Archive for October, 2011

Who fell foul of the Information Commissioner in October?

A week after Calls for tougher penalties for breaches of the Data Protection Act (read my post here) I thought it would be good time to have a look at who the Information Commissioner’s Office (ICO) has taken action against during the month of October 2011. To add some consistency I have also included actions taken […]

Rate this:

, , , , , , , , , ,

1 Comment

Newcastle Youth Offending Team breached the Data Protection Act after theft of an unencrypted laptop

Newcastle Youth Offending Team breached the Data Protection Act by failing to encrypt a laptop containing personal data which was later stolen, the Information Commissioner’s Office (ICO) said today. The laptop – which contained personal data relating to 100 young people – was reported stolen from a contractor’s home in the Northumbria area in January. The contractor […]

Rate this:

, , , , , , ,

2 Comments

Calls for tougher penalties for breaches of the Data Protection Act

In the United Kingdom there is an Act of Parliament that seeks to protect the personal data of its citizens, it is the Data Protection Act 1998 (DPA). The enforcer of the Act is the Information Commissioner’s Office (ICO). The ICO also has responsibility for other Acts of Parliaments, specifically the Freedom of Information Act 2000, […]

Rate this:

, , , , , ,

1 Comment

Students are concerned that information online might affect their careers

42% of Students are concerned that personal information available about them online might affect their future employment prospects, the Information Commissioner’s Office (ICO) said, as it launched its 2011 Student Brand Ambassador campaign. New figures also show that many students are not adequately protecting themselves against the risk of identity theft. 33% students who have […]

Rate this:

, , , , ,

3 Comments

The 10 Ten Early Warning Signs Of Fraud In Organisations

After completing a survey on the activities of the National Fraud Authority (NFA) UKFraud.co.uk has offered advice on how to minimise the impact of fraud. Ten Early Warning Signs Of Fraud In Organisations 1. Erratic reporting Erratic, incomplete, late or excuse laden management reporting is often a classic sign that something is wrong. One of the possibilities is […]

Rate this:

, , , ,

Leave a Comment

Advice for Small Businesses on how to avoid Identity theft

The Identity Theft Council (ITC) has recently issued a press release promoting Identity Theft awareness and offered advice on how to avoid the problem. They quote from a Javelin Strategy & Research study found that fraud suffered by Small Business Owners (SMBO) totaled an $8 billion Banks, merchants and other providers absorbed at least $5.43 […]

Rate this:

, , , , , ,

1 Comment

PCI Security Standards Council opens election for new Special Interest Groups

The PCI Security Standards Council (PCI SSC) opens election for new Special Interest Groups (SIG). The Council developed Special Interest Groups (SIG) to leverage the expertise of more than 600 Participating Organizations and provide a vehicle for incorporating their ideas and input into the work of the Council. SIGs focus on providing recommendations to the Council which often results […]

Rate this:

, , , , , , , ,

2 Comments

Information Commissioner: Businesses ‘waking up’ to Data Protection responsibilities

The Information Commissioner has reported that businesses may be ‘waking up’ to their obligations under the Data Protection Act (DPA) but public confidence in how personal information is being handled continues to decline, the Information Commissioner’s Office (ICO) said today. Figures published show that nearly three quarters of businesses surveyed now know that the DPA requires them to […]

Rate this:

, , , , , , ,

1 Comment

Housing Group breaches the Data Protection Act by Emailing a spreadsheet

Spectrum Housing Group based in Dorset breached the Data Protection Act by sending the personal data of 200 employees to the wrong email address, the Information Commissioner’s Office (ICO) said today. In March 2011, an employee of Spectrum Housing Group accidentally emailed a non-secure excel spreadsheet containing employees’ data, including details of their pension contributions, […]

Rate this:

, , , , ,

Leave a Comment

PCI SSC updates PTS program for Encryption and Mobile

The PCI Security Standards Council have provided and update to the PIN Transaction Security Program for secure point-to-point encryption (P2PE) and mobile payment acceptance. PTS 3.1 adds two new approval classes that facilitate the deployment of P2PE technology in payment card security efforts, building on the Secure Reading and Exchange of Data (SRED) module previously introduced in version 3.0 […]

Rate this:

, , , , , , ,

Leave a Comment

Security should not be viewed as an isolated activity

In IP EXPO’s 2011 security index survey which was conducted among IT professionals from businesses of all sizes and sectors on behalf of Imago Techmedia and the IP EXPO show organisers. “Respondents to our survey overwhelmingly agreed that IT security should not be viewed as an isolated activity, but would best be treated as an integrated part of […]

Rate this:

, , , ,

Leave a Comment

Disclosure rules clarified, or made more confusing?

Following the UK’s Information Commissioner’s call for compulsory audits and Disclosure Laws in France and Germany the US Securities and Exchange Commission (SEC) has release a statement containing Disclosure Guidance. In setting the scene for their Gisclosure Guidance the SEC points out the risks and results of a Cyber attack, Victim(s) to successful cyber attacks may […]

Rate this:

, , , , , ,

1 Comment

Information Commissioner calls for powers to conduct compulsory Data Protection Audits

The Information Commissioner has called for powers to conduct compulsory data protection audits in local government, the health service and the private sector are needed to ensure compliance with the law, the Information Commissioner said today at the 10th annual data protection compliance conference in London. Christopher Graham’s call came as figures showed that the ICO […]

Rate this:

, , , , , , , , ,

1 Comment

Hotel association to create unified security standards for Credit Card payments

Image by SeeMidTN.com (aka Brent) via Flickr Under the banner of the Hotel Technology Next Generation (HTNG), 16 major hotel groups from around the world are planning to work together to develop an industry specific IT Security framework  for handling sensitive and credit card data. The HTNG will be a not for profit trade body which […]

Rate this:

, , ,

1 Comment

Merchants are complacent about PCI DSS, report reveals.

Image via Wikipedia Verizon have launched their 2011 Payment Industry Compliance Report which draws on their experiences as a QSA company and previous annual reports. Extracts from the report are below. Unchanged from last year, only 21 % of organizations were fully compliant at the time of their Initial Report on Compliance (IROC). Verizon commented with […]

Rate this:

, , , , , , , , ,

2 Comments

The huge and unexpected administrative costs of a data breach

Reading about another large data breach had me thinking about the non-technical side of a data breach. In these current times it is impossible to avoid the stories of data breaches because the press and blogs spin into gear almost immediately. Coming from the IT Security industry, I always think about the “normal” costs:- The cost of […]

Rate this:

, , , , ,

1 Comment

UK Card Association offers advice on avoiding fraud

Image by hugovk via Flickr The UK Card Association has recently published advice on avoiding fraud. Some common sense advice that should be used:- i) Ensure you are the only person who knows your PIN. Your bank or the police will never phone or email you and ask you to disclose it. ii) Your bank […]

Rate this:

, , ,

Leave a Comment

Card fraud and online banking fraud down, but cheque and phone banking fraud up

New figures released on the 5th October 2011 show that fraud losses on UK cards decreased in the first half of 2011 compared with the same time last year, as did fraud on online bank accounts. However, cheque fraud and fraud on phone banking accounts increased over the same period. Total fraud losses on UK cards […]

Rate this:

, , , , , ,

Leave a Comment

Education, education, when will people learn, encrypt your data as two more education establishments lose data

The Information Commissioner has announced today two actions against education establishments who have lost data by failing to adequately protect their laptops. Having a policy that leaves the decision on what information needs to be encrypted to the user is always likely to lead to trouble. Encrypt everything and then the user cannot be blamed for […]

Rate this:

, , , , ,

1 Comment

Hospital destroys 10,000 archived records – Information Commissioner not impressed

Dartford and Gravesham NHS Trust breached the Data Protection Act by accidentally destroying 10,000 archived records, the Information Commissioner’s Office (ICO) said today. The records – which should have been kept in a dedicated storage area – were put in a disposal room due to lack of space. The records were then mistakenly removed from […]

Rate this:

, , , , , ,

1 Comment

Follow

Get every new post delivered to your Inbox.

Join 982 other followers