Group items tagged

The European Commission has prepared a set of questions and answers as well as a flowchart to help companies understand when they can and when they cannot send personal data abroad. The European Union's Data Protection Directive protects the personal data of EU citizens from abuse and misuse. Organisations have a duty to protect it, and that means ensuring that it is not sent to countries with poor data protection. The Directive says that data can be sent to another country "only if... the third country in question ensures an adequate level of protection". Only a handful of countries have been deemed acceptable destinations for data by the European Commission. Those are Switzerland, Canada, Argentina, the Bailiwick of Guernsey, the Isle of Man, the Bailiwick of Jersey and the US, when the data's treatment is in the Safe Harbor Privacy Principles of the US Department of Commerce The advice has been prepared by the Data Protection Unit of the Directorate-General for Justice, Freedom and Security at the European Commission. It is designed particularly to help small and medium sized companies to understand the law when it comes to transferring personal data outside of the European Economic Area (EEA). The guidance points out that in order for a transfer to be legal, data has to be properly handled in the first place according to the data protection laws of the country where the processing organisation is established. If the transfer is to a country not listed as having adequate data protections in place, a transfer can still take place, the guidance says, but only if "the data controller offers 'adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights'," says the guidance, quoting the Directive. "These safeguards may result from appropriate contractual clauses, and more particularly from standard contractual clauses issued by the Commission," it sai

VANDALS who attacked Fred Goodwin's mansion could have been helped by Google's new Street View, it was claimed yesterday. Security experts say the attackers may have "cased" the shamed banker's £3million Edinburgh home using the detailed images provided by the controversial new service. It could have helped them plan the attack, in which windows were smashed and a car wrecked, by showing them how to get in and escape unnoticed.

Too many companies leave themselves vulnerable to employees' ignorance or purposeful flouting of the rules when it comes to information security, suggests a survey conducted by (ISC)2. Focused on the 'basics' of policy management, the survey revealed that organisations are becoming confident in their ability to comply with the policies and procedures set out to secure their organisations. Analysis of the results, however, reveal education efforts to be immature, with most concerns relating to accountability and company-wide understanding of what is required. The survey questioned 737 information security professionals last month about their organisation's efforts in policy and awareness management. A great majority, 80 percent, said their company's ability to comply with security policy was satisfactory, good or very good, leaving only 20 percent saying they were dissatisfied. However, this confident stance was tempered by concerns from nearly half of the respondents over a lack of training (48 percent) and poor employee understanding of policy (46 percent); a lack of defined accountability (42 percent); and an unsupportive company culture (48 percent). These obstacles to compliance with policy were cited by significantly more respondents than other issues of traditional concern, including a lack of budget, which only 22 percent were concerned about, and the ability to procure the latest technology, which concerned only 19 percent of respondents. "The challenges are shifting from the systems to the people," says John Colley, CISSP, managing director for EMEA (Europe, Middle East, Africa) for (ISC)2. "The relatively little concern expressed over budgets suggests security continues to be viewed as a business imperative, even in the current economic climate. Unfortunately, security requirements are not yet well understood, or worse flouted, often with management support, in order to get a job done. There is a colossal task ahead to ensure all emplo

Ignorant People are a big security risk.

Diplomats and civil servants are to be warned about the danger of putting details of their family and career on social networking websites. The advice comes after the wife of Sir John Sawers, the next head of MI6, put family details on Facebook - which is accessible to millions of internet users. Lady Sawers disclosed details such as the location of the London flat used by the couple and the whereabouts of their three children and of Sir John's parents. She put no privacy protection on her account, allowing any of Facebook's 200 million users in the open-access London network to see the entries. Lady Sawers' half-brother, Hugo Haig-Thomas, a former diplomat, was among those featured in family photographs on Facebook. Mr HaigThomas was an associate and researcher for David Irving, the controversial historian who was jailed in Austria in 2006 after pleading guilty to Holocaust denial. Patrick Mercer, the Conservative chairman of the Commons counter-terrorism sub-committee, said that the entries were a serious error and potentially damaging.

Social networking users are more vulnerable than ever and taking more risks with their online privacy. According to the 'Bringing Social Security to the Online Community' poll by AVG, while the social networking community has serious concerns about the overall security of public spaces, few are taking the most basic of steps to protect themselves against online crimes. Participants indicated concern over growing phishing, spam and malware attacks, and nearly half of those surveyed are very concerned about their personal identity being stolen in an online community. Despite widespread use of social networks at home and/or at work, 64 per cent of users infrequently or never change their passwords on a regular basis, while 57 per cent infrequently or never adjust their privacy settings. Further, 21 per cent accept contact offerings from members they do not recognise, more than half let acquaintances or roommates access social networks on their machines, 64 per cent click on links offered by community members or contacts and 26 per cent share files within social networks. As a result of this widespread proliferation of links, files and unsolicited contacts, nearly 20 per cent have experienced identity theft, 47 per cent have been victims of malware infections and 55 per cent have seen phishing attacks.