Compliance Archive
The ICO (Information Commissioner’s Office) has, for the first time, issued the maximum fine permissible – £500,000 – to Equifax Ltd in response to a breach of the DPA (Data Protection Act) 1998. The investigation into the September 2017 breach, …
IT Governance and group companies have been independently audited against the requirements of BS10012 and recommended for certification. As we were already GDPR compliant, and already had a mature management system that integrates the requirements of ISO/IEC 27001 and ISO …
I’ve talked, for some years, about the disconnect between managements stating that cyber security is on their agenda, or under control, and the rapidly rising number of data breaches, as reported in multiple surveys and reports, as well as increasingly …
The United States regualtor, the SEC, recently updated its guidance on disclosure of company information on websites and blogs to include use of social media outlets like Facebook and Twitter – and not just for social commentary, but to make public announcements …
Bring Your Own Device (BYOD) brings enormous potential benefits for organisations that adopt it, as well as for their employees. It also brings significant commercial and regulatory risks. In this post, I want to applaud the UK’s Information Commissioner for …
According to a survey of 405 U.S. investors, “more than 70% of investors are interested in reviewing public company cyber security practices and almost 80% would likely not consider investing in a company with a history of attacks.” I don’t believe …
South Africa was the world’s first country to mandate – in its corporate governance code, King III – the corporate governance of IT as a board responsibility. South Africa continues to blaze the corporate governance trail, having recently mandated implementation, throughout national, provincial …
I’ve argued, for some time, that laptop and mobile device encryption should be an absolutely standard security measure – mobile devices will get lost or stolen, and boot disk encryption is the only realistic way of protecting against the risk …
Alan Calder
December 7, 2011
Business and the Economy, Compliance, Cyber Security, Data Breaches, Data Protection, ISO 27001, ISO 27002 (ISO 17999), IT Governance, IT Security, White Collar Crime
While the UK cyber security strategy, published last week, is full of good stuff, it is lacking in one key area: compulsion. My view on this was quite widely reported last week: if UK organisations won’t take adequate action to protect …
Another day, another (damning) survey. A recent report from Big Brother Watch “uncovered more than 1000 incidents across 132 local authorities, including at least 35 councils who have lost information about children and those in care. Highly confidential information has …