Archive

Archive for the ‘Uncategorized’ Category

6 Essential Tips on How to Prevent Online Shopping Fraud

February 13, 2014 Leave a comment

Dear readers and followers, I would first like to wish you a very Happy New Year, good health and great personal and professional accomplishments.
As some of you have already purchased products/services online (and I would like to invite you to share your experience with us) and some others will have at a some point, I am featuring today Israel Defeo as guest blogger on this common topic: Online shopping.

Shopping online is easy. You get what you want in a matter of seconds. Just input your credit card information and voila, that book or jacket or bag is already on its way to you within 24 hours.

This is why more shoppers are switching to e-stores and e-transactions—e-payments, e-banking—are fast becoming the norm. Convenience is the ultimate game-changer. Plenty of online shops, too, offer discounts and freebies like free delivery or free shipping.
However, the rise in e-transactions has also made online fraud possible. To prevent online shopping fraud from happening to you, here are some easy tips you can follow:

SecureCode_product%20offering

1. Keep your credit details a secret.

Like the famous quote said, “There are things better left unsaid.” That may be true especially if it’s about your credit, debit or other essential information that need to be kept secret.

mobile_shop_2

2. Use caution when using your devices for online shopping.

Because it’s more convenient to shop online using smartphones, tablets, and other mobile devices with internet access, more consumers prefer to use these gadgets than computers and laptops—which are more secure. Beware of using your handheld devices for transactions that carry your personal and credit card information. In case your device is misplaced or lost, you’re at risk of falling victim to fraudsters and scammers who can extract your private information through the lost device.

Facebook-phishing-page

3. Beware of phishing websites.

Have you ever seen items on some websites offered at very low prices? Though it can be tempting to purchase low-priced bargain items, it can also come at great risk to the safety of your credit and personal details.
There are internet criminals who create phishing or fraudulent websites which trick you into signing up and disclosing your private information. Some of these websites duplicate the content and design of legitimate ones to fool shoppers like you into revealing their credit card details. At this point, it may be better for you to let common sense—or your gut feel—rule. If you feel like the price is unbelievable or a deal sounds too good to be true, chances are, it is. Stay away from fishy-looking sites as much as possible to keep from being a victim of identity theft.

Capture

4. Verify if the website is legitimate or not.

Remember, Google is your friend. This search engine can help you find any information you need to get your hands on. Search for the name of the website and see if there’s anything involving “scam” or “fraud” mentioned in blogs, forums or other online sources.

IC86034

5. Don’t click hyperlinks from random emails.

You probably received not just one, not just two, but more emails about offers and discounts about a product or service in your email. Be mindful of clicking links attached to those messages because it may redirect you to fraudulent websites or phishing sites. Also beware of attachments you receive from untrusted sources. These may contain viruses and malwares that may not just harm your electronic devices, but can also swipe information from your units.
Sometimes, web mail servers can filter unreliable messages and put these messages in the Spam folder of your email. So make sure this feature is enabled in your settings.

untitled

6. Beware of bogus sellers lurking in social media sites

Social media sites are also used by small-scale entrepreneurs to market their products and promote their services to a wider audience. It has been an advantage to both sellers and buyers because Facebook, Twitter, Instagram and other social media platforms can be used for easy communication, placing orders, and completing transactions because it allows real-time responses.
However, scammers can easily post photos and create bogus accounts about bogus products or services. So be mindful of the sellers you buy from. If they cannot ship or send the product they promised after a transaction, you may have already been scammed. To avoid this fate, make sure to call up the seller before you even buy anything. If you smell or hear something fishy or that makes your antennae quiver in suspicion, go and search for another seller until you find one you can trust.

So be careful whenever you use your credit card. Follow the tips mentioned above to help you make sure your credit card and credit information are both safe—and to keep online fraud from happening to you.

This guest post is written by Israel Defeo. He is the writer and online promoter of the leading financial comparison website in Hong Kong, Money Hero. The online portal presents up-to-date and unbiased information about insurance companies, credit cards, loans, deposit accounts and broadband and mobile plans.

Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

Privacy versus Data Protection

November 27, 2012 6 comments

Today, E-Crime Expert presents the main similarities and differences between privacy and data protection concepts mainly from two different legislative perspectives:  Canada and the European Union (EU), and briefly from the United States (US).

Also, this blog post provides the main privacy and data protection legislative acts from Canada and EU as a useful resource for those interested or working in this field.

Last but not least, you could find bellow the full EU Data protection revision 2012 package.

I.      US versus EU versus Canada

-The United States (US) and European Union (EU) have different concepts regarding personal information and private data, such as Privacy in the US versus Data Protection in the EU.

US’s approach to privacy focuses on narrowly applicable legislation.

  • sector-based,
  • with a mix of legislation,
  • regulation and self-regulation,
  • focusing on the protection of personal information by specifically addressing a particular industry sector (i.e. medical information, online transactions, credit check, etc)
  • regulating data collected by the federal government

EU has a more comprehensive approach.

  • set of rights and principles for personal data treatment (processing),
  • without considering that the data is held in the public or private sector,
  • protects just natural persons not legal entities
  • the relation between data protection and the economic value as a proper balance between fundamental rights and free flow of information (which has economic value).
  • by granting data protection as a fundamental right, the aim is to protect the individuals but also to encourage the free flow of information, giving data subjects legal certainty and encouraging them to not negatively affect the exchange of information and data

-Canada – similar level of protection to the EU one.

  • Privacy is regulated by the government at the federal and provincial level:
    • The Privacy Act (federal level for private information held by the gov),
    • PIPEDA (federal level for private sector),
    • PIPA (provincial level for private sector, Alberta for example),
    • FOIP (provincial level for public sector, Alberta for example),
    • HIPA (federal level for health information),
    • HIA (provincial level for health information, Alberta for example)
  • The difference between Canada and EU
    • Canada’s legislation regulates both organizations and individuals privacy rights and access
    • EU’s legislation regulates the individuals’ rights (no organizations)
    • Canada gives to the individual the right to access their data or other individuals’ or organizations data along with their privacy protection right under the same Act (The Privacy Act, FOIP)
    • EU gives to the data subject the right to protection of their personal data under one single act (Directive 95) and to access data for public interest under the Transparency Regulation (1049)-no others personal data could be accessed in the private sector (just for law enforcement)
  • Canada enacted different acts for different data categories (private-PIPA, public-FOIP, health-HIA, children-Child, Youth&family enhancement act, etc)
  • EU has the same Legislative Act (e.g. Directive) but with different degrees of protection and limitations based on the data categories sensitivity (identification, medical, criminal, etc).
  • Canada sets forth a minimum time for information retention when EU sets forth a maximum time for data retention
  • in Canada information sharing is done based on Information Sharing Agreements (local, federal, international)
  • in EU the data transfer has three layers of protection for exchange locally within the same institutions, bodies, organizations, between EU member states, or internationally (with third countries).

 II.      Privacy versus data protection

  • The concept of privacy and data protection is not the same.
  • Data protection has a privacy dimension, but it is narrower in scope than the privacy concept, “as the privacy encloses more than personal data” (i.e. private life, private home, private correspondence, etc.)
  • From a different angle, it encloses a wider area, “since personal data are protected not only to enhance the privacy of the subject, but also to guarantee other fundamental rights, such as the right to freedom of expression, or the right to know what data is gathered about you,  to have access to your data, to ask for modification or deletion of your data, etc”
    • Furthermore, data protection gives individuals the right to know
  • What personal data is collected,
  • on what legal grounds,
  • how it is used, for how long it used and kept,
  • and by whom.
    • specifically grants data subjects with the rights to access, modify,   update or ask for deletion of such data

 III.      EU legislative framework

IV.      EU Data protection revision 2012 (to reflect the new technological developments and to provide a consistent legislative framework across EU):

Click here to access the new proposed EU Data Protection regulation

  • It was proposed a Regulation versus the existing Directive. A Regulation is better, as it is immediately and more uniformly implemented into the Member States national law.
  • Data subjects
    • increasing responsibility and accountability – companies would have to notify their clients of any theft or accidental release of personal data
    • clarifying that where someone’s consent is required before a company reuses their personal data, they need to give that consent explicitly – people would also have access to their own private data and be able to transfer it to another service provider more easily
    • reinforcing the ‘right to be forgotten’ – people will be able to have their personal data deleted if a business or other organization has no legitimate reasons for keeping it
    • applying EU rules when personal data is processed outside Europe – people would be able to involve the national data protection authority in their country, even when their data is processed by a company based outside the EU
    • People will have easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). This will improve competition among services
  • Good for business
    • A single set of rules would encourage a more consistent application of the law across the EU. Businesses would have clear rules on how to treat personal data
    • Companies would only have to deal with a single national data protection authority in the EU country where they have their main operations (saving businesses an estimated €2.3bn a year)
    • The obligation of appointment of a data protection officer for organizations with 250 employees and over (private sector
    • Instead of the current obligation of all companies to notify all data protection activities to data protection supervisors – a requirement that has led to unnecessary paperwork and costs businesses €130 million per year, the Regulation provides for increased responsibility and accountability for those processing personal data
    • Companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours)
    • Organisations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. Likewise, people can refer to the data protection authority in their country, even when their data is processed by a company based outside the EU. Wherever consent is required for data to be processed, it is clarified that it has to be given explicitly, rather than assumed
    • EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens
    • Independent national data protection authorities will be strengthened so they can better enforce the EU rules at home. They will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to €1 million or up to 2% of the global annual turnover of a company
  • Better enforcement
    • The new rules would give national data protection authorities powers to enforce the EU rules more rigorously
    • A new Directive will apply general data protection principles and rules for police and judicial cooperation in criminal matters. The rules will apply to both domestic and cross-border transfers of data. For the new Directive click here.
  • Next steps
    • The proposals is aimed to encourage more online commerce by improving consumer trust – contributing to economic growth and job creation. The new Data protection proposed legal framework (Regulation+Directive) must be approved by the European Parliament and Council before becoming law.
  • Commission Proposals on the data protection reform: legislative texts

Source: Directorat General Justice of the European Commission

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

EU Member States’ national Data Protection Laws

December 16, 2011 1 comment

As announced in the last blog post here, E-Crime Expert presents today the National Data Protection Legal Acts of each Member State as required by the implementation of the Directive 95/46. This could be helpful for anyone interested as there are significant differences among the Member States DP national legal frameworks, acquired during their implementation  process of  the Directive 95/46. In this regards, for a company running commercial activities in Belgium, their compliance when processing personal data in Belgium, should be subject to the Belgian DP national Law. The Directive 95/46 has no direct implication or relation to their processing operations in Belgium or in any other member States. This Directive sets forth the general European legal framework with the minimum protection requirements  for the national DP laws implemented by each member State in their own ways. Therefore, for any interested party, company or data subject, it is useful to know which DP Laws particularly applies when running businesses, doing electronic commerce or any other activities that require processing of personal data.

Transposition of the Directive 95/46 requirements into national laws.

Here you can find the national laws of each member state:

Austria

Data Protection Act 2000, Austrian Federal Law Gazette part I No. 165/1999

Belgium

Act of 8 December 1992

Royal Decree

Bulgaria

Personal Data Protection Act

Cyprus

The Processing of Personal Data (Protection of Individuals)
Law 138(I)2001

Czech Republic

Act on Protection of Personal Data (April 2000) No. 101

Denmark

Act on Processing of Personal Data, Act No. 429, May 2000.

Estonia

Personal Data Protection Act of 2003
 

Finland

 Personal Data Act (523/1999)

Act on the amendment of the Personal Data Act (986/2000)

France

Data Protection Act of 1978 (revised in 2004)

Germany

Federal Data Protection Act of 2001

Greece

Law No.2472 on the Protection of Individuals with Regard to the Processing of Personal Data, April 1997.

Hungary

Act LXIII of 1992 on the Protection of Personal Data and the Publicity of Data of Public Interests

Ireland

Data Protection Act 1988.

Data Protection (Amendment) Act 2003.

Italy

Data Protection Code of 2003

Processing of Personal Data Act, January 1997

Latvia

Personal Data Protection Law, March 23, 2000.

Lithuania

Law on Legal Protection of Personal Data (June 1996)

Luxembourg

Law of 2 August 2002 on the Protection of Persons with Regard to the Processing of Personal Data.

Malta

Data Protection Act (Act XXVI of 2001), Amended March 22, 2002, November 15, 2002 and July 15, 2003

The Netherlands

Dutch Personal Data Protection Act 2000

Poland

Act of the Protection of Personal Data (August 1997)

Portugal

Act on the Protection of Personal Data (Law 67/98 of 26 October)

Romania

Law No. 677/2001 for the Protection of Persons concerning the Processing of Personal Data and the Free Circulation of Such Data

Slovakia

Act No. 428 of 3 July 2002 on Personal Data Protection.

Slovenia

Personal Data Protection Act , RS No. 55/99.

Spain

ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data

Sweden

Personal Data Protection Act (1998:204), October 24, 1998

United Kingdom

UK Data Protection Act 1998

Privacy and Electronic Communications (EC Directive) Regulations 2003

E-Crime Expert would like to thank you for reading this Blog and to wish you Merry Christmas and a very Happy New Year! We’ll be back in the first week of January 2012.

Till then, stay safe!

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Data protection Case law in EU: Bodil Lindqvist-part I.

October 31, 2011 4 comments

This month E-Crime Expert is presenting relevant Case law and rulings regarding data protection rights, law applicability and enforcement. Earlier, this blog presented what Social Networking Services and Internet are, how they work, possible risks and the European legal framework regarding privacy and personal data. The purpose of this new series is to show actually how the relevant law should be applied to the Internet and electronic environment in order to properly protect and enforce these fundamental (legal) rights of EU citizens: Privacy and Personal Data protection.

This month’s blog posts will focus on the most relevant rulings of the European Court Of Justice (ECJ) and the European Court of Human Rights (ECHR). Rulings that actually became a new source of EU Law by creating precedents of how the Directives, Regulations, Conventions should be read, applied and enforced within the all 27 EU Member States with regards to privacy and protection of personal data. The case law will balance both the applicability of Data Protection law in the private and public sector, focusing mostly on the Directive 95/46/EC (private sector) and Regulation 45/2001/EC (rights to data protection of individuals working with/for EU Institutions and bodies).

The EU considers privacy and personal data as constitutional rather than consumer protection fields. Privacy and the protection of personal data are fundamental rights, enshrined in law and directly enforceable, with the same status as other fundamental rights such as freedom of expression or freedom of information. It is horizontal in scope, and is not confined to EU citizens, or to consumers, and thus protects all natural persons within the jurisdiction.

The first Case law presented it is the also the first of its kind: “Criminal proceedings against Bodil Lindqvist – Case C-101/01.”

Community Legislation: Directive 95/46/EC

Scope:

–      Publication of personal data on the internet

–       Place of publication

–      Definition of transfer of personal data to third countries

–      Freedom of expression

–      Compatibility with Directive 95/46 of greater protection for personal data under the national legislation of a Member State.

Summary of the case:

Mrs. Bodil Lindqvist worked as a catechist in a parish of Alseda in Sweden.

She took a course in data processing where she learned how to set up websites, to upload their content, and also to manipulate the content of her websites. In late 1998, Mrs. Bodil Lindqvist setup an Internet page, using her home computer . She was the only person having access to the website in terms of uploading, manipulating and updating data.  The purpose of that particular website was to present useful information for future parishioners to get prepared for their confirmation. Her website contained information about herself and private information such as names, family circumstances and telephone numbers of her colleagues from the parish. In one occasion, Mrs. Bodil Lindqvist mentioned on her website how one of her colleagues got an injured leg and for that reason she was working part-time. Also, mentioned on the website was a humoristic approach to describing her colleagues’ hobbies. Mrs. Bodil Lindqvist did not inform her colleagues about the existence of this website and her comments and that their personal contact details were posted, nor did she inform or seek for advice from the Supervisory Authority on data protection in Sweden. When her colleagues found out, they were not happy about their personal contact details and name being posted on this website and also about Mrs. Bodil Lindqvist personal comments referring to them. With that occasion, Mrs. Bodil Lindqvist removed their personal details and contact information from her website. Soon after, the Public Prosecutor, brought prosecution against Mrs. Bodil Lindqvist, regarding her breach of the national Swedish legislation on data protection and privacy as transposed into the national legislation of the Directive 95/46 EC. The prosecution stated that Mrs. Bodil Lindqvist breached the above-mentioned legislation by processing personal data without prior approval from the Swedish Supervisor Authority as stated in the national legislation and in the Directive 95/46/EC. Also, Mrs. Bodil Lindqvist processed sensitive data by mentioning one of her colleagues, which had at that time a broken leg. The public prosecutor made reference to the disclosure of personal medical data without approval. The last allegation was regarding Mrs. Bodil Lindqvist transferring personal data to a third country without having authorization, beside the National Act and the Directive 95/46/EC stipulate this.

After Mrs. Bodil Lindqvist heard this allegations, she accepted the facts, but she refused that she was guilty of any offence.

The District Court fined Mrs. Bodil Lindqvist with 450 EUR, which made her decide to appeal the decision to the Appeal Court.

The Appeal Court decided to hold the procedures and address few questions to the European Court of Justice (ECJ) as the matter in discussion referred to the applicability of the Community Law (Directive 95/46/EC).

Stay tuned for the next post that will describe the 7 questions addressed to the ECJ and the view of ECJ on this matter.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you heard about this Case? Have you heard about other Case that you would like to share with us? What do you think about this Case?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Virtual Data Protection Officer: an alternative?

September 21, 2011 Leave a comment

Recently, E-Crime Expert posted a blog on “What a Data Protection Officer means for an organization”. Further, another blog post presented “How to process personal data in an Organization”.

Employing a data protection professional in an organization could bring significant benefits, such as:

  • Help protect your: business, clients, private information and intellectual property;
  • Maintain clean, correct, up-to-date data;
  • Maintain confidence and trust among employees;
  • Reduces “organization incidents”;
  • Customer confidence;
  • Protects the reputation;
  • Improves privacy protection;
  • Increases privacy-awareness within the organization.

Unfortunately a DPO’s services may not be affordable and accessible to all businesses and organizations.

For example, there could be many businesses that are large enough to require a data protection officer but too small to afford paying for a full-time employee to undertake this role. Another issue could be that there are no trained (certified) DPO’s in your local area.

Therefore, an alternative exists for this common situation: the Virtual Data Protection Officer (VDPO).

A VDPO can be an independent contractor rather than employee.

In this case, the clients do not have to pay employee-related taxes, insurance or benefits. Clients also avoid the logistical problem of providing extra office space, equipment or supplies. The VDPO’s discreet presence could make the employees and customer feel comfortable. Common modes of communication and service delivery include the Internet, video, e-mail and phone call conferences, online work spaces, VOIP and fax machine.

How it could work:

Phase One (setting up the collaboration):

The VDPO allocates a first phase (in-person would be preferred) collaboration/service period working with the business to:

  • Asses the particular needs of a particular organization;
  • Establish necessary policies and procedures;
  • Carries out staff training.

In this first phase the VDPO will provide policies established and tailored based on the business’s particularities (i.e. virtual store, offline store, law firm, etc).

  • Data Protection Policy and good practices;
  • Data Security Policy and good practices;
  • Document security Policy and good practices;
  • ID policies;
  • Video surveillance policy (if required);
  • Computer/Internet Use Policy and good practices;
  • Social Media Policy and good practices;
  • Website Privacy Policy and good practices.

In the second phase of appointment/collaboration, the VDPO will provide (from a remote location) the following services:

  • Periodical updates regarding the legislative changes and the effective implementation measures if required;
  • Periodical staff training and also new staff training, delivered over tele-conference, VOIP, website, tutorials, videos and any relevant materials;
  • Using the same tools as mentioned above, conducts regular campaigns to improve internal privacy awareness;
  • Pertinent and effective opinions regarding data subject requests;
  • Provides Privacy Impact Assessments and solutions for new business procedures, services or products involving data protection;
  • Handles any problems or queries related to Data Protection that arise;
  • Provides Data Protection audits;
  • Conducts systematic research in the field of data protection and determines how it directly applies to a particular business;
  • Is the liaison between the National Data Protection Authority and the business/organization;
  • Supervise the transfer of data to “third countries” in case the Organization has a subsidiary/branch overseas (i.e. from EU to US).

The services of a VDPO depend on the size and nature of the business, and the contracts are negotiable also based on size and nature of the business.

A VDPO could be more affordable than a in-house DPO or a part-time on-site DPO collaborator/consultant, for an organization, which is growing and developing being on a stricter budget, but aims to offer an adequate protection of personal data and privacy  for its customers and employees.

So many organizations/business (if not all) have an IT professional/consultant for their IT system, computers, cloud computing, outsourcing, etc., I am assuming that a VDPO professional for protecting the (personal) data, sensitive information, private information, intellectual property, business secrets, would be as necessary as the IT professional.

If you would like to hire a Virtual Data Protection Officer (VDPO) for your business or organization contact: dan@e-crimeexpert.com

If you would like to learn more about Virtual Data Protection Officer, questions can also be submitted to: dan@e-crimeexpert.com

More information can be found at: www.e-crimeexpert.com

Have you heard of a Virtual Data Protection Officer? Would you consider hiring one for your business or organization? What other contribution(s) could a VDPO bring to an organization? How would you feel or your staff feel about having direct online contact with the VDPO?

To keep up with the latest information about Privacy and Data protection, hit the “subscribe” button to receive an email when new videos and articles are posted on this blog.

Welcome to E-Crime Expert blog

August 22, 2011 1 comment

This blog aims to expose:

  • the newest information on privacy and data protection
  • the latest e-crime trends, news, and scam methods
  • the newest information on identity theft

and provide:

  • awareness videos and tutorials, articles and educational programs
  • information on the current legislation
  • support, prevention measures and legal advice

I look forward to your comments, suggestions, criticisms and constructive contributions and possible collaborations.

The main goal of E-Crime Expert is to:

  • make the Internet a safer place and the user better protected and more knowledgeable in order to be one step ahead e-criminals and scammers
  • help the user protect their personal data and privacy (as important human rights)
  • help the user protect their intellectual property rights as just through innovation the human kind can advance

“An informed user, makes an informed decision!”

%d bloggers like this: