to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y
We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for the 21st Century
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

Legislation

compliance and privacy

Current News Updates

PL&B International E-news, Issue 48

13 October, 2006
© Privacy Laws & Business 2006

  1. Italy's Data Protection Authority stops TV show on politicians' drug use
  2. $1million fine for US child privacy violation
  3. France's CNIL uses its new fining power for the first time (update)
  4. US and EU reach interim PNR pact

 1. Italy's Data Protection Authority stops TV show on politicians' drug use

On Tuesday 10 October, the Italian Data Protection Authority, the Garante, suspended transmission of a satirical TV programme which used clandestine methods to find evidence of drug use among politicians.

The programme, Le Iene (the Hyenas),  announced on Monday that  it had secretly tested 50 lower house deputies and found  evidence that 16  had taken drugs in the previous 36 hours. Twelve tested positive for cannabis and four for cocaine.

A journalist pretended to be an interviewer for a non-existent satellite TV show and asked the deputies to comment on the 2007 draft budget.  A make-up artist wiped their foreheads between filming. Cells collected by the wiping were then tested for drugs.  The Garante decided to block the programme, scheduled for Tuesday evening, because the tests to collect information about health had been conducted in a clandestine way.  Under Italy's Data Protection Act, the authority has the power to block the processing of personal data.  In this case the data was not only personal, but related to health, and so qualified as ‘sensitive'.  The use of the sensitive personal data in preparing and broadcasting a television programme would have amounted to ‘processing'.

If any reader is aware of any similar case, in any country, of data protection authorities stopping the broadcast of  programmes, please email James Michael, editor, international newsletter at James.Michael@privacylaws.com .

 2. $1 million fine for US child privacy violation

The US Federal Trade Commission has imposed a $1 million fine on a social networking website, Xanga, for collecting, using, and disclosing personal details of children under 13, an offence under the Children's Online Privacy Protection Act (COPPA).  The company has admitted the offences and accepted the fine.

 3. France's CNIL uses its new fining power for the first time (update)

Using its new powers under the Data Protection Act 2004 for the first time, the French Data Protection Authority, the CNIL, has imposed a fine of 45,000 Euros on Credit Lyonnais, one of France's leading
financial institutions.  This substantial fine was for ‘abusive' filing of information about clients with the Bank of France, and for impeding the CNIL in its investigation of complaints. Credit Lyonnais accepted the fine by publishing the announcement of the offences and penalty in Le Figaro and La Tribune, in the words ordered by the CNIL.

The CNIL fined Crédit Lyonnais for improperly placing the names of several individuals in national files, maintained by the Bank
of France, of persons with a negative credit history, including one person who was placed on the adverse credit list for allegedly not paying a debt which he had in fact paid. 

The CNIL was particularly distressed that Crédit Lyonnais took long periods of time (in at least one case, about a year) to provide explanations for such actions in cases that the CNIL initiated after complaints by the affected
individuals. As a result, the CNIL found that Crédit Lyonnais had obstructed its investigations.

The fine was calculated by multiplying the penalty by three, and the publication of the fine in two newspapers was ordered because the CNIL found that the bank had been guilty of mauvaise foi  (bad faith).  By imposing the fine for impeding the inquiry, the CNIL has sent a strong message that it intends to use its new powers vigorously, and that French owned companies are just as subject to its regulation as French subsidiaries of U.S.-based companies such as McDonald's and Exide Technologies (PL&B International June/July 2005 p.5)  Credit Lyonnais has announced the introduction of control procedures to prevent such breaches in future.  The CNIL has warned that it will decide on more sanctions, including fines, in the near future, probably involving companies in banking and e-commerce.

More information in French: http://www.cnil.fr/index.php?id=2104&news[uid]=381&cHash=20ea8ddf3c

 4. US and EU reach interim PNR pact

Under the US/EU  agreement  reached on Friday 6 October on disclosure of passenger name records (PNR), the FBI and other American  agencies will have easier access to sensitive personal information on passengers flying from the EU to the US. Negotiations had stalled  over the US demand for  fewer restrictions on sharing the passenger records among US authorities.   Franco Frattini, EU justice commissioner,  said that he had agreed to allow  easier transfer of information between US authorities after Washington gave fresh guarantees over data protection.  Speaking at an EU justice ministers' meeting in Luxembourg, he said: “We are not talking about more data or more exchanges, we are talking about making it easier to transmit data.”

US Secretary of Homeland Security  Michael Chertoff said: “I applaud my counterparts at the European Union for agreeing with me on the importance of sharing this passenger data to defend us against terrorism.” He emphasised the EU and US's “joint goal of combating terrorism while respecting our joint commitment to fundamental rights and freedoms, notably privacy”.  Requests from other agencies that might conduct counter-terrorism investigations, such as the US Treasury and the Department of Justice, would have to be examined on a case-by-case basis, EU officials said, and these authorities would not have direct electronic access to the records.

EU officials said that Washington will continue to store the data for up to three and a half years. The US wanted to keep the data for longer periods, according to airline officials, but had not sought  the 50-year period rejected by the EU in 2004.

The US will also retain the right to share the records with other governments.  The new pact, finalised after a nine-hour video conference, is valid until July 2007.  Talks for a longer-term agreement will begin in November.

When the two sides failed to reach agreement ahead of a September 30 deadline there was  concern in some EU states that airlines would  break domestic data protection laws by continuing to pass on the passenger information. An official for the German government's federal data protection commissioner said it was a "matter of concern". "What is the US doing with the information? At present we have no way of finding out," he said.  However, airlines were told that  they were unlikely to be fined for breaching national laws. The German data protection agency said it would not be prosecuting Lufthansa, the national carrier, as "the airlines are not those causing the problems in the first place". They could have lost US landing rights if they had not transmitted data.

Click here for further information about subscribing to the international newsletter.

 


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.