to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y
We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for the 21st Century
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

Legislation

compliance and privacy

Current News Updates

PL&B UK E-news, Issue 32

5 September, 2004
© Privacy Laws & Business 2007

  1. HFC Bank breaches Data Protection Act
  2. CEOs fail to act on data security threats
  3. SAP seeks dialogue on RFIDs

1. HFC Bank breaches Data Protection Act

HFC Bank, a subsidiary of the HSBC group, has apologised after an "operator" error exposed the e-mail addresses of 2,600 HFC customers. The breach occurred after an e-mail was sent out to Marble credit card holders requesting them to contact the bank. The e-mail, however, contained the addresses of all customers on the distribution list. According to the Financial Times, the error was compounded by the fact that 'out-of-office' replies from some customers were relayed back to the distribution list, revealing telephone numbers and details on holiday absences.

Director of corporate affairs, Martin Rutland said HFC had contacted the Information Commissioner's Office (ICO) over the incident, although the ICO has since confirmed it will not be taking action against the bank. Rutland said HFC has apologised to customers, credited their accounts with £50, and has looked into how the breach occurred. "We've looked at the particular process that went wrong and we've taken steps to ensure it won't happen again," he said.

The apology and compensation, however, does not appear to be enough for some customers. According to the Financial Times, Brad Green - one of the affected customers - is coordinating a customer action group and may pursue legal action against HFC.

The full story and analysis will be published in the next edition of Privacy Laws & Business UK, out September.

2. CEOs fail to act on data security threats

Although CEOs are becoming increasingly aware of information security, they are failing to adequately address the risks, according to a survey by Ernst & Young. The 2004 Global Information Security Survey - which questioned infosecurity managers from around 1,200 organisations, across 51 countries - found that only 20 per cent strongly agreed that security was perceived as a CEO-level priority. Around 70 per cent of respondents admitted that their board of directors did not receive quarterly status reports on infosecurity.

Lack of awareness among staff was sighted as a key problem area by the survey, with over 70 per cent of respondents failing to list awareness and training as a top priority. This is despite recognition that poor awareness is the biggest barrier to achieving strong security levels. The report states that "more could and should be done to transform an organisation's weakest link - people - into its strongest and most effective layer of defence-in-depth."

The survey also picked out offshore outsourcing as a concern. More than 70 per cent of respondents indicated that they failed to regularly assess whether foreign service providers were compliant with data security regulations. And, over 60 per cent fail to regularly assess vendors' compliance with their own internal security policies. "Companies can outsource their work, but they can't outsource responsibility for its security" said Edwin Bennett, Global Director for Technology and Security Risk Services at Ernst & Young. "Organisations have to demand higher levels of security from their business partners."

The survey stresses that organisations should see security as a business enabler, rather than viewing it as a cost centre. "Companies can transform their view of information security, and approach it as a way to gain competitive advantage and preserve shareholder value, rather than merely consider it a necessary cost of doing business," said Bennett. "However, this transformation must be led by a visible shift in attitude from the CEO and the boards."

Click here for a copy of the Ernst & Young survey

3. SAP seeks dialogue on RFIDs

Global technology vendor, SAP, has called for open public debate over the benefits and privacy implications of using RFID technology. RFID tags (basically tiny location tracking devices that can be attached to products and packaging) are increasingly being used by retailers and manufacturers to manage their supply chains. But civil liberties groups have been concerned that the technology could be used to track and profile consumer shopping habits. Consumer groups like CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) have launched high profile campaigns against proponents of RFIDs, including companies such as Benetton, Gillette and Procter & Gamble.

SAP, a developer of RFID solutions, plans to host a number of discussion groups over the coming months, bringing together industry and business leaders, political groups, IT vendors and privacy advocates. The discussion groups will run in conjunction with major industry events, including Germany's CeBIT technology conference in March 2005. In October, SAP also intends to launch an online forum for interested parties to discuss and share ideas on RFIDs.

"In order for a new technology to gain widespread acceptance, businesses and the public should be well informed of its advantages and implications," said SAP executive board member, Claus Heinrich. "We therefore intend to facilitate a continuing open discussion among stakeholders to find ways to address concerns through industry standards, accepted guidelines and responsible corporate citizenship."

 


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.