Archive for December, 2011
Data Security Survey to gauge organisations’ perception of their own IT security
Posted by brianfpennington in brian pennington on 30/12/2011
As we near the end of 2011 Hitachi ID Systems has run its first annual Data Security Survey to gauge organisations’ perception of their own IT security. Survey background Hitachi’s survey focused on Identity and Access Management (IAM) and had several “hundred” respondents from 16 different industries including agriculture, aerospace, construction media and retail. The largest group […]
Eight Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data
Posted by brianfpennington in PCI DSS Compliance on 21/12/2011
Image via Wikipedia Eight Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data Merchants are constantly seeking ways to simplify and reduce the scope of the Payment Card Industry’s Data Security Standard (PCI DSS) compliance by shrinking the footprint where cardholder data is located throughout their organization. By reducing the scope, these Merchants can […]
7 experts predict the IT security and compliance issues and trends of 2012
Posted by brianfpennington in brian pennington on 20/12/2011
Here we are on the edge of another year and it is the time of year when the predictions start. Everyone has an opinion on what could be around the corner, some are based on extensive research and market trends, and some are based on customer expectations and experience. Rather than bore you with my predictions I thought […]
Tokenization for Dummies a Free eBook
Posted by brianfpennington in PCI DSS Compliance on 19/12/2011
Tokenization for Dummies a free eBook In today’s ever-evolving technological landscape, the data that defines and drives a business is increasingly susceptible to corruption and theft. Financial transactions, payroll information, and customer data are a few of the records vulnerable to attack, attacks that may result in regulatory fines e.g. PCI DSS, damage to your brand, […]
Illicit access of medical records leads to a breach of the Data Protection Act
Posted by brianfpennington in brian pennington on 17/12/2011
Image via Wikipedia A receptionist who unlawfully obtained her sister-in-law’s medical records in order to find out about the medication she was taking has been found guilty of an offence under section 55 of the Data Protection Act (DPA). Usha Patwal, of Romford, was given a two year conditional discharge and ordered to pay £614 prosecution costs […]
Clarification given on private email details and the Freedom of Information Act
Posted by brianfpennington in brian pennington on 15/12/2011
The Information Commissioner has clarified the Freedom of Information Act’s regulations affecting the storing of personal email address. Overview FOIA applies to official information held in private email accounts (and other media formats) when held on behalf of the public authority. Such information may be exempt and will not necessarily have to be disclosed It may be necessary to […]
Websites failing cookie regulations
Posted by brianfpennington in brian pennington on 13/12/2011
Earlier this year the UK government tried to implement Privacy and Electronic Communications Regulations after an EU Directive. The regulations were to have taken effect on the 25th may 2011 but after a series of lobbies and petitions the regulations were put back to the 26th May 2012. As part of the process the Information Commissioner implemented a 12 month […]
Last chance to review your PCI readiness before the holiday season
Posted by brianfpennington in PCI DSS Compliance on 12/12/2011
As we enter the busiest period of credit card spending it is probably a good time for a bit of last minute house keeping to ensure your business is meeting the Payment Card Industry Data Security Standard (PCI DSS), or as much of it as you can. First things first, DO NOT STORE CREDIT CARDS unless […]
RSA’s November Online Fraud Report
Posted by brianfpennington in brian pennington on 07/12/2011
Below is a summary of RSA’s November Online Fraud Report:- The humble beginnings of phishing The term ‘phishing’ was coined in 1996 by hackers who managed to steal America Online (AOL) accounts by coaxing username and passwords from unsuspecting users. At the time, hacked accounts were dubbed ‘phish’; within a year, ‘phish’ was actively being traded between […]
Information Commissioner gets tough with the largest fine for the breach of the Data Protection Act
Posted by brianfpennington in brian pennington on 06/12/2011
The Information Commissioner’s Office (ICO) has served a penalty of £130,000 on Powys County Council for breaching the Data Protection Act. Powys County Council sent the details of a child protection case to the wrong recipient. The £130,000 penalty is the highest that the ICO has served since it was given the power in April 2010 and follows […]
Internet regulation – Government plans for managing and monitoring of the internet revealed
Posted by brianfpennington in brian pennington on 05/12/2011
On the 1st December 2011 the UK Parliament produced guidance on its plans for monitoring and managing the internet. It was published as a “Commons Library Standard Note“. The remit of the document is:- The practicalities of blocking and filtering harmful material on the internet have generated interest in a range of contexts: the misuse of […]
Estate Agent prosecuted for not disclosing he stored personal data
Posted by brianfpennington in brian pennington on 02/12/2011
Merfyn Pugh Estate Agents pleaded guilty (1.12.11) to the offence of failing to notify the Information Commissioner’s Office (ICO) that his business processes personal data. John Merfyn Pugh of the Estate Agents Merfyn Pugh was prosecuted under section 17 of the Data Protection Act. The Data Protection Act 1998 requires every organisation or person who is processing personal information in […]
-
You are currently browsing the archives for December, 2011
Brian Pennington
-
