Rina Steenkamp - Privacy and technology
[[...] on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) | "Police and criminal justice data protection directive" | Operation Black Tulip - certificate authorities lose authority | [O]n EASA/IAB best practice recommendation on online behavioural advertising | McAfee Threats report - third quarter 2011 | European disaster recovery survey 2011 | Life-logging risk assessment | Cyber-bullying and online grooming - helping to protect against the risks | Self-regulatory principles for multi-site data | Metaphors and norms - Understanding copyright law in a digital society | Raising the bar - 2011 TMT global security study - key findings | NIST Cloud computing standards roadmap - Version 1.0 | NHS breaches of data protection law - How patient confidentiality was compromised five times every week]
Proposal for a regulation of the European Parliament and of the Council by the European Commission.
From 1. Context of the proposal:
"This explanatory memorandum presents in further detail the Commission’s approach to a new legal framework for the protection of personal data in the EU [...]. The proposed new legal framework consists of two legislative proposals:
a proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), and
a proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (General Data Protection Regulation) (Police and Criminal Justice Data Protection Directive).
This explanatory memorandum concerns this first legislative proposal for a General Data Protection Regulation."
European Commission: [...] on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (PDF)
[Open link in this window | Open link in new window]
HawkTalk: Draft data protection regulation leaked; doubtful whether it will get enacted in this form
[Open link in this window | Open link in new window]
Inside Privacy: Draft EU data protection regulation leaked
[Open link in this window | Open link in new window]
ZDNet: European data protection law proposals revealed
[Open link in this window | Open link in new window]
HL: Details of EU data protection reform reveal dramatic proposed changes
[Open link in this window | Open link in new window]
Out-law.com: New data protection board to co-ordinate EU-wide enforcement, says commissioner
[Open link in this window | Open link in new window]
Out-law.com: Draft proposals for new data protection regime include 'draconian provisions', expert says
[Open link in this window | Open link in new window]
The Register: EC data protection proposals could open up Zuck's 'social graph'
[Open link in this window | Open link in new window]
Data Protector: Save us from a secretive Data Protection Board
[Open link in this window | Open link in new window]
Data Protector: How do the Commission's proposals square with its Impact Assessment?
[Open link in this window | Open link in new window]
FrankWatching: Gelekte EU privacywet heeft grote gevolgen voor marketing
[Open link in this window | Open link in new window]
Epic.org: EU Justice Minister warns US on "self regulation," draft European privacy law now available
[Open link in this window | Open link in new window]
A proposal for a directive of the European Parliament and of the Council.
From 1. Context of the proposal:
"This explanatory memorandum presents in further detail the Commission’s approach to a new legal framework for the protection of personal data in the EU […]. The proposed new legal framework consists of two legislative proposals:
a proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and
a proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (General Data Protection Regulation) (Police and Criminal Justice Data Protection Directive).
This explanatory memorandum concerns that second legislative proposal on data protection in the areas of police and criminal justice."
European Commission: "Police and criminal justice data protection directive" (PDF)
[Open link in this window | Open link in new window]
Hawktalk: Draft data protection directive leaked on law enforcement and policing
[Open link in this window | Open link in new window]
A publication by ENISA.
From the document:
"DigiNotar, a digital certificate authority (CA), recently suffered a cyber-attack which led to its bankruptcy. In the attack false certificates were created for hundreds of websites, including Google and Skype. Once the incident was made public, the Dutch government and browser vendors took steps to limit the impact of the attack. But Fox-IT suggests in their investigation report that the cyber-attack had already started in mid-June and that for almost two months false certificates were used to eavesdrop on email and web browsing in Iran. [...] The Diginotar attack was an attack on the foundations of secure electronic communications (email, web browsing, web services). The above-mentioned issues should be addressed by industry and governments, to guarantee the security of service in the digital society."
ENISA: Operation Black Tulip - certificate authorities lose authority (PDF linked from this page)
[Open link in this window | Open link in new window]
Security.nl: "Stilzwijgen DigiNotar bracht miljoenen in gevaar"
[Open link in this window | Open link in new window]
ENISA: Analysis of 'Operation Black Tulip': certificate authorities lose authority
[Open link in this window | Open link in new window]
An opinion by WP29.
From the Conclusions:
"Adherence to the EASA/IAB Code on online behavioural advertising and participation in the website www.youronlinechoices.eu does not result in compliance with the current e-Privacy Directive. Moreover, the Code and the website create the wrong presumption that it is possible to choose not be tracked while surfing the Web. This wrong presumption can be damaging to users but also to the industry if they believe that by applying the Code they meet the requirements of the Directive."
WP29: [O]n EASA/IAB best practice recommendation on online behavioural advertising (PDF)
[Open link in this window | Open link in new window]
Internetrecht: "Volg-me-nietregister voldoet niet aan nieuwe privacywet"
[Open link in this window | Open link in new window]
HL: Article 29 Working Party rebuffs European OBA industry again
[Open link in this window | Open link in new window]
A report by McAfee Labs.
From the report:
"There is a concept in science and engineering referred to as the signal-to-noise ratio. Without getting too geeky, it is defined as the ratio of signal power to noise power, essentially comparing the level of desired signal to the level of background noise. Informally, it often refers to the ratio of useful information to false, useless, or irrelevant information. Did we say irrelevant and often useless information? Welcome to the world of information security. We have tons of noise that obfuscates the desired signals we need to hear. [...] One thing is certain: 2011 continues to be a year of change, challenge, and chaos in information security."
McAfee Labs: McAfee Threats report - third quarter 2011 (PDF)
[Open link in this window | Open link in new window]
Security.nl: Apple verliest interesse cybercriminelen
[Open link in this window | Open link in new window]
A report by EMC.
From the press release:
"74% of organisations are not very confident that they can fully recover after a disaster, according to a new survey of 1,750 European companies; 54% surveyed have lost data and/or suffered systems downtime in the last year; 61% report hardware failure as the primary cause of data loss and downtime; natural disasters and employee sabotage being much less likely culprits; 43% of organisations cite loss of employee productivity as the single biggest economic impact; 28% point to lost revenue as a result of a disaster; 40% of organisations still use tape for recovery and 80% of these organisations want to replace tape all together, highlighting the need for next generation backup and recovery"
EMC: European disaster recovery survey 2011 (PDF)
[Open link in this window | Open link in new window]
EMC: EMC presents the European disaster recovery survey 2011
[Open link in this window | Open link in new window]
EMC: Three quarters of European businesses might not recover from a disaster
[Open link in this window | Open link in new window]
AG: 'Driekwart van Europese bedrijven overleeft ramp niet'
[Open link in this window | Open link in new window]
A report by ENISA.
From the Final report's Executive summary:
"ENISA undertook the task of developing a scenario identifying the risks, threats and vulnerabilities particularly regarding privacy and trust issues of a set of technologies grouped around the trend known as ‘Life-logging’. [...] It is has become quite a profitable market and it is increasingly popular among citizens alongside social networking applications, in some cases also used by the governments. It has also started to gather much attention from analysts, considering various aspects of its development. It thus presented an interesting case for ENISA to explore how information security related risks regarding the life-logging environment actually have serious connotations on privacy, economy and society, or even on people’s psychology. Our analysis goes to show how all these aspects are highly interrelated, and should be examined together."
ENISA: Life-logging risk assessment (links to PDF versions of the report and the appendices)
[Open link in this window | Open link in new window]
ENISA: Life-logging & online personal data; the effects on privacy, economy, society & people's psychology; in new report; "To log or not to log?"
[Open link in this window | Open link in new window]
A report by ENISA.
From the Executive Summary:
"Although the issue of children’s exposure to internet risks has been addressed in great depth by many organisations (also during the generation of this report), we have performed this risk assessment in order to point out emerging risks and issue non-technical recommendations for their mitigation. Thus, we believe that the findings of this assessment will help in triggering further activities at various levels of society, while contributing to the necessary awareness of the online protection of minors."
ENISA: Cyber-bullying and online grooming - helping to protect against the risks (PDF)
[Open link in this window | Open link in new window]
The Register: EU advisors - tighter web privacy will stamp out bullies
[Open link in this window | Open link in new window]
Europa Nu: ENISA doet 18 voorstellen voor aanpak cyberpesten en online kinderlokken (en)
[Open link in this window | Open link in new window]
ENISA: New report - Cyber bullying & online grooming - 18 protective recommendations against key risks
[Open link in this window | Open link in new window]
A report by Amanda Lenhart, Mary Madden, Aaron Smith, Kristen Purcell, Kathryn Zickuhr, Lee Rainie.
From the Summary of findings:
"In our survey, we follow teens’ experiences of online cruelty – either personally felt or observed – from incident to resolution. We asked them about how they reacted to the experience and how they saw others react. We asked them about whether they have received and where they sought advice – both general advice about online safety and responsibility and specific advice on how to handle a witnessed experience of online cruelty on a social network site. We also probed the environment around teens’ online experiences by examining their privacy controls and practices, as well as the level of regulation of their online environment by their parents. We further sought insight into more serious experiences that teens have in their lives, including bullying both on- and offline and the exchange of sexually charged digital images."
Amanda Lenhart, Mary Madden, Aaron Smith, Kristen Purcell, Kathryn Zickuhr, Lee Rainie: Teens, kindness and cruelty on social network sites (PDF)
[Open link in this window | Open link in new window]
Pew Internet: Teens, kindness and cruelty on social network sites
[Open link in this window | Open link in new window]
Ars Technica: Teens on Facebook - mostly kind, but cruelty is still a problem
[Open link in this window | Open link in new window]
A document by the Digital Advertising Alliance.
From the introduction:
"These Self-Regulatory Principles for Multi-Site Data augment the Digital Advertising Alliance ('DAA') Self Regulatory Principles for Online Behavioral Advertising ('OBA Principles') by covering the prospective collection of Web site data beyond that collected for Online Behavioral Advertising. [...] These Multi-Site Data Principles extend beyond collection of data for OBA purposes and apply to all data collected from a particular computer or device regarding Web viewing over time and across non-Affiliate Web sites."
Digital Advertising Alliance: Self-regulatory principles for multi-site data (PDF)
[Open link in this window | Open link in new window]
MediaPost: New self-regulatory principles impose limits on tracking
[Open link in this window | Open link in new window]
An online book by Stefan Larsson.
From the Foreword:
"With metaphors we choose some aspects over others in order to represent a phenomenon. Nevertheless, in simple terms, how we conceptualise reality in a way also shapes reality. This is a fact that is very much relevant, not only to how the law is perceived, but also to how the law on copyright regulation is observed and enforced, and to how social norms emerge and persist. Although we cannot escape the use of metaphor (for our abstract concepts) we can sometimes make a conscious choice, in order to achieve a certain effect or to steer a debate in a certain direction. For example, you can choose to speak of 'file sharing' or of 'piracy', describe it as 'copying' or 'theft' or, to take an example from a different topic, try to gain argumentative advantage by either labelling the prohibition of abortion as 'pro-life' or its legalisation as 'pro-choice'. The particular metaphor used will shape how the debate is perceived and conceptually framed, regardless of the fact that they are different ways of conceptualising the same issue."
Stefan Larsson: Metaphors and norms - Understanding copyright law in a digital society (PDF)
[Open link in this window | Open link in new window]
Techdirt: Misleading metaphors that drive the war on online sharing
[Open link in this window | Open link in new window]
A report by Deloitte.
From 'Foreword and summary':
"This year’s study shows [Technology, Media & Telecommunications (TMT)] organizations generally holding steady on their information security activities, budgets, governance, and reporting. Although steady is better than declining, this level of investment and effort is not nearly enough to stay on top of the rising challenges. [...] Information security has become a top of mind issue for the public, media and government, and has found its way into the board room. Media coverage of security and privacy issues has exploded – fanned by growing concerns and interest from the public. Governments all around the world are stepping up their regulatory efforts to protect their citizens; in fact, this year’s survey found that compliance with information security regulations and legislation has become the top information security initiative. But compliance is just a starting point. Now that the public and media are starting to recognize the critical impact of security and privacy, information security has become a key differentiator in the marketplace – and should be treated as a strategic priority."
Deloitte: Raising the bar - 2011 TMT global security study - key findings (PDF)
[Open link in this window | Open link in new window]
Deloitte: Raising the bar - 2011 TMT global security study - key findings
[Open link in this window | Open link in new window]
Deloitte: Deloitte study finds companies' approach to information security is failing
[Open link in this window | Open link in new window]
Accountant.nl: Deloitte - Aanpak informatiebeveiliging ontoereikend
[Open link in this window | Open link in new window]
AG: Third parties in cloud genieten weinig vertrouwen
[Open link in this window | Open link in new window]
Computable: 'Bedrijven doen te weinig met security'
[Open link in this window | Open link in new window]
AG: Het opvallendste nieuws volgens Hermen van der Lugt
[Open link in this window | Open link in new window]
A draft document by the NIST Cloud Computing Standards Roadmap Working Group.
From the Executive Summary:
"The NIST Cloud Computing Standards Roadmap Working Group has surveyed the existing standards landscape for security, portability, and interoperability standards/models/studies/use cases, etc., relevant to cloud computing. Using this available information, current standards, standards gaps, and standardization priorities are identified in this document."
NIST Cloud Computing Standards Roadmap Working Group: NIST Cloud computing standards roadmap - Version 1.0 (PDF)
[Open link in this window | Open link in new window]
NIST: NIST-SP 500-291, NIST Cloud computing standards roadmap
[Open link in this window | Open link in new window]
NIST: NIST releases draft cloud computing technology roadmap for comments
[Open link in this window | Open link in new window]
NIST: NIST cloud computing program
[Open link in this window | Open link in new window]
Inside Privacy: NIST releases draft roadmap for the U.S. government's implementation of cloud technology
[Open link in this window | Open link in new window]
A report by Big Brother Watch.
From the 'Main findings':
"We received at least partial responses to our Freedom of Information Act request from 350 Trusts, indicating that there have been no fewer than 806 breaches of data protection policy at 152 NHS Trusts in the UK. This is an average of just over 268 cases per year, significantly higher than the total number of breaches reported by the Information Commissioners Office. From these incidents, we have seen that the frequency, scale and scope of these breaches in data protection are of great concern. This report highlights how frequent breaches of data protection take place and the severity of the incidents disclosed, and the lack of public awareness about many of the breaches."
Big Brother Watch: NHS breaches of data protection law - How patient confidentiality was compromised five times every week (PDF)
[Open link in this window | Open link in new window]
Big Brother Watch: Appendix 1 - The list by region and local Authority of incidents where personal data was lost (PDF)
[Open link in this window | Open link in new window]
Big Brother Watch: NHS patient confidentiality breached 5 times every week
[Open link in this window | Open link in new window]
BBC News: Personal data 'lost by 132 councils'
[Open link in this window | Open link in new window]
The Register: Councils 'fessed up to just 55 of 1,035 data loss shockers
[Open link in this window | Open link in new window]
Data Protector: The BBW data breach report - a tsunami of trivia
[Open link in this window | Open link in new window]
Out-law.com: Local authorities report more than 1000 personal data breaches in last three years
[Open link in this window | Open link in new window]