to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID

You Tell Us:

We use SSL Technology for web data entry points:

What is SSL?

Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions


compliance and privacy

Current News Updates

PL&B UK E-news, Issue 43

4 May, 2006
© Privacy Laws & Business 2006

  1. Bogus agency fined £1,000 for offences under the DPA 1998
  2. Information Commissioner publishes guidance on buying and selling databases
  3. Information Commissioner publishes guidance on outsourcing
  4. Information Commissioner publishes guidance on privacy enhancing technologies
  5. Scottish Executive issues identity numbers to pupils
  6. Gibraltar’s Government announces dates for implementation of new data protection law

1. Bogus agency fined £1,000 for offences under the DPA 1998

An agency trading as ‚ÄúThe Data Protection Act Registration Service‚ÄĚ was fined ¬£1,000 by Macclesfield Magistrates in late March for offences under the Data Protection Act 1998. Highpoint Accounting and Consultancy Services Ltd. was fined ¬£400 for failing to notify as a data controller with the Information Commissioner‚Äôs Office (ICO). The company secretary and the company director were also prosecuted for the same offence and fined ¬£300 each as well as costs of almost ¬£600.

Philip Taylor, solicitor at the ICO, said: ‚ÄúFor some time the Information Commissioner has been aware of third parties or ‚Äėbogus agencies‚Äô posing as a legitimate service to make money out the Data Protection Act. In fact it costs just ¬£35 to notify directly with the ICO, and some agencies charge more than four times this amount.‚ÄĚ

For further info, see

2. Information Commissioner publishes guidance on buying and selling databases

The Information Commissioner’s Office published, on April 6th new guidance to help businesses comply with the Data Protection Act 1998 when buying and selling customer databases. The advice is part of a series of good practice notes aimed at making data protection simpler.

Dave Evans, Senior Guidance and Promotion Manager, said: ‚ÄúThis good practice note will help businesses understand what they need to do to ensure that personal information on databases is sufficiently protected.‚ÄĚ

The Data Protection Act does not prevent a database with details of customers being sold, when a company is insolvent, being sold, or closing down - provided certain requirements are met. The good practice note clarifies these requirements

To download a copy, go to

3. Information Commissioner publishes guidance on outsourcing

Following requests for clarification on outsourcing by companies and individuals concerned about their privacy, the Information Commissioner’s Office has issued guidance on how to comply with data protection rules when outsourcing the processing of personal information. The guidance stresses that when an organisation outsources the processing of personal information, it retains liability for the security and accuracy of personal data. Deputy Commissioner David Smith said: “Companies considering outsourcing must ensure that they choose companies that can be relied upon to take proper care of the personal information they are entrusted with. Further, they should put in place mechanisms so that when the personal information has been outsourced, they can check that it is being properly looked after.

For a copy of the good practice note, see

4. Information Commissioner publishes guidance on privacy enhancing technologies

The Information Commissioner’s Office has recently published guidance which aims to bring to a wider audience the use of privacy enhancing technologies (PETs). The ICO considers that the term PET includes any technology which is designed to protect or enhance the privacy of an individual. Deputy Commissioner David Smith sums up the importance of such technologies as follows: “Privacy enhancing technologies can help protect individuals’ privacy as well as give individuals greater powers and control over information held about them. But the technologies can be a winning strategy for the businesses which install them. They help reduced the risks of privacy breaches and the significant costs associated with them at the same time as building trust among customers and clients."

For further details see

5. Scottish Executive issues identity numbers to pupils

The Scottish Executive has issued a unique pupil identifier to all publicly funded secondary schools in Scotland. The Scottish Candidate Number (SCN) is designed to allow pupil records to be shared between schools and local authorities. The unique identity number is hoped to improve data sharing and help to monitor a child’s progress. Deputy Education Minister, Robert Brown, said: “Child protection is of the utmost importance, so it’s extremely important that key pupil information can be shared quickly and effectively between authorities."


6. Gibraltar’s Government announces dates for implementation of new data protection law

On April 6 the Gibraltar Press Office announced a staged implementation of the 2004 Data Protection Ordinance. Seminars for businesses, government departments and the public, promoting awareness of the new data protection law, were held earlier this year. From April 13 2006, personal data contained in criminal intelligence and for customs co-operation may be transferred to other European countries under the terms of the Schengen Convention. Other aspects of the Ordinance 2004 will come into operation on June 1, although personal data contained in manual records will not be affected until September 1 2006 when the Ordinance comes into full effect.

By Kevin Broadfoot. A longer report will be published in the May edition of the UK PL&B newsletter.


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.