Group items tagged

Ask a room full of security practitioners for a list of security settings that'll make Internet Explorer (IE) safe to use and you'll either hear laughter or advice to get a new browser like Mozilla Firefox, Opera, Safari or Google Chrome. Even as Microsoft has worked diligently to improve security in its troubled browser, especially in IE7 and the newly-released IE8, security pros simply don't trust it. Most have turned to alternative browsers, especially Firefox. [See: Microsoft Releases IE8, Stresses Security] But the intoxication security pros find in Firefox and the other alternatives comes with a big hangover. When one wakes up from an evening of online adventuring on one of the alternative browsers, the painful reality is that they will never be able to get away from IE completely. The obvious reason is that IE is so tightly integrated into the Windows operating system, though some industry voices have called on Microsoft to divorce it from the OS. [See: Security Expert: Microsoft Should Sever IE from Windows] "We aren't going to be able to get away from IE in the corporate world anytime soon," said Christopher Mendlik, a threat analyst at Wachovia. Besides the tight integration with Windows, there's the simple reality that some business applications will only work when used in IE. At CSOonline and other media outlets, for example, the programs used to post content online tend to be allergic to non-IE browsers. Those who have no choice but to use IE have turned to a number of coping mechanisms.

Abortion has long been a misguided litmus test for the Supreme Court - but privacy rights?

Supreme Court nominee Judge Sonia Sotomayor's views on abortion and privacy rights are coming into the spotlight as attention turns to her confirmation. NARAL Pro-Choice America is urging senators to make sure Sotomayor is questioned on Roe v. Wade and privacy rights during her confirmation hearings. President Barack Obama is pro-choice, but Sotomayor's views are not known. The White House was asked yesterday if the president asked Sotomayor about abortion or privacy rights. A spokesman says the president did not specifically ask that question. The discussion comes as supporters and opponents of Sotomayor's nomination are taking their message to the airwaves. A coalition of liberal groups has unveiled a television advertisement in favor of Sotomayor's confirmation touting her extensive resume, while a conservative group calling itself the Judicial Confirmation Network has put out its own ad, charging Sotomayor will push a liberal agenda based on her gender and racial background. The White House is hoping Sotomayor will get the green light before the Senate goes on recess in August. Republicans are signaling they will not delay Sotomayor's confirmation, but will scrutinize her legal philosophy and some of her past decisions as a judge.

"Faced with increasing pressure from Washington, the Interactive Advertising Bureau launched a public service campaign on Thursday aimed at educating consumers about behavioral targeting. The online campaign, created pro bono by WPP's Schematic, features rich media banner ads with copy like "Advertising is creepy" and "Hey, this banner can tell where you live. Mind if we come over and sell you stuff?" More than one dozen publishers -- including Microsoft, Google's YouTube, and AOL -- have committed to donate a combined 500 million impressions for the initiative. The campaign comes as policymakers are questioning whether data collection by marketers violates consumers' privacy. Rep. Rick Boucher (D-Va.) has said he plans to introduce a bill that could require Web companies to notify users about online ad targeting, and in some circumstances, obtain their explicit consent. In addition, the Federal Trade Commission has criticized the industry for using dense privacy policies to inform people about behavioral targeting, or tracking people online and sending them ads based on sites visited. In a meeting with reporters Thursday morning, IAB President and CEO Randall Rothenberg said one goal of the campaign is to address regulators' concerns that consumers don't understand behavioral advertising. "

Tomorrow is Data Protection and Privacy Day. Events around the world will mark the occasion. In Brussels, the European Parliament, European Commission and EDPS will host a variety of workshops and the winners of the "Think Privacy," competition will be unveiled. In Canada, events will be held in Newfoundland and Labrador, Ontario, Alberta and elsewhere, with regulators and companies hosting various forums. For a comprehensive list of global events, visit the Data Privacy Day Web site. After hours, privacy pros will gather in cities across the world for IAPP Privacy After Hours events. Click here to find an event near you.

Data Protection & Privacy Day Tomorrow

A top affliction of privacy professionals is the growing complexity of privacy laws. The number of jurisdictions regulating data privacy and the number of other laws in which privacy provisions are tucked has increased with no letup since 2000. Like the Lilliputians in Gulliver's Travels, the tiniest jurisdictions are now lassoing their privacy ropes around the mightiest of corporations. Where does this leave those who are charged with keeping their organizations privacy-compliant? Desperately looking for a way to organize news about all of these developments. I recently surveyed the landscape of possible solutions to this problem. What did I find? Three different approaches: free Web sites, newsletters and news feeds; fee-based periodicals; and fee-based databases, such as Nymity's PrivaWorks, Cecile Park Publishing's DataGuidance and law firm Morrison and Foerster LLP's Summit Privacy. What were the pros and cons of each approach? Free sources Privacy leaders with no budget will want to exploit what's free, including these options: * Morrison & Foerster's Privacy Library, probably the most comprehensive and current free online listing of privacy laws in 95 countries. * Law firm Baker & McKenzie's annual Global Privacy Handbook, which is distributed to clients and friends. * Computerworld's own Security Newsletter, which offers a regular look at news about the technical threats to personal data. * The International Association of Privacy Professionals' Daily Dashboard, Canada Dashboard Digest and monthly Inside 1to1: Privacy. These are the best available free news feeds on privacy.

This tip is part of SearchSecurity.com's Data Protection School lesson, E-discovery and security in the enterprise. Visit the E-discovery and security in the enterprise lesson page for additional learning resources. Most information security pros have a handle on the major data types found in their environments, but they also know that there is a whole lot more data lurking around the edges. These unknown data types can include documents used by individuals, or whole applications owned by departments that have quietly become essential to the business. Most of the time, focusing on the squeaky wheels is an acceptable strategy; if there's no "squeak" then there's no need to worry. But when it comes to litigation, and especially managing the electronic discovery process, what you don't know can hurt you. There are four major types of data in use today: paper documents; structured data sets, like databases; semi-structured applications, like email and image stores; and unstructured repositories, like file servers. Comprehending the vast volume of these varied records can be a challenge for everyone involved, which includes information technology, records management, legal staff, and even the data owners themselves. But since almost all business information is stored in digital formats today, electronic storage systems are the most popular target for the discovery motions filed as part of legal proceedings. It is most efficient for a litigator to head straight for your email, spreadsheets and applications, looking for what they term electronically stored information (ESI). Making matters worse for IT administrators, new rules for civil litigation enacted at the end of 2006 (called the Federal Rules of Civil Procedure, or FRCP) have pushed up the timetable of electronic discovery. What was once a delayed and informal process has become much more structured, with lawyers meeting to discuss available ESI, typically just a few weeks after legal action commences. When l

There is no denying that Google is a giant success. But its size has made the "do no evil" mantra all the more difficult for it to follow - and for some of us to believe. Lately, it seems every new release and every new decision draws the ire of someone, be it politicians, privacy campaigners, or even villagers. While the Google brand is certainly in better shape than many tech firms, its constant moves to control more and more of our data and information has some up in arms. Privacy Three recent announcements have drawn the attention of privacy campaigners in the UK - Latitude, Street View, and behavioural advertising. Latitude is Google's mobile tracking system. Sign up for it, add your friends, and you can all see exactly where each other is via your mobile phone signal pinpointed on a Google map. Handy if you're bored and want to know who's out and about, but the location tracking system could be frightening for a host of other reasons, some say. Last month, Liberal Democrats Home Affairs spokesman Tom Brake filed an early day motion (EDM) asking the government to look into Latitude. Brake said: "This system poses an insidious threat to our hard-won liberties. 24-hour surveillance and a Big Brother society are new realities." But the heat was off Latitude after Street View was unveiled in the UK. The photo mapping system features street-level photos of 25 cities, offering a virtual tour of places such as London, Manchester and more. But some people aren't so happy having their homes, cars and selves photographed and mapped - even with face and number plates blurred. The backlash didn't take long to start. Within a day, Privacy International was on the case, asking the Information Commissioner to shut the site down.

There are three reasons for breach notification laws. One, it's common politeness that when you lose something of someone else's, you tell him. The prevailing corporate attitude before the law - "They won't notice, and if they do notice they won't know it's us, so we are better off keeping quiet about the whole thing" - is just wrong. Two, it provides statistics to security researchers as to how pervasive the problem really is. And three, it forces companies to improve their security. That last point needs a bit of explanation. The problem with companies protecting your data is that it isn't in their financial best interest to do so. That is, the companies are responsible for protecting your data, but bear none of the costs if your data is compromised. You suffer the harm, but you have no control - or even knowledge - of the company's security practices. The idea behind such laws, and how they were sold to legislators, is that they would increase the cost - both in bad publicity and the actual notification - of security breaches, motivating companies to spend more to prevent them. In economic terms, the law reduces the externalities and forces companies to deal with the true costs of these data breaches.