Archive for October, 2011
Who fell foul of the Information Commissioner in October?
Posted by brianfpennington in brian pennington on 31/10/2011
A week after Calls for tougher penalties for breaches of the Data Protection Act (read my post here) I thought it would be good time to have a look at who the Information Commissioner’s Office (ICO) has taken action against during the month of October 2011. To add some consistency I have also included actions taken […]
Newcastle Youth Offending Team breached the Data Protection Act after theft of an unencrypted laptop
Posted by brianfpennington in brian pennington on 28/10/2011
Newcastle Youth Offending Team breached the Data Protection Act by failing to encrypt a laptop containing personal data which was later stolen, the Information Commissioner’s Office (ICO) said today. The laptop – which contained personal data relating to 100 young people – was reported stolen from a contractor’s home in the Northumbria area in January. The contractor […]
Calls for tougher penalties for breaches of the Data Protection Act
Posted by brianfpennington in brian pennington on 27/10/2011
In the United Kingdom there is an Act of Parliament that seeks to protect the personal data of its citizens, it is the Data Protection Act 1998 (DPA). The enforcer of the Act is the Information Commissioner’s Office (ICO). The ICO also has responsibility for other Acts of Parliaments, specifically the Freedom of Information Act 2000, […]
Students are concerned that information online might affect their careers
Posted by brianfpennington in brian pennington on 26/10/2011
42% of Students are concerned that personal information available about them online might affect their future employment prospects, the Information Commissioner’s Office (ICO) said, as it launched its 2011 Student Brand Ambassador campaign. New figures also show that many students are not adequately protecting themselves against the risk of identity theft. 33% students who have […]
The 10 Ten Early Warning Signs Of Fraud In Organisations
Posted by brianfpennington in brian pennington on 26/10/2011
After completing a survey on the activities of the National Fraud Authority (NFA) UKFraud.co.uk has offered advice on how to minimise the impact of fraud. Ten Early Warning Signs Of Fraud In Organisations 1. Erratic reporting Erratic, incomplete, late or excuse laden management reporting is often a classic sign that something is wrong. One of the possibilities is […]
Advice for Small Businesses on how to avoid Identity theft
Posted by brianfpennington in brian pennington on 25/10/2011
The Identity Theft Council (ITC) has recently issued a press release promoting Identity Theft awareness and offered advice on how to avoid the problem. They quote from a Javelin Strategy & Research study found that fraud suffered by Small Business Owners (SMBO) totaled an $8 billion Banks, merchants and other providers absorbed at least $5.43 […]
PCI Security Standards Council opens election for new Special Interest Groups
Posted by brianfpennington in PCI DSS Compliance on 24/10/2011
The PCI Security Standards Council (PCI SSC) opens election for new Special Interest Groups (SIG). The Council developed Special Interest Groups (SIG) to leverage the expertise of more than 600 Participating Organizations and provide a vehicle for incorporating their ideas and input into the work of the Council. SIGs focus on providing recommendations to the Council which often results […]
Information Commissioner: Businesses ‘waking up’ to Data Protection responsibilities
Posted by brianfpennington in brian pennington on 24/10/2011
The Information Commissioner has reported that businesses may be ‘waking up’ to their obligations under the Data Protection Act (DPA) but public confidence in how personal information is being handled continues to decline, the Information Commissioner’s Office (ICO) said today. Figures published show that nearly three quarters of businesses surveyed now know that the DPA requires them to […]
Housing Group breaches the Data Protection Act by Emailing a spreadsheet
Posted by brianfpennington in brian pennington on 24/10/2011
Spectrum Housing Group based in Dorset breached the Data Protection Act by sending the personal data of 200 employees to the wrong email address, the Information Commissioner’s Office (ICO) said today. In March 2011, an employee of Spectrum Housing Group accidentally emailed a non-secure excel spreadsheet containing employees’ data, including details of their pension contributions, […]
PCI SSC updates PTS program for Encryption and Mobile
Posted by brianfpennington in PCI DSS Compliance on 15/10/2011
The PCI Security Standards Council have provided and update to the PIN Transaction Security Program for secure point-to-point encryption (P2PE) and mobile payment acceptance. PTS 3.1 adds two new approval classes that facilitate the deployment of P2PE technology in payment card security efforts, building on the Secure Reading and Exchange of Data (SRED) module previously introduced in version 3.0 […]
Security should not be viewed as an isolated activity
Posted by brianfpennington in brian pennington on 14/10/2011
In IP EXPO’s 2011 security index survey which was conducted among IT professionals from businesses of all sizes and sectors on behalf of Imago Techmedia and the IP EXPO show organisers. “Respondents to our survey overwhelmingly agreed that IT security should not be viewed as an isolated activity, but would best be treated as an integrated part of […]
Disclosure rules clarified, or made more confusing?
Posted by brianfpennington in brian pennington on 14/10/2011
Following the UK’s Information Commissioner’s call for compulsory audits and Disclosure Laws in France and Germany the US Securities and Exchange Commission (SEC) has release a statement containing Disclosure Guidance. In setting the scene for their Gisclosure Guidance the SEC points out the risks and results of a Cyber attack, Victim(s) to successful cyber attacks may […]
Information Commissioner calls for powers to conduct compulsory Data Protection Audits
Posted by brianfpennington in brian pennington on 13/10/2011
The Information Commissioner has called for powers to conduct compulsory data protection audits in local government, the health service and the private sector are needed to ensure compliance with the law, the Information Commissioner said today at the 10th annual data protection compliance conference in London. Christopher Graham’s call came as figures showed that the ICO […]
Merchants are complacent about PCI DSS, report reveals.
Posted by brianfpennington in PCI DSS Compliance on 12/10/2011
Image via Wikipedia Verizon have launched their 2011 Payment Industry Compliance Report which draws on their experiences as a QSA company and previous annual reports. Extracts from the report are below. Unchanged from last year, only 21 % of organizations were fully compliant at the time of their Initial Report on Compliance (IROC). Verizon commented with […]
The huge and unexpected administrative costs of a data breach
Posted by brianfpennington in brian pennington on 07/10/2011
Reading about another large data breach had me thinking about the non-technical side of a data breach. In these current times it is impossible to avoid the stories of data breaches because the press and blogs spin into gear almost immediately. Coming from the IT Security industry, I always think about the “normal” costs:- The cost of […]
UK Card Association offers advice on avoiding fraud
Posted by brianfpennington in brian pennington on 05/10/2011
Image by hugovk via Flickr The UK Card Association has recently published advice on avoiding fraud. Some common sense advice that should be used:- i) Ensure you are the only person who knows your PIN. Your bank or the police will never phone or email you and ask you to disclose it. ii) Your bank […]
Card fraud and online banking fraud down, but cheque and phone banking fraud up
Posted by brianfpennington in brian pennington on 05/10/2011
New figures released on the 5th October 2011 show that fraud losses on UK cards decreased in the first half of 2011 compared with the same time last year, as did fraud on online bank accounts. However, cheque fraud and fraud on phone banking accounts increased over the same period. Total fraud losses on UK cards […]
Education, education, when will people learn, encrypt your data as two more education establishments lose data
Posted by brianfpennington in brian pennington on 05/10/2011
The Information Commissioner has announced today two actions against education establishments who have lost data by failing to adequately protect their laptops. Having a policy that leaves the decision on what information needs to be encrypted to the user is always likely to lead to trouble. Encrypt everything and then the user cannot be blamed for […]
Hospital destroys 10,000 archived records – Information Commissioner not impressed
Posted by brianfpennington in brian pennington on 04/10/2011
Dartford and Gravesham NHS Trust breached the Data Protection Act by accidentally destroying 10,000 archived records, the Information Commissioner’s Office (ICO) said today. The records – which should have been kept in a dedicated storage area – were put in a disposal room due to lack of space. The records were then mistakenly removed from […]
-
You are currently browsing the archives for October, 2011
Brian Pennington
-
