Rina Steenkamp - Privacy and technology
[Draft report on the proposal for a [General Data Protection Regulation] | Government response to Justice Select Committee's opinion on the European Union Data Protection framework proposals | Fighting cyber crime and protecting privacy in the cloud | How the Nokia Browser decrypts SSL traffic - a "man in the client" | Finding a strategic voice - Insights from the 2012 IBM Chief Information Security Officer Assessment | Global risks 2013 | Third annual benchmark study on patient privacy and data security | Payment card fraud in the European Union | ENISA Threat landscape | Consumerization of IT - Risk mitigation strategies | Privacy on the go - recommendations for the mobile ecosystem | Defence and cyber-security ]
A publication by the European Parliament - Committee on Civil Liberties, Justice and Home Affairs.
From the Summary:
"The rapporteur supports the aim of strengthening the right to the protection of personal data, while ensuring a unified legal framework and reducing administrative burdens for data controllers. He proposes to limit the role of the Commission in the implementation to the minimum necessary, by clarifying essential elements in the text of the regulation itself and leaving practical implementation to the cooperation mechanism of data protection authorities. He proposes to emphasise further the use of technological measures for protecting personal data and ensuring compliance, combined with incentives for data controllers when using such measures. In line with the accountability approach, the role of corporate data protection officers is strengthened, while the need for prior consultation of the supervisory authorities is reduced. Union Institutions, bodies and agencies should be brought under the same regulatory framework in the mid-term. If these elements can be supported by Parliament, Council and Commission, the new legal framework for data protection will provide an improvement both for individuals and for data controllers, and will be future-proof for the coming years."
European Parliament - Committee on Civil Liberties, Justice and Home Affairs: Draft report on the proposal for a [General Data Protection Regulation] (PDF)
[Open link in this window | Open link in new window]
See also:
A publication by the UK Ministry of Justice.
From 'Arguments for and against a Regulation':
"Bringing EU data protection legislation up-to-date is necessary and could provide benefits to both individuals and businesses. Many of these benefits are only attainable if there is effective harmonisation of laws across Member States, and therefore we can understand why the European Commission decided that a Regulation was the correct instrument to achieve their objective. However, by setting out prescriptive rules there is no flexibility to adjust to individual circumstances."
Ministry of Justice: Government response to Justice Select Committee's opinion on the European Union Data Protection framework proposals (PDF)
[Open link in this window | Open link in new window]
See also:
A study requested by the European Parliament - Committee on Civil Liberties, Justice and Home Affairs.
From the Executive Summary:
"While cloud computing is not a new technology per se and has been developed and marketed primarily for profit-driven purposes, the growing reliance on its infrastructures and services poses a series of challenges for EU strategies and policies. This study addresses these challenges, examining the current EU framework in the field and highlighting the legal aspects in relation to the right to data protection, the issue of jurisdiction, responsibility and the regulation of data transfers to third countries."
European Parliament - Committee on Civil Liberties, Justice and Home Affairs: Fighting cyber crime and protecting privacy in the cloud (PDF)
[Open link in this window | Open link in new window]
See also:
A blog post by Steve Schultze.
From the blog post:
"Nokia is decrypting SSL traffic in their proxy servers. This is not disclosed in their privacy policy, and the somewhat vague assurance of things being done 'in a secure manner' is not entirely comforting."
Steve Schultze: How the Nokia Browser decrypts SSL traffic - a "man in the client"
[Open link in this window | Open link in new window]
See also:
A report by IBM.
From 'About this study':
"To obtain a global snapshot of security leaders’ strategies and approaches, the IBM Center for Applied Insights conducted double-blind interviews with 138 security leaders–the IT and line-of-business executives responsible for information security in their enterprises. Some of these leaders carried the title of Chief Information Security Officer (CISO), but given the diversity of organizational structures, many did not. The Center supplemented this quantitative research through in-depth conversations with 25 information security leaders. Participation spanned a broad range of industries and seven different countries. Nearly 20 percent of the respondents lead information security in enterprises with more than 10,000 employees; 55 percent are in enterprises with 1,000 to 9,999 employees."
IBM: Finding a strategic voice - Insights from the 2012 IBM Chief Information Security Officer Assessment (PDF linked from this page)
[Open link in this window | Open link in new window]
See also:
A report by the World Economic Forum.
From the Executive Summary:
"In 1938, thousands of Americans confused a radio adaptation of the H.G. Wells novel The War of the Worlds with an official news broadcast and panicked, in the belief that the United States had been invaded by Martians. Is it possible that the Internet could be the source of a comparable wave of panic, but with severe geopolitical consequences?"
World Economic Forum: Global risks 2013 (PDF linked from this page)
[Open link in this window | Open link in new window]
See also:
A study by Ponemon Institute LLC.
From 'Key research findings':
"Ninety-four percent of healthcare organizations in this study have had at least one data breach in the past two years. However, 45 percent report that they have had more than five incidents. In 2010, only 29 percent reported that their organization had more than 5. This suggests the importance of determining the cause of the breach and what steps need to be taken to address areas potentially vulnerable to future incidents. [...] The primary cause of breaches in this study is a lost or stolen computing device (46 percent), which can be attributed in many cases to employee carelessness. This is followed by employee mistakes or unintentional actions (42 percent), and third-party snafus (42 percent). A major challenge for IT security is the increase in criminal attacks, which has seen an increase from 20 percent in 2010 to 33 percent this year."
Ponemon Institute LLC: Third annual benchmark study on patient privacy and data security (PDF)
[Open link in this window | Open link in new window]
See also:
A situation report by Europol.
From '1. Key judgments':
"The criminal market of payment card fraud (PCF) within the European Union (EU) is dominated by well structured and globally active organised crime groups (OCGs). Criminal networks have managed to affect non-cash payments in the EU to the extent that protection measures are very expensive and need to be implemented on a global level. Consequently, the use of payment cards can be inconvenient and no longer fully secure for EU cardholders."
Europol: Payment card fraud in the European Union (PDF linked from this page)
[Open link in this window | Open link in new window]
See also:
A report by Louis Marinos and Andreas Sfakianakis.
From the web page:
"The ENISA Threat Landscape provides an overview of threats, together with current and emerging trends. It is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends. Over 140 recent reports from security industry, networks of excellence, standardisation bodies and other independent institutes have been analysed."
Louis Marinos and Andreas Sfakianakis: ENISA Threat landscape (PDF linked from this page)
[Open link in this window | Open link in new window]
See also:
A report by ENISA.
From '1. Executive Summary':
"This report presents security policies that can be deployed to mitigate risks that are related with the trend of Consumerization of IT (COIT) and Bring Your Own Device (BYOD). This report is a follow-up to the ENISA report entitled “Consumerization of IT: Top Risks and Opportunities. Responding to the Evolving Threat Environment [Deliverable – 2012-09-28]”. The aim of this document is to identify mitigation strategies, policies and controls for the risks identified in this area."
ENISA: Consumerization of IT - Risk mitigation strategies (PDF linked from this page)
[Open link in this window | Open link in new window]
See also:
OMS Kamala D. Harris, Attorney General, California Department of Justice.
From the Executive Summary:
"As part of a larger initiative aimed at improving privacy protections in the mobile sphere, the California Attorney General began by forging an agreement with the major app platform companies: Amazon, Apple, Google, Hewlett-Packard, Microsoft, Research In Motion, and later Facebook. These app platform companies agreed to principles designed to improve privacy protections in the mobile environment and to bring the industry in line with California law requiring mobile apps that collect personal information to have a privacy policy. The principles include making an app’s privacy policy available to consumers on the app platform, before they download the app."
Kamala D. Harris, Attorney General, California Department of Justice: Privacy on the go - recommendations for the mobile ecosystem (PDF)
[Open link in this window | Open link in new window]
See also:
A report by the House of Commons - Defence Committee.
From 'Conclusions and recommendations':
"The cyber threat is, like some other emerging threats, one which has the capacity to evolve with almost unimaginable speed and with serious consequences for the nation's security. The Government needs to put in place - as it has not yet done - mechanisms, people, education, skills, thinking and policies which take into account both the opportunities and the vulnerabilities which cyber presents. It is time the Government approached this subject with vigour."
House of Commons - Defence Committee: Defence and cyber-security
[Open link in this window | Open link in new window]
See also: