to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y
We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

Legislation

compliance and privacy

Current News Updates

PL&B UK E-news, Issue 36

24 February, 2005
© Privacy Laws & Business 2005

  1. Lib Dems accuse rival parties of data protection breaches
  2. Used hard disks expose confidential data
  3. Organisations warned over Instant Messaging threat

1. Lib Dems accuse rival parties of data protection breaches

The Liberal Democrats have lodged a formal complaint with the Information Commissioner’s office accusing the Labour and Conservative parties of breaching the UK’s cold calling regulations. The two parties have allegedly been canvassing millions of homes registered onto the Telephone Preference Service (TPS) – a national do-not-call list allowing people to avoid unwanted telemarketing and cold calling.

Liberal Democrat Party Chairman, Matthew Taylor, has asked the Information Commissioner to investigate the allegations and clarify how the TPS rules apply to election canvassing. “We have received a number of complaints from individuals who have signed on to the TPS, but are still receiving unsolicited calls from the Tories and the Labour Party,” said Taylor. “The advice that we have received on several previous occasions is that such phone calls are illegal.”

Under the Privacy & Electronic Communications Regulations, organisations are prohibited from calling phone numbers listed on the TPS register unless they have been given specific permission to do so. Organisations that breach the rules can be fined up to ÂŁ5,000 per violation.

The Liberal Democrats are also setting up a website encouraging people to register complaints against cold call canvassing by political parties. "From today, we will be willing to help voters make complaints,” said Simon Hughes MP, President of the Liberal Democrats. “The Liberal Democrats are the only major party now to respect their wishes,” he added. “We are rigorous about cleansing our phone lists of numbers registered under the TPS system…It is time that the other two parties respected the rights of voters and consumers.”

2. Used hard disks expose confidential data

Companies that fail to destroy sensitive information from disused hard disks could find themselves on the receiving end of regulatory action or lawsuits from clients and staff whose data is exposed. A study carried out by the University of Glamorgan’s School of Computing has suggested that nearly 50 per cent of organisations are selling on computers with confidential information still attached.

The study, which looked at 92 second hand hard disks purchased via eBay and computer fairs, found whole customer and HR databases, names and addresses, national insurance numbers and corporate financial data.

Under the Data Protection Act, organisations are required to protect personal information from unauthorised access and destroy data that is no longer needed. The security lapses identified in the survey, however, are not necessarily because companies are unaware of their duty to destroy this information, but more their inability to carry out the task properly. Glamorgan University’s study found that in around half of the hard disks examined there had been failed - or only partially successful - attempts to remove information.

“Companies have an obligation to dispose of data when it is no longer required,” said
Dr Andy Blyth, head of the university’s Information Security Research Group, “and many of the organisations involved are now launching investigations in to how this information has ended up in the public domain.”

Key figures:

  • Unsuccessful attempts had been made to destroy confidential data on 48 per cent of the 92 hard disks studied.
  • 51 per cent of the hard disks contained personally identifiable information (including HR/customer databases, contact details, and national insurance numbers).
  • 57 per cent of the hard disks contained information that identified the organisations they had come from (these included a financial services organisation, a company from the leisure services industry, as well as schools and universities).
  • 20 per cent of the hard disks contained financial information, including sales receipts and profit and loss reports.

3. Organisations warned over Instant Messaging threat

IT analyst group Gartner has warned that vulnerabilities in Instant Messaging (IM) programmes could compromise organisations’ internal security controls.

The warning follows the exposure earlier this month of a security flaw in Microsoft’s MSN Messenger IM service. Although Microsoft was quick to control the problem, Gartner has stressed that when future vulnerabilities arise, Microsoft and other IM providers may not be able to act as quickly or effectively.

The increasing use of IM applications across enterprises, said Gartner, means organisations need to implement appropriate policies. “IM is so widely used that most enterprises have no idea how many IM clients are installed on their systems or how much IM traffic passed over their networks,” said Senior Gartner analyst, Lawrence Orans. But blocking the use of IM, he added, may be impractical. “IM is now so popular that it is rapidly becoming unrealistic to block IM traffic entirely. In many cases, one or more business units can make a compelling case for the need to use IM.”

Instead, organisations are being advised to adopt one of three options: implement an enterprise wide IM solution, deploy a solution that enables controls to be placed on publicly available IM programmes, or adopt both solutions.

 


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.