Compliance and Privacy News, sponsored by Verisign
complianceandprivacy.com is full of news and views of on Compliance, Privacy and surrounding legislation in the global marketplace from a European perspective
- Last build:
- Tue, 18 Mar 2008 14:58:05 GMT
- Language:
- Feed URL:
- http://complianceandprivacy.com/rss/rss.xml
RSS FEED IDEMS: Compliance and Privacy News, sponsored by Verisign
- Mobile and Remote Working - Is it secure?
- Unstoppable move towards remote and mobile working
- Mobile working is not adequately secured.
- Organisations are concerned about security for mobile and remote workers and how to enforce company security policies outside the gateway.
- Companies want to protect against data leakage and data loss from such problems as stolen laptops.
- There is no one solution to securing remote working.
- The range of solutions includes strong authentication, end point security, remote unified threat management (UTM) systems, low-cost encryption and VPNs.
Tue, 18 Mar 2008 14:58:01 GMT - Olubi Adejobi and Robert Bentley, bothh Solicitors, fined for Data Protection Offences
GrierOlubi and Bentleys - Individual solicitiors convicted for data protection offences
The Information Commissioner’s Office (ICO) has today successfully prosecuted two London solicitors for offences under the Data Protection Act. Olubi Adejobi of Grier Olubi Solicitors and Robert Bentley of Bentley’s Solicitors, both based in London, were each fined £300 and ordered to pay costs of £500 plus a victims’ surcharge of £15 at Stratford Magistrates’ Court. Each solicitor must pay a total of £815 in fines and costs.
Today’s prosecution follows the failure of both Mr Adejobi and Mr Bentley to notify as data controllers despite repeated reminders from the ICO of their obligations under the Data Protection Act.
Under the Act, organisations that process individuals’ personal information may be required to notify with the Information Commissioner at a nominal cost of £35 per year. Despite being told to notify, both Mr Adejobi and Mr Bentley have failed to respond to any of the ICO’s correspondence and have still not notified.
Fri, 22 Feb 2008 13:45:05 GMT - ADC Organisation Prosecuted by UK Information Commissioner for Data Protection law breaches
ADC Organisation prosecuted for data protection offences
ICO prosecutes debt company for breaching marketing rules
A Manchester debt recovery company has been successfully prosecuted by the Information Commissioner’s Office (ICO) for bombarding individuals and businesses with unwanted faxes. The action follows thousands of complaints from individuals and businesses to the ICO and the Fax Preference Service (FPS).
ADC Organisation Ltd (ADC) pleaded guilty to six charges under the Privacy and Electronic Communications Regulations and has been fined £600 (£100 per charge). The organisation was also ordered to pay £1,926.25 in costs. ADC must pay a total of £2,526.25 in fines and costs.
Fri, 22 Feb 2008 13:32:32 GMT - UK Information Commissionr takes enforcement action against Marks & Spencer
M&S ordered to encrypt all hard drives by April 2008
The Information Commissioner's Office (ICO) has found Marks & Spencer (M&S) in breach of the Data Protection Act. This follows the theft of an unencrypted laptop which contained the personal information of 26,000 M&S employees.
An ICO investigation revealed that the laptop, which contained details of the pension arrangements of M&S employees, was stolen from the home of an M&S contractor. In light of the nature of the information contained on the laptop, it is the ICO's view that M&S should have had appropriate encryption measures in place to keep the data secure.
Mick Gorrill, Assistant Commissioner at the ICO, said: "It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information, for example, password protection and encryption. The ICO has issued clear guidance to help employers understand their obligations under the Data Protection Act.
Fri, 25 Jan 2008 12:40:19 GMT - Bereaved man sickened by marketing 'breach'
A consultant in data privacy has slammed a crematorium for its "tasteless" posting of marketing material, claiming that it broke the law.
Tim Trent, 55, cremated his mum Connie at North East Surrey Crematorium last November and thought that would be the end of the matter.
But three days later, he was stunned to find a glossy brochure on his doormat, advertising memorials, plaques, flowers and other services offered by the crematorium.
Mr Trent said: "It hit me in the face like a sledgehammer. We had a really good send-off for my mother, and thought that chapter of our life was closed. I didn't expect this at all, so it was gloriously distasteful."
Fri, 25 Jan 2008 11:58:08 GMT - European Data Protection Supervisor condemns data protection legislation
The European Data Protection Supervisor (EDPS) has condemned the inability of existing legislation to protect citizens against practices and proposals that amount to the creation of a state-sponsored surveillance society.
EDPS Peter Hustin called on the European Parliament to pass primary legislation to define and protect personal data. He also asked for specific laws to protect such data from abuse under new data collection and exchange proposals from law enforcement agencies.
He said agencies that collect, process and store the data should provide information that would allow individuals to modify their behaviour to avoid being "profiled" and to obtain redress for errors and abuses.
The recommendations were part of three opinions that the EDPS issued in December. The opinions are his response to practices and proposals related to the fight against terrorism and organised crime. Many of them have arisen since 9/11.
Wed, 16 Jan 2008 12:16:54 GMT - FBI eyes British identity data
The US Federal Bureau of Investigation is seeking British co-operation in setting up an internationally accessible biometric database of known and suspected criminals and terrorists.
Wed, 16 Jan 2008 12:14:12 GMT - Dam Data Leakage at Source - a Wick Hill view
- Computer networks have become increasingly open and accessible by more and more users. Huge growth in the use of mobile, wireless and remote computing
- These changes in computer networks have left confidential data at risk of being seen by those unauthorised to view it.
- Those wanting to view data without permission include employees and those outside an organisation. The motive may be non-malicious, or malicious, or criminal.
- Laptops are particularly vulnerable to data loss or theft, with laptop losses reported ever more frequently.
- Losing data damages a company's reputation, puts them in breach of the Data Protection Act and may by very costly, including the possibility of being fined.
- If sensitive information, such as financial details, is lost, it may leave customers or staff exposed to identify theft.
- Currently, the protection of data is mainly inadequate. Because of the rapidly changing structure of computer networks, companies should review the way they protect the security of data.
- The highest risk areas for losing data are through email, through remote access and through laptop use.
- Encryption is the best way to secure data. It is now both easy-to-use and low cost.
- Encryption technology is now moving towards Unified Encryption Management (UEM), which means that encryption is centrally managed throughout an organisation, including for office based systems, mobile and remote access.
Fri, 09 Nov 2007 08:12:40 GMT - UK Information Commissioner does not regulate BlueSpam after all!
Following discussions with the Department of Business, Enterprise and Regulatory Reform and others the Information Commissioner’s Office has amended its guidance on the Privacy and Electronic Communications Regulations 2003. The guidance previously stated that marketing messages sent using Bluetooth technology would be subject to PECR rules relating to the sending of unsolicited marketing.
Fri, 12 Oct 2007 17:25:22 GMT - IPv6 - Risks & Ramifications of a Potential Disruptor - Book your Webcast place
While the various modifications and improvements to IPv4 have served the Internet well, these stop gaps can only go so far. Fortunately, IPv6 is finally maturing and provides some much needed functionality that will undoubtedly facilitate growth and innovation. Now that more products include IPv6 functionality, the technology is slowly becoming a reality. While this is a slow process, it will be moved along with the US Government's mandate that organizations implement IPv6 by 2008; the mandate even includes organizations that do not have external factors forcing an upgrade.
While delaying deployment may lead to missed opportunities, completely disregarding the technology can have serious security ramifications. Most networks are partially IPv6-capable whether or not network managers are aware of it, and IPv4 networks left unprepared are vulnerable to attackers. So, for those considering upgrading to IPv6, there are a number of issues to consider before taking the plunge. Organizations must remember that platform upgrades of this scale will cause disruptions. In addition, an upgrade could cause confusion, resulting in security holes that attackers will certainly try to exploit. These are just some of the issues network managers and implementation specialists must consider, which makes it imperative they have a solid understanding of this new protocol. From a strategic standpoint, IPv6 facilitates a paradigm shift toward increasingly distributed, end-to-end communications, changing the threat landscape and requiring similarly distributed security. This report provides an overview of IPv6 and discusses the risks associated with its implementation.
Thu, 11 Oct 2007 11:31:13 GMT - Predicting Disruptive Technologies over the next 5 years - Webcast replay
Disruptors, understood as radical shifts in technological or behavioral trend-line trajectories, are considered "disruptive" largely because they are unforeseeable or else, if somewhat foreseeable, cannot be modeled precisely enough to facilitate control over the process. With this in mind this report analyses numerous and varied potential disruptors, some of which may never come to fruition. Thus, each section explicitly acknowledges the level of confidence with which analysts estimate each disruptor's potential impact; some will be almost sure to occur, others less likely and still others of uncertain likelihood. In this way, decision makers can allocate resources according not only to the potential impact, but also considering the likelihood of its occurrence.
Thu, 11 Oct 2007 11:30:00 GMT - Uncovering Online Fraud Rings: The Russian Business Network - Webcast Replay
The Russian Business Network (RBN) developed into its current incarnation as "the baddest of the bad" Internet service provider (ISP) in June 2006. Before then, much of the malicious code currently hosted on RBN servers was located on the IP block of another St. Petersburg ISP, the now-defunct ValueDot. Like ValueDot before it, but unlike many ISPs that host predominately legitimate items, RBN is entirely illegal. VeriSign iDefense research identified phishing, malicious code, botnet command-and-control (C&C), and denial of service (DoS) attacks on every single server owned and operated by RBN.
Thu, 11 Oct 2007 11:28:51 GMT - Motives, Methods and Mitigation of Insider Threats - Webcast Replay
Although security plans are usually designed to look outward to mitigate threats and attacks from the Internet, they often fail to address the more likely attack vector - the malicious insider. This report examines the anatomy of the insider threat - what makes the malicious insider tick, how they often hit and what organizations can do to prevent damage or loss. A heavy focus upon the impact to financial and retail organizations is included in this research.
Thu, 11 Oct 2007 11:28:09 GMT - Flash mobs - the next online threat
Estonia has one of the most technologically advanced populations in Europe. Events in the last few months, though, have perhaps given the rest of Europe a taste of what might be the next real threat on the internet, flash mobbing.
Flash mobbing is where a group of people meet online to coordinate attacks on an organisation either by their physical presence (such as everyone turning up at one furniture shop) or online. Common attacks include sending emails to the same website at the same time or using the website for mass queries with the aim of taking the server down.
Flash mobbing has been headline news in Estonia as its government uses technology extensively, for example allowing widespread use of e-voting in the last elections. The government's servers were attacked in the summer by a flash mob thought to have had connections with neighbouring Russia.
Fri, 05 Oct 2007 09:01:34 GMT - Thales's Mobile VPN Solution Secures the Use of Public Wireless Networks
Thales, a leading supplier of IT security products and solutions for all critical infrastructures , today (4 October 2007) announced a new version of its SafeMove Mobile VPN solution incorporating an innovative Hotspot Login Assistant. The enhancement makes untrusted public networks easier and much safer for users who require remote access to corporate networks. The Hotspot Login Assistant feature makes Thales's SafeMove the leading remote access solution, truly addressing all security dimensions, including critical human factor issues.
According to the latest figures from the Office of National Statistics, the number of people in the UK who work mainly from home doubled between 1997 and 2005 to 2.4 million workers. Supporting the desire for increasing levels of flexibility, the number of workers using multiple locations experienced the strongest growth, accounting for 6 per cent of all workers in 2005. These statistics reflect a worldwide trend that supports the need for advanced security solutions, such as SafeMove, to safeguard the information of companies and individuals wishing to access private data and applications from a variety of locations.
Thu, 04 Oct 2007 09:40:37 GMT
