http://www.bcs.org/server.php?show=nav.10666
Personal data guardianship code
Every organisation which handles personal data should have in place specific rules and procedures that protect the rights of data subjects.
This Personal Data Guardianship Code is intended to help organisations and the people in them who handle personal data understand their individual responsibilities.
It aims to promote best practice and provide 'common sense' guidance, in the same way that the Highway Code provides guidance to motorists to enable them to drive safely for the benefit of both themselves and other road users.
This is a code of good practice that encompasses discharging your legal duties.
Personal Data Guardianship Code - PDF version (2.4 Mb)
This works for my statistics and security students!
http://www.pogowasright.org/article.php?story=20090601151413913
Predicting data breaches: Must love logarithms
Monday, June 01 2009 @ 03:14 PM EDT Contributed by: PrivacyNews
Over on Finblog, Paul Penrose provides a nice summary of a study by Voltage Security:
"Fourteen data breaches will, over the next year, each expose one million or more records to potential use by criminals. And, at least one breach of over 10 million records will affect nearly five percent of the US population.
… Voltage Security's study uses data from OSF's DataLoss DB. In the report itself, they say:
"If the logarithm of the number of records compromised is normally distributed, we can use this model to estimate the chances of data breaches of various sizes happening in the future. This might give us an idea of what we will see in the news over the next few months."
Comment by Dissent:
I am not sure that a logarithm model will be appropriate for predicting future breaches. If organizations were to actually learn lessons from known breaches and decide to not hang onto data forever, remove SSNs, stop storing full credit card numbers, employ more encryption, take databases offline, or otherwise reduce the value of the database, then we might expect to see fewer large breaches rather than more. Similarly, if an attack of a particular kind on a large database is publicized as having been successful in one particular sector, then additional similar attacks on that sector may be more likely. Was it a coincidence that Heartland Payment Systems was compromised during the same relative time period as RBS WorldPay, Symmetrex, and perhaps other as yet unknown processor databases or is there something more systematic about breaches?
But perhaps I misunderstand their model. Math modeling was my least favorite course in grad school, followed closely by ROC curves. In any event, it will be interesting to see how their model works over the next year.
[The Paper: http://www.voltage.com/pdf/Voltage-Data-Breach-Incident-Analysis.pdf
[Interactive map: http://www.voltage.com/solutions/data-breach/
From another interesting blog...
http://ralphlosey.wordpress.com/2009/05/27/sedona-on-quality-a-must-read-commentary/
Sedona on Quality: a Must-Read Commentary
The Sedona Conference® Commentary on Achieving Quality in the E-Discovery Process is a must read for anyone seeking to improve their skills in project management, especially in the core functions of search and review. One of its most important insights is that metrics and statistics are now indispensable tools of discovery. The importance of statistics to the law is actually an old insight that has taken a long time to materialize.
I guess this is the technological equivalent of talking with you children...
http://www.pogowasright.org/article.php?story=20090602051240198
Spyware evidence approved for trial
Tuesday, June 02 2009 @ 05:12 AM EDT Contributed by: PrivacyNews
Intercepted computer communications between a then-Redemptorist High School teacher/coach and a 14-year-old female student can be used by prosecutors, a state judge ruled Monday.
The girl’s mother installed “Tattletale’’ spyware software on her daughter’s computer after suspecting something inappropriate was going on between her daughter and Ray Samuel Clement III.
Source - The Advocate
[From the article:
… (state District Judge Tony) Marabella, who noted that the girl’s mother was very concerned about her minor daughter’s behavior, said the woman did not need her daughter’s consent to place the spyware software on her computer.
Related? Is a government like a mom? Could we depend on governments to use this data as they suggest? If they miss a serial killer are they liable or can that be dismissed as a minor “Oops!”
http://www.pogowasright.org/article.php?story=20090602052734529
NC: City Wants Surveillance Cameras to Record Every License Plate
Tuesday, June 02 2009 @ 05:27 AM EDT Contributed by: PrivacyNews
Police in North Carolina want to build surveillance cameras that would record every car license that passes by and run it through the FBI’s criminal database, alerting authorities in real time if it finds a match.
The system would store license plate numbers for up to a year to provide authorities with historic data should they want to review the data later.
Source - Threat Level
No one ever asks me... Wait, does that mean they are respecting my privacy?
http://www.pogowasright.org/article.php?story=20090602054805656
Google Is Top Tracker of Surfers in Study
Tuesday, June 02 2009 @ 05:48 AM EDT Contributed by: PrivacyNews
When asked about online privacy, most people say they want more information about how they are being tracked and more control over how their personal information is used. Those consumer expectations are rarely in line with the data collection practices of Internet companies, which often collect information about their users not only on their own sites, but also when those users visit other sites across the Web.
Those are some of the central findings of a new privacy study conducted by a group of graduate students at the University of California, Berkeley, which was released late Monday.
Source - New York Times
The richest time for intelligence gathering is during a change of administration (AKA: regime change)
http://www.bespacific.com/mt/archives/021491.html
June 01, 2009
2009 National Intelligence: A Consumer's Guide
nextgov - Bob Brewin posted the link to this 114 page PDF document, 2009 National Intelligence: A Consumer's Guide, and stated that this handbook, "distributed to intelligence professionals, which, among other things, highlights some top-secret networks that until now have been, well, top secret."
Can lawyers be innovative? Apparently, yes! But Auditors can't innovate. No doubt their defense here will be that they certified compliance with the standards and procedures the CISP required – they did not certify CardSystems as “secure.”
http://www.wired.com/threatlevel/2009/06/auditor_sued/
In Legal First, Data-Breach Suit Targets Auditor
By Kim Zetter Email Author June 2, 2009 12:00 am
When CardSystems Solutions was hacked in 2004 in one of the largest credit card data breaches at the time, it reached for its security auditor’s report.
In theory, CardSystems should have been safe. The industry’s primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems’ auditor, Savvis Inc, had just given them a clean bill of health three months before.
Yet, despite those assurances, 263,000 card numbers were stolen from CardSystems, and nearly 40 million were compromised.
More than four years later, Savvis is being pulled into court in a novel suit that legal experts say could force increased scrutiny on largely self-regulated credit card security practices.
They say the case represents an evolution in data breach litigation and raises increasingly important questions about not only the liability of companies that handle card data but also the liability of third parties that audit and certify the trustworthiness of those companies.
… The case, which appears to be among the first of its kind against a security auditing firm, highlights flaws in the standards that were established by the financial industry to protect consumer bank data. It also exposes the ineffectiveness of an auditing system that was supposed to guarantee that card processors and other businesses complied with the standards.
Microsoft tries to be Google?
http://www.techcrunch.com/2009/05/31/go-bing-yourself-right-now/
Go Bing Yourself, Right Now
by Erick Schonfeld on May 31, 2009
It doesn’t have quite the same ring to it as go Google yourself, but now you can go Bing
yourself. (Then again, Google took a few years to become a verb.). Bing, Microsoft’s latest effort to compete in search, is now live on a “preview” site. The key thing to pay attention to is the guided search assistance on the left and the different experiences for the travel, images, video, maps, news, and shopping tabs.
This has potential. Imagine a mash-up where you could take a picture and merge it with different hair styles, clothes, scenery, etc. You could make your own movies...
http://www.killerstartups.com/Web20/motionportrait-com-e-create-a-3d-face-model
Motionportrait.com/e - Create A 3D Face Model
Wow! That is the only thing I could say after I’ve navigated through this site. This is an innovative website that was created in order to give you a good picture of a new technology with one of the most realistic simulations you have ever seen.
… The way in which the animation moves is truly realistic and natural. In fact, if you are not a very picky observer you will not be sure if what you are seeing is a real person or not.
… This system has a face engine that produces a number of natural facial expressions in order to communicate various emotions.
I just love useful lists...
http://lifehacker.com/5271828/lifehacker-pack-2009-our-list-of-essential-free-windows-downloads
Lifehacker Pack 2009: Our List of Essential Free Windows Downloads
By Kevin Purdy, 4:30 PM on Mon Jun 1 2009
No comments:
Post a Comment