Archive
Ghana takes first steps towards Data Protection Legislation…
This week Ghana News reported some sweeping changes proposed in the countries telephony infrastructure, designed to reduce fraud and increase the revenue contribution to the Ghana budget. There has been some talk in the past re Ghana adopting legislation along the lines of the UK Data Protection Act, but this is one of the first clear indications of sponsorship at a ministerial level.
The Minister (Mr. Haruna Iddrisu, the Minister of Communications) also said plans were afoot for a number of supplementary legislations including data protection/privacy, cyber security legislation, intellectual property legislation, and e-transaction regulations.
Jamaica passes CyberCrime Bill..
This week (18th December 2009) Jamaica moved its Cyber Crime bill into law making it possible to prosecute hackers and people who use nefarious popups to collect personal data. The Jamaica Observer reports-
The Bill, which was passed with eight amendments, will see persons convicted of breaches facing a maximum sentence of 10 years’ imprisonment and a minimum of two years; or slapped with fines ranging from between $2 million and $5 million. Read more…
Personal Data Breach Compensation Suit Thrown Out In Missouri..
A knock to the campaign to ensure companies take better care of our personal data occurred this when when John Amburgy lost his case against Express Scripts in Missouri, USA.
John alleged that he had spent significant time and effort in protecting
his identity following Express Scripts’ breach back in October 2008. They offered free credit report monitoring services to the people who’s PII/PHI they lost, but only to those who proved they had been victims of identity theft.
Yes, it seems you have to be a victim of identity theft because of Express Scripts breach before Express Scripts will offer you help in protecting and monitoring your identity… Read more…
European Data Protection Law a possibility?
The Register recently reported that the European Commission is considering passing EU-wide laws on data breach notification, along the lines of those in place in the USA already. Viviane Reding, the Information Security Commissioner said
The Telecoms Reform has put the issue of mandatory notification of personal data breaches firmly on the European Policy agenda.
The committee formed from Europe’s national data protection watchdogs (The Article 29 Working Party) has apparently also backed the idea. Read more…
Repeat Data Loss Offenders…
I was doing some data mining this week on the excellent DataLossDB.com site and it occurred to me to dig a little deeper into where the risky places to give your PII/PHI to are. I was hoping to find that some segments are cleaning up their act, but it seems not. The fact we’re seeing multiple entries by people could have two possible meanings: Read more…
Updates to the Map of Crypto Law.
Google Map of International Crypto Law
There have been a few updates to the famous map of crypto laws lately, for those new to the map, or who have forgotten it I’ve linked the picture above to it.
Fell free to mail me with corrections and additions.
H.R 2221 – The Federal Data Accountability and Trust Act
This week I’ve been working my way through H.R 2221 – the “Data Accountability and Trust Act” . This proposed legislation is making its way through the Committee on Energy and Commerce at the moment, and if passed, will rationalize data protection legislation across the USA at a federal level. Read more…
Missouri’s new Data Protection Disclosure Law.
Although maybe unnoticed, a month ago Missouri finally joined that heady club called “States which have Data Privacy Laws”.
On 28th August, the “Missouri Data Breach Notification Law”, or House Bill 62 took effect, not protecting, but at least enforcing care and attention of residents personal information (Social Security Numbers, Driver’s Licence Numbers, and information which could be used to access a residents financial accounts). Note I use the word “resident”, because, as with the other 47 or so State laws, this one applies to the Residents of Missouri, not to the businesses. If you have Missouri resident information in your datacenter in Tinbuktoo, you are still required (under civil and actual damages) to comply. Read more…
Speaking at GTC East: The New York Digital Government Summit
For those in the Federal space, I’ll be presenting practical data protection measures at GTC New York next week on the 23rd, in Albany. You can find out more about the GTC Conference from their web site, but it promises to be a packed day, with great speakers like Gene Kranz (Former Director, Mission Operations, NASA), Mark Allen (6-Time World Champion, Ironman Triathlon), and of course yours truly.
The conference also has a training track where you can swot up on the latest technologies and methodologies in topics as diverse as applying for grants, Rapid Application Development, and Project Managment to name only three.
Privacy By Design, Madrid 2009
Privacy By Design
For those interested in the “big picture” of privacy and technology, I’ll be at the PbD conference in Madrid this year, 2nd November, talking about privacy enabling technologies such as data protection, identity protection etc. You can get details about the conference from the PbD website, which is being run just ahead of this years 31st International Conference of Data Protection and Privacy.
Privacy by Design is a concept promoted by Ann Cavoukian, Ph.D, Information & Privacy Commissioner Ontario, Canada which aims to promote the idea of systems and processes built with privacy in mind, rather than retrofitted afterwards. I encourage all readers to browse her site which is quite informative, and gives you perhaps a “bigger picture” view than IT alone.
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments