Category: Data Protection Act

Will Federal Legislation Encourage Cyber-Threat Information Sharing?

Department of Homeland Security

Ten Republicans and one Democrat have sponsored a House bill that’s aimed to protect the nation’s critical infrastructure, including the financial services systems, healthcare, electric grid and water facilities. Known as the the Precise Act, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011, or HR 3674, would require the Department of Homeland Security to conduct an evaluation of cybersecurity risks to critical infrastructure and determine the best mitigation methods. The legislation also would establish the National Information…

Click for complete article >>

ICO: Many U.K. Organizations Still Failing On The Basics Of Data Protection

fail uk breach

The Information Commissioner’s Office (ICO) has imposed only six monetary penalties against organizations for data breaches since gaining the power in April 2010, says deputy commissioner David Smith. “These penalties are not imposed for losing data, but for failing to meet the requirement of addressing the risk and having appropriate measures in place,” he told attendees of a Trusted Computing seminar, hosted by Wave Systems in London in association with ISSA-UK. Smith highlighted several other trends that have emerged from…

Click for complete article >>

ICO Calls For Audit Enforcement Power

security audit ico

Information Commissioner Christopher Graham says the data protection watchdog should be able to audit local authorities, businesses and the NHS without their consent. Currently, the ICO only has compulsory audit powers over central government, with consent required for an audit to be carried out in other sectors. However, Graham argues that these sectors are sources of particular concern. The NHS accounted for 40% of data breaches since April this year, while two thirds thirds of data breach fines were issued…

Click for complete article >>

European Businesses Face Mandatory-Disclosure Law

Posted September 28, 2011 by TeamSHATTER Admin in Breach Notification Laws, Compliance, Data Breach, Data Protection Act, Database Security with 0 comments
Data Protection Act

Public and private sector businesses will soon be hit by mandatory-disclosure legislation. In mid-November, the European Commission will publish the new version of its Data Protection Directive, the legislation on which the Data Protection Act is based, and among the new measures will be instructions on data processing. This will install a ‘mandatory data breach disclosure’ law covering every organisation in the public and private sectors. Talking to SC Magazine, Stewart Room, partner at Field Fisher Waterhouse, said that while…

Click for complete article >>

Data breach Hits Irish Jobs Website

Posted September 9, 2011 by TeamSHATTER Admin in Data Breach, Data Protection Act, Database Security with 0 comments

Jobs website, which allows individuals to upload their CVs online, has been the subject of a security breach. The company has written to users to inform them of a “recent” security breach on its servers, which it says was quickly identified. In an email, company director John Doupe said gardaí had apprehended two individuals who were the subject of a file being prepared for the Director of Public Prosecutions. “Although was not the primary source of the breach,…

Click for complete article >>

Lush To Launch New Website In Wake Of Hacking

Lush Breach ICO

Online retailer Lush is planning to launch a new community-focused website this autumn, replacing one that was taken down earlier this year after a data protection breach left up to 5,000 of its customers exposed to hackers. The news follows a ruling this week by the Information Commissioner’s Office (ICO) that the handmade cosmetics company breached the Data Protection Act when its website security was compromised for four months. The ICO has now warned other online retailers to make sure…

Click for complete article >>

Student Hacked School; Broke Data Protection Act

i will not use the same password for everything

Bay House school in Gosport was reprimanded by the Information Commissioner’s Office (ICO) for compromising the privacy of those on its database. A Hampshire teenager managed to hack into his school’s website and expose the personal details of 20,000 people, including medical information on more than 7,000 pupils. The 15-year-old unnamed pupil broke into Bay House’s private database in March after he obtained the password from a member of staff. The student, who has been temporarily excluded by the school, exposed…

Click for complete article >>

Lush Breached Data Protection Act, ICO Confirms

Lush Breach ICO

The Information Commissioner has found cosmetics retailer Lush in breach of the Data Protection Act (DPA) after the company’s website was hacked, exposing customers’ credit card details. In January, the company took down its website following persistent attacks by hackers, and warned all customers who placed online orders on the website between October 4, 2010 and January 20, 2011that their card details “may have been compromised”. The ICO revealed that hackers were able to access the payment details of 5,000 customers. Lush…

Click for complete article >>

University Of Sydney Failed To Protect Students: Privacy Commissioner

Posted June 30, 2011 by TeamSHATTER Admin in Compliance, Data Breach, Data Protection Act, Database Security, Education with 0 comments
University of sydney security

An investigation by the Acting NSW Privacy Commissioner, John McAteer, into the University of Sydney’s security breach in January has found that the institution failed meet its obligations to students under the Privacy and Personal Information Protection (PPIP) Act of 1998 due to a series of security blunders. According to the report (PDF), a similar security flaw on the university’s website was first reported in 2007. “The university repaired the code error that allowed unauthorised access to student records on…

Click for complete article >>

New European Data Protection Laws Still Years Away

Posted April 20, 2011 by TeamSHATTER Admin in Data Breach, Data Protection Act, Government (Federal), Government (State) with 0 comments
data breach laws

INFOSECURITY EUROPE: New EU-wide data protection laws are still at least two to three years away, but it is increasingly likely they will mandate data breach notifications for all organisation, according to the deputy information commissioner, David Smith. Speaking at the Infosecurity Europe event in London on Wednesday, Smith explained that the Data Protection Directive is currently under review by the European Commission, with the institution set to announce a set of initial proposals in summer 2011. “However this is…

Click for complete article >>
Powered by