Categories
Articles

ICC Cookie Guide

The International Chamber of Commerce has published a Guide to cookies to help businesses comply with the legislation and individuals understand what is being done with their data. Rather than concentrating on the legal issues, the guide aims to develop a common terminology for different types of cookie use, which should help to increase users’ […]

Categories
Articles

Shiny New Legislation

I was recently struck by just how new most of the legislation creating duties for operators of electronic communications network is. Compared to the Computer Misuse Act, which has only had one amendment since 1990, these laws seem to be changing a lot faster: Data Retention (EC Directive) Regulations 2009 – with a significant update […]

Categories
Articles

How to think about privacy

I’ve been pointed to an interesting article by Alexis Madrigal about the work of Helen Nissenbaum, an American philosopher who has been looking at what “privacy” actually means, and what sort of things cause us to feel that our privacy has been invaded. A lot of discussion (and most of EU data protection law) assumes […]

Categories
Articles

Government CERTs and Information Sharing

I’ve had three discussions in two days about whether Government CERTs are different from others, which makes it a FAQ! It seems to me that legislation may be heading that way, and that that could create a potential problem for sharing information. Most CERTs act in the interests of a particular, reasonably well-defined, constituency. However […]

Categories
Articles

Botnet cleanup efforts by German ISPs

I had an interesting discussion last week with Thorsten Kraft of the German ISP association, eco, on how German network providers cooperate to help reduce the number of their users’ PCs that are infected with malware. The UK Government has recently added this as an aim in our national Cyber Security Strategy so the German […]

Categories
Publications

Privacy and Incident Response

At a meeting of TERENA’s CSIRT Task Force last week, I presented an updated version of my paper on Privacy and Incident Response. Responding effectively to incidents is essential to protect the privacy and other rights of individuals and organisations that use the Internet: compromises, phishing, etc. clearly infringe those rights. However incident response may […]

Categories
Articles

Cookies: More information, and a demonstration

With a new law on obtaining consent for cookies coming into force today, the Information Commissioner has published details of how the ICO’s own site has been updated to comply. There appear to be three main changes: A lot more information on the privacy statement about the names and purposes of each cookie, and how […]

Categories
Articles

Access Management can replace walls :-)

I was interested to see both “Shibboleth” and “Athens” being mentioned in a consultation on extending the educational use exemption for re-playing recordings of broadcast programmes, sound recordings and films. At the moment sections 35 & 36 of the Copyright, Designs and Patents Act 1988 permit recordings to be re-played as part of teaching in […]

Categories
Articles

Article 29 Working Party hints at new approach to Cloud

The Article 29 Working Party have published an interesting toolbox for Binding Corporate Rules (BCR) for Data Processors. BCRs for Data Controllers have been suggested for some time as a way that large multi-national companies can comply with European Data Protection law. By having its internal rules for handling personal data approved as compliant with […]

Categories
Articles

EC Security Breach Notification

The European Commission, Parliament and Council of Ministers have been discussing revisions to the package of Telecoms Directives for a couple of years, but now seem to be approaching a final conclusion. Once the new Directives are published, member states will have a fixed time period – normally 18 months – in which to implement […]