While much recent debate has focused on failure to establish and comply with data security standards for the use of increasingly leak-risky laptop computers, the search for technical solutions has continued apace. A report on vnunet.com states that Intel and Ericsson have teamed up to help make laptops more secure by ensuring that Ericsson's Mobile Broadband Modules are interoperable with Intel's Anti-Theft PC Protection Technology. This collaboration means that, in the event of a notebook being lost or stolen, the data on the device can be protected, thereby minimising the potential impact of the incident.

This system will let an IT manager send an SMS message to the mobile broadband module inside the notebook, which securely transfers the message to Intel's anti-theft function inside the processor platform, setting off the appropriate action -- usually to lock the device down completely. Similarly, should the … Continue Reading ››
According to IT PRo, a new survey reports that as many as 90% of the UK’s largest city councils cannot guarantee that all sensitive data held on their laptops is encrypted. 40 IT decision-makers working for UK councils were questioned by network solutions provider Telindus. Of those questioned, nearly half said they had responded to recent data leakage incidents by reviewing or rolling out new security technologies to ensure sensitive data held on laptops is protected. However, 43 per cent had no immediate plans to upgrade their data protection.

According to Telindus, the respondents have been relying on password authentication and the diligence of staff to follow security policies that state sensitive data must not be transferred to laptops. Since 92% of respondents confirmed that they enabled their staff to connect to the council network from remote locations, it was apparent that they … Continue Reading ››
With data security breaches continuing to hit the headlines, the Information Commissioner has been given increased enforcement powers and has urged CEOs to take responsibility for data protection compliance by their organisations. The latest proposals from the Government underline the fact that responsibility for companies' compliance now rests at the highest level. The final week of November saw a flurry of important policy developments.

Recent developments

First, the Ministry of Justice ("MoJ") published its "response to the Data Sharing Review Report". That report, conducted by Dr Mark Walport of the Wellcome Trust and the Information Commissioner Richard Thomas, was prompted by the series of major data blunders at the end of last year. The Walport Report's recommendations are relevant to public and private sector organisations and span culture, legal and regulatory changes. The MoJ has endorsed a number of measures to strengthen the data protection regime. The … Continue Reading ››
Scotland on Sunday reports that vulnerable children have been exposed to a serious risk of violence through failure to implement a safe data system. The children at risk are those taken from their abusive or neglectful birth parents for their own safety and given new homes. On at least 12 occasions in the past year, details including their secret addresses were accidentally passed to the very people from whom they were being protected. The Scottish Children's Reporter Administration (SCRA) has issued a full apology; officials privately admit they could face a string of legal claims for substantial damages.

The case files of all children at risk are flagged as such in the SCRA's computer system and have bright red files, to reduce the risk that details could be accidentally released. SCRA officers have since carried out an audit of all cases where children … Continue Reading ››
In a move that has attracted surprise and some criticism, the European Commission is reported to have set up an advisory panel that includes Peter Fleischer (Google global privacy counsel) and David Hoffman (group counsel for eBusiness and privacy, Intel) to help it revise European Union laws on data protection. According to European Commission spokesman Michele Cercone,
"The aim of the group is to identify issues and challenges raised by new technologies. We are not reviewing the main data protection laws at present, but this could be a first step".
He added that the executives in question were chosen in their private capacity, rather than as representatives of their companies. The premise that underlies their invitation is that the EU's data protection laws are very "nineties" and are of decreasing relevance and applicability to the technologies of the 21st century.

Source: PC World
Yesterday the European Data Protection Supervisor (EDPS) gave its verdict on the proposal for a Directive on the application of patients' rights in cross-border healthcare. This proposal seeks to create a Community framework for the provision of cross-border healthcare within the EU when the care patients seek is provided in aMember State other than their own. Such a scheme requires the exchange of personal data relating to the health of patients between authorized organisations and healthcare professionals of different Member States. According to the press release,
"The EDPS welcomes the proposal and supports the initiatives for improving the conditions for cross-border healthcare. He however expresses concerns about the fact that current Community healthcare-related initiatives are not always well co-ordinated with privacy and security considerations -- especially with regard to the use of new information and communication technologies, thus hampering the adoption of a universal data … Continue Reading ››
According to an article on SMEweb, the British Government is stilling failing to help small to medium sized enterprises (SMEs) understand the Data Protection Act nearly 10 years after the law first came into effect. This is the conclusion drawn from recent research, commissioned by Invu and conducted by YouGov. Its findings show one in four British SMEs is unsure or does not believe that it is compliant with the Act. Around 30% of respondents said they did not realise that the Act covers both paper-based documents and not just those held electronically, while just over half did not know that they have to reveal personal data about an individual held in any filing system within that timeframe.