuing enforcement notice to effectively cease using the data
- the threat of criminal sanctions because they had also failed to register with the ICO.
The impact may well be to close this business down, which is proof that the ICO is far from being a toothless tiger amongst regulators.
12 Key Steps to Internet Security - Wick Hill
Tue, 11 Nov 2008 13:06:46 GMT
- Your approach to internet security should begin with a risk assessment. If you don't know what threats are likely to be posed to your IT systems and networks, and their potential effects on your business should they occur, then you are not really in a position to put in place a series of measures to counter these threats.
- An effective anti-virus solution is absolutely fundamental to the security of any computer network.
- Equally, a firewall is one of the most basic security mechanisms and should form an integral part of your internet security defences.
Dechert - Telephone Monitoring: Dos and Don'ts
Fri, 24 Oct 2008 09:24:22 GMT
It is widely (and incorrectly!) believed that it is unlawful in the UK in all circumstances to monitor and record telephone calls without drawing this to the attention of the parties to the call. There are in fact broad exceptions which are relevant to many businesses which do allow such activities without obtaining consent.
There are several reasons why businesses may wish to monitor or record telephone use for the purpose of its business. Often the rationale is quality control or even compliance by an employee with certain regulations, but the monitoring may also be useful for ensuring that employees are not calling friends in Australia at the businesses expense or otherwise using the system contrary to your policies. The law must however balance these goals against the need to protect employees as well as external persons from "snooping" and misuse of such data.
There are two principle legal areas of relevance; namely, the law on "interception" of communications stemming from the Regulation of Investigatory Powers Act 2000 ("RIPA") and the Data Protection Act 1998 ("DPA").
Firewall or Unified Threat Management System, UTM? Wick Hill
Wed, 15 Oct 2008 12:58:53 GMT
Unified threat management systems (UTMs) have been growing in popularity for the last few years. Traditionally, they have been widely adopted by SMEs, but larger companies and enterprises are now also deploying UTMs, appreciating the benefits they can offer.
UTMs are designed to provide a range of security solutions in a single appliance, reducing costs and simplifying the whole process of security systems management, reporting and installation.
The minimum requirement for a UTM, according to IDC, is a firewall, VPN, antivirus and intrusion detection/prevention. Super UTMs (sometimes called extended UTMs or XTMs) have, however, evolved from this to incorporate additional capabilities which can include URL filtering, spam blocking and spyware protection, as well as centralised management, monitoring, and logging capabilities.
Information Commissioner's Office demands encryption of mobile devices - Eversheds
Thu, 09 Oct 2008 10:01:41 GMT
emonstrating the increasing appetite of the Information Commissioner's Office (ICO) to take enforcement action, Virgin Media Limited is the latest organisation to be held to account for a breach of the Data Protection Act 1998 (DPA). The breach seems to have occurred earlier this year following the loss of a compact disc that was passed to Virgin Media by Carphone Warehouse. The disc contained personal details of various individuals' interest in opening a Virgin Media Account in a Carphone Warehouse store.
In this instance, the ICO has not gone straight to issuing an enforcement notice (by contrast to the treatment of the Liberal Democrat Party last week), but has instead obtained a formal undertaking requiring Virgin Media to undertake certain steps to improve its security measures. The breadth of the obligation to use encryption will surprise many organisations.
Virgin Media is required, with immediate effect, to encrypt all portable or mobile devices that store and transmit personal information. Further, the company is to ensure that any service provider processing personal information on its behalf must also use encryption software and this requirement has to be clearly stated in all contracts. We suspect that in practice not many organisations expressly state this in their contracts. Most - if they deal with security at all - will contain the generic security language contained in the seventh principle of the DPA.
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Wed, 01 Oct 2008 15:07:59 GMT
With an increasing number of security breaches hitting the headlines, there is, unsurprisingly, a growing awareness amongst regulators and the public alike of data security issues.
The risks to businesses of being involved in a data loss incident are high. Criminal sanctions under the Data Protection Act are well established, but other regulators like the Financial Services Authority (FSA) are also willing to flex their enforcement muscles. In the last three years, the FSA has levied substantial fines against several of its members for security breaches.
Bad publicity is another potentially lethal sanction. A recent study by Ponemon showed that 31 per cent of respondents terminated their relationship with an organisation on receiving notification of a breach of data security.
What does the British Computer Society think of Phorm?
Tue, 23 Sep 2008 20:14:37 GMT
Phorm, Webwise, OIX and the BCS Security Forum
Phorm over function? Perhaps that's the challenge in relation to marketing desires clashing with privacy hopes. But given the starting point of the Phorm furore, in the Spring of 2008, we are now in the Autumn of 2008 and its been nothing but data breach after user faux pas exposing countless millions of individuals' personally identifiable information that has focussed the spotlight firmly upon the need to apply "privacy by design" principles from the outset - something that the ICO will be taking a very serious view of in the coming months. The BCS Security Forum is equally involved in keeping a watching brief.
Are you storing customer data properly? The challenges of PCI DSS compliance
Thu, 11 Sep 2008 12:22:33 GMT
Data security breaches are hitting the headlines with alarming frequency. While the most recent breaches have involved the public sector and financial services industries, retailers are not immune from the rise of data losses. Cotton Traders, the UK leisurewear and casual clothes brand, for example, recently conceded that thousands of customer details had been stolen from the company's website. Last year saw perhaps one of the most publicised cases involving retail giant, TJ Maxx, which found that hackers had accessed internal systems used to process and store customer transaction data, including credit card, debit card, cheque and return transactions. The incident cost TJ Maxx $256 million1 and the company is now offering to pay Visa card issuers a further $40.9 million2 to compensate for costs connected to the data breach. With data security cases rising in number and severity, the various industries affected are pulling together in an attempt to reduce the risk of fraud. The Payment Card Industry Data Security Standard (PCI DSS ) is one such example which aims to crack down on fraud associated with credit and debit cards. However, the implementation of PCI DSS is not without its challenges and these must be overcome if the standard is to be used as an effective weapon in the fight against card fraud.
PCI DSS aims to prevent any information that could be used to make a counterfeit card or a fraudulent online transaction from falling into the wrong hands. The standard applies to every acquiring bank, merchant and third party that accepts or processes payment cards. It is now mandatory for businesses with over 100,000 transactions a year to either be PCI DSS compliant or be able to demonstrate plans to become so. However, there is one element of the standard which is proving to be a particular stumbling block – requirement 3: protecting the stored cardholder data. In fact, 79 per cent of PCI DSS audit failures are due to companies not implementing requirement 3 properly.
Data Vendor Sends SPAM about The Dangers of Prospecting Databases
Fri, 05 Sep 2008 08:47:38 GMT
ComplianceAndPrivacy.Com received an email that appears to be from Harris Infosource, a D&B Company. Not a lot wrong with that, you may say. The email is a cold unsolicited email, or SPAM, What makes this amusing is that the SPAM has this subject line:
"Why Using Cheap Prospect Lists Can Cost You Big!"
Harris Inforsource, it seems, are the purveyors of fine prospect lists.
Harris addressed their SPAM to Milton Bennett at our domain. If Milton existed, if Milton had ever existed, if we had ever created, used, publicised an address for Milton, who is not now and never has been a member of our staff, then this would have been something we could pass off as "just one of those things". But we have never heard of Milton Bennett. He is a figment of Harris Infosource's database. We wonder if they are selling him as a part of their very fine data.
But this is SPAM with a cloned email address.
Bank Customer Personal Data Sold on eBay for £35
Tue, 26 Aug 2008 11:21:34 GMT
An investigation is under way into how a computer containing bank customers' personal data was sold on an internet auction site.
The PC, which was reportedly sold for £35 on eBay, had sensitive information on the hard drive.
The Royal Bank of Scotland (RBS) and its subsidiary, Natwest, have confirmed their customers' details were involved.
RBS says an archiving firm told it the PC had apparently been "inappropriately sold on via a third party".
It said historical information relating to credit card applications for their bank and others had been on the machine.
The information is said to include account details and in some cases customers' signatures, mobile phone numbers and mothers' maiden names.
Best Western Denies Report of Massive Data Breach
Tue, 26 Aug 2008 07:25:31 GMT
A Scottish newspaper Friday ran a story that claimed to uncover a massive theft of data from Best Western's customer database, including personal information on all 8 million customers at the chain's 1,300 hotels in the past year.
After initially thanking the newspaper and doing its own investigation, however, the hotel chain now says The Sunday Herald's report of a massive breach at Best Western is "grossly unsubstantiated."
In its report, The Sunday Herald stated that "a previously unknown Indian hacker successfully breached the IT defenses of the Best Western Hotel Group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia." The newspaper called the attack "the greatest cyber-heist in world history," alleging that it "scooped up the personal details of every single customer that has booked into one of Best Western's 1,312 continental hotels since 2007."
The newspaper stated that Best Western officials thanked it for discovering the breach and immediately closed the security hole by Friday afternoon. "Best Western took immediate action to disable the compromised login account in question," a hotel spokesman told the paper on Friday. "We continue to investigate the root cause of the issue, including, but not limited to, the third-party Website that has allegedly facilitated this illegal exchange of information."
Last night, however, Best Western stated that its own investigation indicates that only about 13 customers are at risk, not 8 million.
Best Western Data Loss - Indian hacker alleged brain behind biggest cyber-heist
Mon, 25 Aug 2008 16:52:25 GMT
An unknown Indian hacker is being 'charged' with the greatest cyber-heist in history for allegedly helping a criminal gang steal identities of an estimated eight million people in a hacking raid that could ultimately net more than 2.8 billion pounds in illegal funds.
An investigation by Scotland's Sunday Herald newspaper has discovered that late on Thursday night a previously unknown Indian hacker successfully breached the IT defences of UK's Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia.
There are no details yet on how the hacker was identified to be an Indian and if a probe is on to identify the person. It is also not known if the hotel chain has alerted the police about the heist.
Vietnam introduces heavy fines for spammers
Mon, 25 Aug 2008 08:37:25 GMT
Organisations and individuals who send spam mail and text messages or trade in e-mail addresses may be fined up to VND80 million (US$5,000), according to the newly-issued Decree on Anti-spam mail.
The decree bans organi-sations and individuals from using electronic means to deliver spam messages, exchange or trade e-mail addresses or deliver software products that collect e-mail addresses, according to the Ministry of Information and Communications.
Republic of the Phillipines can’t do without policy on data privacy, security
Mon, 25 Aug 2008 08:35:30 GMT
Under no circumstances can the Philippines compete, let alone thrive, in the lucrative outsourcing market and the global marketplace without a fool-proof policy on data protection and security.
This was the clear message sent out by participants in a recent conference dubbed "Mapping the Future of Information Security Forum" organized by the Information Systems Security Society of the Philippines (ISSSP) at a hotel in Makati City.
Anthony Tuason, a director at consultancy firm PriceWaterhouseCoopers, said during his presentation that IT companies, most especially those in the BPO sector, cannot possibly institute "IT governance" — the process of using technology as to management tool to run an organization — in the workplace if security is being disregarded.
"Innovation, value, and performance can be derived from IT governance (and) data privacy and security is one area that helps organizations achieve their IT governance objectives," Tuason said.
National Gateway Security Survey 2008 Shows Interesting Changes in Threat Landscape
Thu, 21 Aug 2008 13:54:06 GMT
The National Gateway Security Survey 2008, carried out for value added distributor and security specialist Wick Hill and sponsored by WatchGuard Technologies, leaders in unified threat management systems, has highlighted the increasing move toward remote and mobile use, as well as the concerns users have about this shift. In a survey of 341 of the top UK companies, by employee number and turnover, 48% had over 150 remote users and a further 11% had 50 to 100 remote users. 61% said that the number of remote users on their network was increasing. 45% reported that the number of VPNs was increasing and 43% that the number of SSL users was increasing.
Unified Threat Management (UTM) - Watchguard Technologies
Wed, 13 Aug 2008 15:06:39 GMT
Unified threat management (UTM) spawned a new era of IT security. The promise of these integrated security appliances proved to be an exceptional and efficient way of securing commercial networks. However, businesses today face an inflection point, dictated by changing market trends and new technologies that demand more of today’s UTM. Hence the need is for eXtensible threat management (XTM) solutions, the next generation of UTM appliances. XTM is predicated upon the substantive expansion of three elements: more security, greater networking capabilities, and more management flexibility. This paper provides an overview of these issues and the WatchGuard Technologies perspective on “extensibility” and XTM.
Special Privacy Event Offer
Tue, 15 Jul 2008 13:54:02 GMT
EXCLUSIVE READERS OFFER:
Dear Readers of Compliance and Privacy,
It's our pleasure to announce and invite you as a VIP Delegate to:
The 5th Annual Privacy & Data Protection UK 2008
3rd & 4th of September 2008
at The Law Society, 113 Chancery Lane, London, United Kingdom The event is broken up into two separate days & two separate events:
"Data Protection: Global Compliance Management" 3rd of September 2008
"Data Protection: CRM, Privacy 2.0 & Social Networking " 4th of September 2008
This is a major Privacy & Data Protection event with more than 20 internationally renowned speakers. If there is one Privacy & Data Protection event to attend this year, this is it!
The full conference agenda for The 5th Annual Privacy & Data Protection UK 2008 is available at:
WWW.TRANSATLANTIC - EVENTS.COM Please note: All VIP Delegates who attend are entitled to a special VIP discount: VIP Delegates are able to attend this event for only £250.00 (either day) or £450.00 for both days. This invite is open to you and/or any colleague(s) you would like to recommend to this event. The VIP Delegate Registration portal is:
VIP Delegate places are limited, and sold on a "first come, first served" basis. So be sure to reserve your place(s) ASAP before they are all allocated.
WHO SHOULD ATTEND?
You will have the opportunity to meet players in the industry and discuss the latest issues with:
Chief Executives, Chief Operating Officers, Managing Directors, Heads of Human Resources, Information Security and Risk Management Specialists/Consultants, Strategy Directors, Commercial Directors, Communications Directors, Sales and Marketing Directors, Heads of e- Commerce, Information Assurance Specialists/Consultants, Heads of Business Development, Heads of Compliance, Regulatory and Legal Affairs, Consultants and Advisors, Heads of IT & Database Management, Privacy Officers and ... anyone concerned with Privacy & Data Protection.
The 2008 Expert Speaker Faculty
Chairman (Day One):
Alastair Gorrie, Partner, Orrick, Herrington & Sutcliffe, UK
Co-Chairman (Day One):
James Leaton Gray, Head of Information Policy & Compliance, BBC UK
Chairman (Day Two) :
Francis Aldhouse, Consultant, Bird & Bird, UK
Co-Chairman (Day Two):
Nigel Roberts, Director and CTO, Island Networks, UK Internationally Renowned Speaker Faculty:
Bridget Treacy, Partner, Hunton & Williams LLP, UK
Monika Kuschewsky, Senior Associate, Van Bael & Bellis, Brussels
Rosemary Jay, Partner, Pinsent Masons LLP, UK
Mark E. Schreiber, Partner, Edwards Angell Palmer & Dodge LLP, USA
Robert Bond, Partner, Speechly Bircham LLP, UK
Renzo Marchini, Dechert LLP, UK
Vinod Bange, Associate, Eversheds LLP, UK
Anne Coles, Senior Partner, AMC Law, UK
Philip Nolan, Partner, Mason Hayes + Curran, Ireland
Lynda K. Marshall, Partner, Hogan & Hartson LLP, USA
Karen A. Morris, Chief Innovation Officer, AIG, USA
Tim Beadle, Director, Marketing Improvement, UK
Peter G. Wray, Chairman & Founder loyaltymatters.com and cm4p.com
Gareth Wong, Founder of CXO Europe, GamBond, and Gambit, UK
Dr. Mark Watts, Partner, Bristows, UK
Nicola McKilligan, The European Privacy Partnership, UK
Andy Thomas, Director, Garlik, UK
Edna Kusitor, Global Data Privacy Compliance Coordinator, Accenture, UK
Graham Sadd, Chairman & CEO, PAOGA Limited, UK
Winston Maxwell, Partner, Hogan & Hartson MNP, France
Tim Trent, Consultant, Marketing Improvement, Managing Editor ComplianceAndPriovacy.Com
UK Delegate places are limited, so reserve[...]
Trust is not about SSL. It's about domains
Tue, 24 Jun 2008 09:30:24 GMT
At ComplianceAndPrivacy we've been running a study on domains to trust. We don't mean "trustmydomain.com", we mean the domain suffic; the little thing that you choose when buying "myfabulousdomain".
Do you choose .com, or do you think, incorrectly "That is for the USA"? Do you choose .biz? Is .org for you? What about .info?
So we asked, on a pretty normal website, this question: "Some domains seem to feel more trustworthy than others. This survey is about the .com .biz .info .org and other domain suffixes and which put you most at ease. OK, there are iffy nations, but we are lumping all national style ones under one entry. Tick all that say to you 'Trust this domain'"
We expected nothing significant. After all it was a website for Joe Q Public, and this is what we got:
How Centralised Unified Threat Management (UTM) Can Help Companies Control Security At Remote Offices, Simplify Administration And Cut Costs
Wed, 21 May 2008 11:48:36 GMT
In today's modern, distributed computing network, where companies and organisations need to secure IT not just for the head office, but for remote locations as well, the ability to control security for multiple sites from one single location is becoming increasingly important.
With some security systems, the tasks of configuration, updating, rebooting, etc. for remote sites might all have to be done separately and repeated for each location. Administrators could be faced with managing remote security appliances individually, possibly having to send someone out to a remote site to carry out certain tasks, such as configuration or establishing VPN tunnels. This can be difficult, time consuming, costly and complex and, in some cases, it is practically or financially impossible
It can be further complicated if there are multiple appliances, delivering multiple levels of security, such as firewall, VPN, spam blocking, gateway anti-virus, web content management and intrusion detection/prevention.
Mobile and Remote Working - Is it secure?
Tue, 18 Mar 2008 14:58:01 GMT
- Unstoppable move towards remote and mobile working
- Mobile working is not adequately secured.
- Organisations are concerned about security for mobile and remote workers and how to enforce company security policies outside the gateway.
- Companies want to protect against data leakage and data loss from such problems as stolen laptops.
- There is no one solution to securing remote working.
- The range of solutions includes strong authentication, end point security, remote unified threat management (UTM) systems, low-cost encryption and VPNs.
Olubi Adejobi and Robert Bentley, bothh Solicitors, fined for Data Protection Offences
Fri, 22 Feb 2008 13:45:05 GMT
GrierOlubi and Bentleys - Individual solicitiors convicted for data protection offences
The Information Commissioner’s Office (ICO) has today successfully prosecuted two London solicitors for offences under the Data Protection Act. Olubi Adejobi of Grier Olubi Solicitors and Robert Bentley of Bentley’s Solicitors, both based in London, were each fined £300 and ordered to pay costs of £500 plus a victims’ surcharge of £15 at Stratford Magistrates’ Court. Each solicitor must pay a total of £815 in fines and costs.
Today’s prosecution follows the failure of both Mr Adejobi and Mr Bentley to notify as data controllers despite repeated reminders from the ICO of their obligations under the Data Protection Act.
Under the Act, organisations that process individuals’ personal information may be required to notify with the Information Commissioner at a nominal cost of £35 per year. Despite being told to notify, both Mr Adejobi and Mr Bentley have failed to respond to any of the ICO’s correspondence and have still not notified.
ADC Organisation Prosecuted by UK Information Commissioner for Data Protection law breaches
Fri, 22 Feb 2008 13:32:32 GMT
ADC Organisation prosecuted for data protection offences
ICO prosecutes debt company for breaching marketing rules
A Manchester debt recovery company has been successfully prosecuted by the Information Commissioner’s Office (ICO) for bombarding individuals and businesses with unwanted faxes. The action follows thousands of complaints from individuals and businesses to the ICO and the Fax Preference Service (FPS).
ADC Organisation Ltd (ADC) pleaded guilty to six charges under the Privacy and Electronic Communications Regulations and has been fined £600 (£100 per charge). The organisation was also ordered to pay £1,926.25 in costs. ADC must pay a total of £2,526.25 in fines and costs.
UK Information Commissionr takes enforcement action against Marks & Spencer
Fri, 25 Jan 2008 12:40:19 GMT
M&S ordered to encrypt all hard drives by April 2008
The Information Commissioner's Office (ICO) has found Marks & Spencer (M&S) in breach of the Data Protection Act. This follows the theft of an unencrypted laptop which contained the personal information of 26,000 M&S employees.
An ICO investigation revealed that the laptop, which contained details of the pension arrangements of M&S employees, was stolen from the home of an M&S contractor. In light of the nature of the information contained on the laptop, it is the ICO's view that M&S should have had appropriate encryption measures in place to keep the data secure.
Mick Gorrill, Assistant Commissioner at the ICO, said: "It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information, for example, password protection and encryption. The ICO has issued clear guidance to help employers understand their obligations under the Data Protection Act.
Bereaved man sickened by marketing 'breach'
Fri, 25 Jan 2008 11:58:08 GMT
A consultant in data privacy has slammed a crematorium for its "tasteless" posting of marketing material, claiming that it broke the law.
Tim Trent, 55, cremated his mum Connie at North East Surrey Crematorium last November and thought that would be the end of the matter.
But three days later, he was stunned to find a glossy brochure on his doormat, advertising memorials, plaques, flowers and other services offered by the crematorium.
Mr Trent said: "It hit me in the face like a sledgehammer. We had a really good send-off for my mother, and thought that chapter of our life was closed. I didn't expect this at all, so it was gloriously distasteful."
European Data Protection Supervisor condemns data protection legislation
Wed, 16 Jan 2008 12:16:54 GMT
The European Data Protection Supervisor (EDPS) has condemned the inability of existing legislation to protect citizens against practices and proposals that amount to the creation of a state-sponsored surveillance society.
EDPS Peter Hustin called on the European Parliament to pass primary legislation to define and protect personal data. He also asked for specific laws to protect such data from abuse under new data collection and exchange proposals from law enforcement agencies.
He said agencies that collect, process and store the data should provide information that would allow individuals to modify their behaviour to avoid being "profiled" and to obtain redress for errors and abuses.
The recommendations were part of three opinions that the EDPS issued in December. The opinions are his response to practices and proposals related to the fight against terrorism and organised crime. Many of them have arisen since 9/11.
FBI eyes British identity data
Wed, 16 Jan 2008 12:14:12 GMT
The US Federal Bureau of Investigation is seeking British co-operation in setting up an internationally accessible biometric database of known and suspected criminals and terrorists.
Dam Data Leakage at Source - a Wick Hill view
Fri, 09 Nov 2007 08:12:40 GMT
- Computer networks have become increasingly open and accessible by more and more users. Huge growth in the use of mobile, wireless and remote computing
- These changes in computer networks have left confidential data at risk of being seen by those unauthorised to view it.
- Those wanting to view data without permission include employees and those outside an organisation. The motive may be non-malicious, or malicious, or criminal.
- Laptops are particularly vulnerable to data loss or theft, with laptop losses reported ever more frequently.
- Losing data damages a company's reputation, puts them in breach of the Data Protection Act and may by very costly, including the possibility of being fined.
- If sensitive information, such as financial details, is lost, it may leave customers or staff exposed to identify theft.
- Currently, the protection of data is mainly inadequate. Because of the rapidly changing structure of computer networks, companies should review the way they protect the security of data.
- The highest risk areas for losing data are through email, through remote access and through laptop use.
- Encryption is the best way to secure data. It is now both easy-to-use and low cost.
- Encryption technology is now moving towards Unified Encryption Management (UEM), which means that encryption is centrally managed throughout an organisation, including for office based systems, mobile and remote access.
UK Information Commissioner does not regulate BlueSpam after all!
Fri, 12 Oct 2007 17:25:22 GMT
Following discussions with the Department of Business, Enterprise and Regulatory Reform and others the Information Commissioner’s Office has amended its guidance on the Privacy and Electronic Communications Regulations 2003. The guidance previously stated that marketing messages sent using Bluetooth technology would be subject to PECR rules relating to the sending of unsolicited marketing.
IPv6 - Risks & Ramifications of a Potential Disruptor - Book your Webcast place
Thu, 11 Oct 2007 11:31:13 GMT
While the various modifications and improvements to IPv4 have served the Internet well, these stop gaps can only go so far. Fortunately, IPv6 is finally maturing and provides some much needed functionality that will undoubtedly facilitate growth and innovation. Now that more products include IPv6 functionality, the technology is slowly becoming a reality. While this is a slow process, it will be moved along with the US Government's mandate that organizations implement IPv6 by 2008; the mandate even includes organizations that do not have external factors forcing an upgrade.
While delaying deployment may lead to missed opportunities, completely disregarding the technology can have serious security ramifications. Most networks are partially IPv6-capable whether or not network managers are aware of it, and IPv4 networks left unprepared are vulnerable to attackers. So, for those considering upgrading to IPv6, there are a number of issues to consider before taking the plunge. Organizations must remember that platform upgrades of this scale will cause disruptions. In addition, an upgrade could cause confusion, resulting in security holes that attackers will certainly try to exploit. These are just some of the issues network managers and implementation specialists must consider, which makes it imperative they have a solid understanding of this new protocol. From a strategic standpoint, IPv6 facilitates a paradigm shift toward increasingly distributed, end-to-end communications, changing the threat landscape and requiring similarly distributed security. This report provides an overview of IPv6 and discusses the risks associated with its implementation.
Predicting Disruptive Technologies over the next 5 years - Webcast replay
Thu, 11 Oct 2007 11:30:00 GMT
Disruptors, understood as radical shifts in technological or behavioral trend-line trajectories, are considered "disruptive" largely because they are unforeseeable or else, if somewhat foreseeable, cannot be modeled precisely enough to facilitate control over the process. With this in mind this report analyses numerous and varied potential disruptors, some of which may never come to fruition. Thus, each section explicitly acknowledges the level of confidence with which analysts estimate each disruptor's potential impact; some will be almost sure to occur, others less likely and still others of uncertain likelihood. In this way, decision makers can allocate resources according not only to the potential impact, but also considering the likelihood of its occurrence.
Uncovering Online Fraud Rings: The Russian Business Network - Webcast Replay
Thu, 11 Oct 2007 11:28:51 GMT
The Russian Business Network (RBN) developed into its current incarnation as "the baddest of the bad" Internet service provider (ISP) in June 2006. Before then, much of the malicious code currently hosted on RBN servers was located on the IP block of another St. Petersburg ISP, the now-defunct ValueDot. Like ValueDot before it, but unlike many ISPs that host predominately legitimate items, RBN is entirely illegal. VeriSign iDefense research identified phishing, malicious code, botnet command-and-control (C&C), and denial of service (DoS) attacks on every single server owned and operated by RBN.
Motives, Methods and Mitigation of Insider Threats - Webcast Replay
Thu, 11 Oct 2007 11:28:09 GMT
Although security plans are usually designed to look outward to mitigate threats and attacks from the Internet, they often fail to address the more likely attack vector - the malicious insider. This report examines the anatomy of the insider threat - what makes the malicious insider tick, how they often hit and what organizations can do to prevent damage or loss. A heavy focus upon the impact to financial and retail organizations is included in this research.
Flash mobs - the next online threat
Fri, 05 Oct 2007 09:01:34 GMT
Estonia has one of the most technologically advanced populations in Europe. Events in the last few months, though, have perhaps given the rest of Europe a taste of what might be the next real threat on the internet, flash mobbing.
Flash mobbing is where a group of people meet online to coordinate attacks on an organisation either by their physical presence (such as everyone turning up at one furniture shop) or online. Common attacks include sending emails to the same website at the same time or using the website for mass queries with the aim of taking the server down.
Flash mobbing has been headline news in Estonia as its government uses technology extensively, for example allowing widespread use of e-voting in the last elections. The government's servers were attacked in the summer by a flash mob thought to have had connections with neighbouring Russia.
Thales's Mobile VPN Solution Secures the Use of Public Wireless Networks
Thu, 04 Oct 2007 09:40:37 GMT
Thales, a leading supplier of IT security products and solutions for all critical infrastructures , today (4 October 2007) announced a new version of its SafeMove Mobile VPN solution incorporating an innovative Hotspot Login Assistant. The enhancement makes untrusted public networks easier and much safer for users who require remote access to corporate networks. The Hotspot Login Assistant feature makes Thales's SafeMove the leading remote access solution, truly addressing all security dimensions, including critical human factor issues.
According to the latest figures from the Office of National Statistics, the number of people in the UK who work mainly from home doubled between 1997 and 2005 to 2.4 million workers. Supporting the desire for increasing levels of flexibility, the number of workers using multiple locations experienced the strongest growth, accounting for 6 per cent of all workers in 2005. These statistics reflect a worldwide trend that supports the need for advanced security solutions, such as SafeMove, to safeguard the information of companies and individuals wishing to access private data and applications from a variety of locations.
Full archive of Privacy Laws and Business UK Newsletters
Wed, 03 Oct 2007 14:14:18 GMT
By kind permission of Privacy Laws and Business, ComplianceAndPrivacy.com is able to bring you the United Kingdom Newsletter Archive, up to the end of June 2007. New items will be announced individually
PL&B International E-news, Issue 57
Wed, 03 Oct 2007 14:11:31 GMT
- The Art. 29 Data Protection Working Party discusses SWIFT, search engines' retention policies and the definition of "personal data"
- Argentina appoints a new Data Protection Commissioner
PL&B UK E-news, Issue 60
Wed, 03 Oct 2007 14:10:12 GMT
- Orange and Littlewoods found in breach of DP Act
- The ICO is getting tougher. The Information Commissioner, Richard Thomas will be launched his consultation on his "New strategy and new priorities for Data Protection and Freedom of Informationâ" at the PL&B Cambridge Conference on Monday, 2nd July
- ICO publishes guidance on bankruptcy