to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y
We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for the 21st Century
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

Legislation

compliance and privacy

Privacy Laws & Business International E-news, Issue 35
February 17th, 2005

© Privacy Laws & Business 2005

1. European regulators launch privacy consultations
2. European Commission mulls internal privacy restructuring
3. Hungary's privacy chief speaks out against data protection law
4. Europe launches anti-spam initiative
5. Former Sonera executive face illegal surveillance charges
6. Choicepoint consumer data hacked


1. European regulators launch privacy consultations
Earlier this month, the EU's Data Protection Working Party (an advisory body to the European Commission) launched two public consultations into the privacy implications of Radio Frequency Identification (RFID) and digital rights management technologies.

In a report accompanying the RFID consultation, the Working Party warned businesses that attempts to link RFID devices - smart ID tags - with information on individuals could breach European data protection legislation. RFID tags are currently being used for a variety of purposes (eg. better management of retail supply chains, aiding product recalls, or as anti-theft devices) but civil liberties groups and privacy regulators have expressed concerns that the technology could be used to track and profile individuals.

The Working Party suggested that organizations are likely to run into legal difficulties unless consumers agree to have their details linked in with RFID devices. "Under most of the scenarios where RFID technology is used," said the report, "consent from individuals will be the only legal ground available...to legitimize the collection of information through RFID".

In a separate report, the Working Party suggested that attempts to prevent online copyright theft of music, games and software present serious privacy risks for Internet users. Industry is increasingly turning to the use of digital rights management technologies (DRM) to monitor and control access to copyright protected material. The Working Party, however, raised serious questions over the use of unique identifiers in DRM products that could be used to monitor Internet users' activities. The Working Party urged industry to build stronger privacy controls into new DRM technologies and argued that Internet users should have the right to access protected information on an anonymous basis.

Interested parties have until March 31st to submit their responses to the two consultations.

Click here for more details on the consultation and the Working Party position papers

2. European Commission mulls internal privacy restructuring
The European Commission is considering moving its data protection unit out of the remit of the Internal Market directorate and placing it under the responsibility of the directorate for Justice and Home Affairs. Speaking at the British Institute of International & Comparative Law's data protection seminar on Tuesday, Niovi Ringou, Deputy Head of the Commission's Data Protection Unit, said that the outcome was still uncertain, but that the Commissioner's college could reach a decision within the next month.

3. Hungary's privacy chief speaks out against data protection law
Dr Attila Peterfalvi, the Parliamentary Commissioner for Data Protection and FOI, has criticised Hungary's Data Protection Act, labeling its regulations on overseas data transfers as excessive.

Speaking at a seminar held by the British Institute of International & Comparative Law on Tuesday, Peterfalvi explained that data transfer regulations were causing real problems for organizations trying to move data outside the country.

"Our Act is simply bad," said Peterfalvi, adding that Hungary's 1992 privacy law "must be modified" to bring it further into line with the EU Data Protection Directive.

Along with nine other Central and Eastern European countries involved in last year's accession to the European Union, Hungary has had to implement a number of changes to its national data protection law. The data transfer rules, however, were not amended and require organizations to go further than required under the European directive.

Peterfalvi explained that his office has presented a more pragmatic solution before Parliament and is currently waiting approval. He added that the two-thirds majority voting system adopted by Parliament has made it difficult to push through legislative changes, but said the Ministry of Justice has indicated that the proposed amendment is likely to be approved in the Spring of this year.

4. Europe launches anti-spam initiative
Earlier this month, a coalition of 13 European data protection regulators and consumer ombudsmen launched a joint initiative to combat the threat of unsolicited spam e-mail. Despite a host of global anti-spam legislation implemented over the last few years, spam is still proving to be a major threat. January figures from e-mail security firm MessageLabs showed that 80 per cent of e-mail traffic was spam-related.

In 2002, the European Union adopted an anti-spam directive which has since been implemented into national law by most European member states. Enforcement activity, however, has been relatively low. Under the new anti-spam initiative, European regulators have agreed to take on a more proactive enforcement role through sharing information, improving cooperative procedures and pursuing spam-related complaints across borders.

Commenting on the new initiative, Information Society & Media Commissioner Viviane Reding said, "Enforcement authorities in Member States must be able to deal effectively with spam from other EU countries, even though at present most spam originates from outside the EU."

Reding added that further efforts were being made by the European Commission to combat the wider global implications of unsolicited e-mail. In addition to the European initiative, she said, "we are working on cooperation with third countries both bilaterally and in international fora like the OECD and the International Telecommunication Union."

Members of the new coalition include:

  • Austria - Federal Ministry for Transport, Innovation and Technology
  • Belgium - Privacy Commission and Federal Public Service Economy - Directorate General Enforcement and Mediation
  • Cyprus - Office of the Commissioner for Personal Data Protection
  • Czech Republic - Data Protection Authority
  • Denmark - Danish Consumer Ombudsman
  • French - Data Protection Authority (CNIL)
  • Greece - Hellenic Data Protection Authority
  • Ireland - Department of Communications, Marine and Natural Resources and the Office of the Data Protection Commissioner
  • Italy - Data Protection Authority
  • Lithuania - State Data Protection Inspectorate
  • Malta - Office of the Commissioner for Data Protection
  • Netherlands - Electronic Communications Regulator (OPTA) and Data Protection Authority (CBP)
  • Spain - Data Protection Authority

5. Former Sonera executive face illegal surveillance charges
According to Finnish newspaper Helsingin Sanomat, former executives at international telecoms operator Sonera went on trial earlier in early February for carrying out illegal surveillance on journalists and employees.

Eight defendants, including ex-CEO Kaj-Erik Relander, have been accused of breaching privacy regulations after allegedly accessing workers' telephone records as part of an investigation back in 1999 to identify the source of leaks to the press.

Protection against unauthorised surveillance is guaranteed by Finland's constitution and by its Law on Telecommunications Privacy. If found guilty, the defendants - who have denied the charges - could face up to three years in prison.

6. Choicepoint consumer data hacked

Choicepoint, a major US provider of consumer data, admitted Tuesday that it had been the victim of a major security breach. According to CNET.com, criminals posing as legitimate businesses managed to con their way into accessing Choicepoint's consumer database. It is believed that the details of up to 35,000 consumers from the state of California may have been compromised. The records included names, addresses and credit reports.

As a result of the incident, Choicepoint announced that it has changed its procedures to prevent similar events from occurring.

 

 

This site is sponsored by VeriSign – world leaders in Managed Security Solutions.
The contents of the site, however, do not necessarily reflect the views of VeriSign. Much of the content is independently authored.