Archive

Posts Tagged ‘Brussels’

Important security settings on Facebook

October 29, 2013 Leave a comment

Information security is important. Remember that: Without security there is no privacy!Today, E-Crime Expert presents several security measures Facebook has in place for securing your private data and account.

1. Change your password (Frequently)

i. Log on your Facebook Account, go to (click) “Settings” (1)and then click on “Account settings” (2) from the fold down menu(Fig.1).

Fig. 1

1

ii. Go to and select the “General Settings” menu on the left and then click on the “Edit” tab from the Password field (on the right side of the page). See Fig.2.

Fig. 2

2

iii. Now, you have to follow the three steps bellow:
-type your current password (for security reasons);
-type your new password (check this blog post here on how to have a strong password);
-type your new password again.
Click “Change password” and your password will be changed. (Fig.3).

Fig.3.

15

iv. In order to be sure your password is effectively changed on all your devices, select the “Log me out of other devices” box, click on the “Submit” button from the displayed message that appears after you changed your password. That will enable you to sign out from all the devices you are automaticaley logged on. In this way, once you use them again, you will be prompted to type your new password. This is an extra security measure which enables you to protect your information if one of your devices got lost or stollen or when it is shared with other people (Fig. 4).

Fig. 4.

16

2. Check your active sessions

i. You can also check from where you logged on your account lately.
Click on the “Security settings” tab (see pictures above for how to get there) on the left and then go to the right-bottom of the page and select “Edit” from the “Active sessions” menu (Fig.5)

Fig.5

3

ii. Now, you can check from where you are logged on during the current session (top of the page) and also, you can check bellow from where you were logged on in your previous sessions.
*Note: if you notice that you appeared logged on from countries you never been or you have not been lately or from devices you do not use that means someone else logged on your account without authorization (Fig.6).
**If you notice any unfamiliar devices or locations, click ‘End Activity’ to end the session and automatically log out someone who’s using your account fraudulently.
Change your password immediately as explained under section 1 of this Blog post!

Fig.6

14

3. Secure browsing.

i. Go to “Security settings“, as explained above, find the “Login Notifications” menu and click “Edit“. (Fig.7)

Fig.7

18

ii. Then you can select either “Email” or “Text message“. Or you can always select both! Click “Save changes“.
This will enable you to be notified via email or text message when your Facebook account is accessed from a device that you do not recognize (Fig.8).

Fig.8

17

iii. Furthermore, you could set up a Log in approval used when login into your account from unknown devices.
Go to “Security settings” (see above) and from there to “Login approvals” (bellow to “Login Notifications”). Click “Edit” and then select the box that reads: “Require a security code to access my account from unknown browsers“. Don’t forget to click “Save changes“. Now you are set for receiving notifications or be prompted a code (that will be delivered via your email or text message as a one-time token) before logging into your Facebook account, from unknown devices (Fig.9).
In order to learn what an unknown or unrecognized device means, keep reading this post bellow.

Fig.9

19

4. Recognized devices.

You can always set up the devices of your choice when using Facebook.
Go to “Security Settings” (as explained above), click “Edit” on the “Recognized Devices” menu and see which your recognized devices are. Devices will be assigned to your account as recognized when you will first time log on your Facebook account (using a new password) from a certain device (You will be prompted with a message whether you would like to save a certain devices as a recognized device or not). Be careful; do not select as a “Recognized Devices” a computer from school, work, public library or hotel. For this reason and in order to check which are your recognized devices check that menu and see if the devices listed there are the one you trust. If not, you just simply click “Remove” on the right side of a particular device (for example when there is listed a device you used once in a library).
Don’t forget to click “Save changes” as usually (Fig.10).

Fig.10

22

5. Trusted friends

i. To get set up, visit your “Security Settings” (as explained above), where you can select three to five friends to be your trusted contacts.
Find “Trusted contacts” and click on “Edit” and then on “Chose trusted contacts“(Fig. 11).

Fig.11

23

ii. Type the names of 3-5 of your trusted friends. You can select them one by one.
Don’t forget to click “Confirm” (Fig.12).

To select good trusted contacts:

– Choose people you trust, like friends you’d give a spare key to your house.
– Choose people you can reach without using Facebook, ideally over the phone or in person, since you’ll need to contact them when you can’t log in.
– Choose more people to help you. The more friends you choose, the more people who can help you when you need it.

Fig.12

24

iii. As a security measures you’ll be prompted to introduce your account password (even if you are already logged on). Click “Submit” after you are done ( Fig. 13).

Fig. 13

28

iv. Immediately after, your trusted friends will appear under “Trusted Contacts“. You can now use them all, remove one or all if not pleased with your choice (Fig.14).

Fig.14

29

v. In order to make sure you are the one who made the selection of your trusted friends, Facebook sends you a message (check your mailbox linked to your Facebook account) confirming you added trusted friends (Fig.15).

If you did not do it, then someone most likely hacked into your account. Change your password immediately!

Fig.15

30

vi. Using Trusted Contacts

Once you’ve set up your trusted contacts, if you ever have trouble logging in, you’ll have your trusted contacts as an option to help. You just need to call your trusted contacts and let them know you need their help to regain access to your account. Each of them can get a security code for you with instructions on how to help you. Once you get three security codes from your trusted contacts, you can enter them into Facebook to recover your account.

With trusted contacts, there’s no need to worry about remembering the answer to your security question or filling out long web forms to prove who you are. You can recover your account with help from your friends.

***Note: If you have set up your secure browsing, login notifications and chose your recognized devices and you receive an email from Facebook notifying you that someone tried to log on your account on X day from Y location using Z device (and none of those are related to you), then Change your password immediately (as explained under section 1 of this Blog post), because definitely someone tried or succeeded to fraudulently log into your account! (See example in Fig.16).

Fig.16

2

Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

Beyond Data Protection – published today!

January 31, 2013 Leave a comment

Dan Manolescu is glad to announce his contribution to the Beyond Data Protection book, published by Springer and available to the public from today, January 31, 2013. You could find Dan’s contribution under the “Data Protection Enforcement: The European Experience – Case Law” chapter.

 This book provides practical approach to address data protection issues in businesses and daily life. It also compares, contrasts and substantiates the different principles and approaches in Asia, Europe and America  and recommends leading best practices to practitioners and stakeholders based on divergent of technologies involved.

​I strongly recommend you to purchase this book considering the excellent material and contribution of several top scholars in the privacy and data protection fields.

You could find  more info about this book here.

cda_displayimage

This great opportunity would not have been possible without the tremendous work of Noriswadi Ismail, an excellent data protection and privacy scholar and practitioner. He is also the Mastermind behind Quotient Consulting, a boutique firm, which focuses on array of data protection and privacy consulting services such as: Data Diagnosis, Privacy Impact Assessment, Data Protection & Privacy Strategy, Training, Data Protection & Privacy Certification, Public & Private Consultations

In addition, Philipp Fischer’s contribution to this book is remarkable. Philipp is also an outstanding data protection and privacy scholar and professional and he is the CEO of SuiGeneris Consulting, which provides privacy and data security practice, data-use business models and how data flows generate profits. He has extensive underlying subject matter experience at the interface between information security requirements, data protection & – privacy law and economics; especially in information security, quality management, consumer protection, intellectual property, software programming and risk assessment. That enables him to provide strategic business consulting on all aspects of information policy, including privacy, information security and records management.

Last but not least, E-Crime Expert signed  strategic partnerships with Quotient Consulting (with subsidiary in London, UK), and withSuiGeneris Consulting (based in Munich, Germany).

 If you have additional questions, please contact us: dan@e-crimeexpert.com

Data Protection: one Directive and two perspectives

December 4, 2012 Leave a comment

Data Protection: the economic value and the fundamental human rights perspectives

Related to our latest Blog post on Privacy vs Data Protection, today E-Crime Expert presents a short history and rational behind the Data protection legislation in the European Union.

Did you think that the EU Data Protection legislation was drafted and proposed by the European Union’s Directorate General Justice (because of its Human Rights dimension)?Actually, it was not as the Directive 95/46/EC was drafted and proposed by the DIRECTORATE GENERAL FOR INTERNAL MARKET AND SERVICES DG MARKET.

Why? In order to find out please read bellow the rationals described in the Preamble of the Directive 95/46/EC:

The establishment and functioning of an internal market in which, in accordance with Article 7a of the European Union’s Treaty, the free movement of goods, persons, services and capital is ensured require not only that personal data should be able to flow freely from one Member State (MS) to another, but also that the fundamental rights of individuals should be safeguarded. In other words, there should be a proper balance between the free flow of personal data and the protection of fundamental human rights.

Furthermore, the economic and social integration resulting from the establishment and functioning of the internal market leads to a substantial increase in cross-border flows of personal data between all those involved in a private or public capacity in economic and social activity in the MemberStates and the exchange of personal data between undertakings in different Member States is considerable increasing. Also, the increase in scientific and technical cooperation and the new telecommunications networks in the Community necessitate and facilitate cross-border flows of personal data.

Considering the difference in levels of protection of the rights and freedoms of individuals (privacy), with regard to the processing of personal data afforded in the Member States, it could prevent the transmission of such data from the territory of one Member State to that of another Member State, which constitutes an obstacle to the pursuit of a number of economic activities at Community level, distort competition and diminishes the economic value of a such exchange of data.

Last but not least, in order to remove the obstacles for the flow of personal data, which is vital to the internal market, it is aimed to ensure that the cross-border flow of personal data is regulated in a consistent manner that is in keeping with the objective of the internal market.

Considering the above rationales as outlined in the Preamble of the Directive 95/46/EC, we can easily observe that the Data Protection legislation in the EU does not manly has a human rights dimension but an economic one as the Directive 95/46/EC was drafted and proposed by the DG Market and not by the DG Justice or DG Home, aiming to not only stop but to increase the free flow of data between the Member States by giving legal certainty to the EU citizens and providing a legal framework uniformly implemented among the MS.

The second part of this Blog Post continues with the Directive 95/46/EC human rights dimension  by explaining data protection terminology, principles, rights of data subjects and data transfer mechanisms.

 1)      data protection terminology and definitions

  • ‘personal data’ = any information relating to an identified or identifiable natural person (‘data subject’); and who can be identified:
    • directly
    • indirectly,
    • in particular by reference to an identification number
    • or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
  • ‘processing of personal data’ = any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as: collection, 
    • recording,
    • organization,
    • storage,
    • adaptation or alteration,
    • retrieval,
    • consultation,
    • use,
    • disclosure by transmission,
    • dissemination or otherwise making available,
    • alignment or combination,
    • blocking, erasure or destruction;
  • ‘personal data filing system’ (‘filing system’) = any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
  • ‘controller’ = the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;
  • ‘processor’ = a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
  • ‘third party’ = any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who (e.g. subcontractor), under the direct authority of the controller or the processor, are authorized to process the data;
  • ‘recipient’ = a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not;
  • ‘the data subject’s consent’ = any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.

 2)      Principles related to data protection:

  • processed
  • fairly (data subjects informed) and
  • lawfully (based on a legal act)
  • collected for:
    • specified,
    • explicit
    • legitimate purposes
    • no further processed in a way incompatible with those purposes
  • adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected
  • the data subject has unambiguously given his consent
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • processing is necessary for compliance with a legal obligation to which the controller is subject
  • processing is necessary in order to protect the vital interests of the data subject
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed

 3)      Information to be given to the data subjects (fair processing)

  • the identity of the controller and of his representative, if any;
  • the purposes of the processing for which the data are intended;
  • any further information such as
    • the recipients or categories of recipients of the data,
    • whether replies to the questions are obligatory or voluntary, as well as the possible consequences of failure to reply,
    • the existence of the right of access to and the right to rectify the data concerning him

4)      Rights of data subjects:

  • Right of access
  • Right to object
  • Right to modification
  • Right to deletion

 5)      Notification

  • Those processing personal data shall provide that the controller or his representative, if any, must notify the supervisory authority (of a member states) before carrying out any wholly or partly automatic processing operation or set of such operations intended to serve a single purpose or several related purposes.

 6)      Transfer mechanisms:

  • Freely to Canada, Argentina, whole EU, etc BUT not to US (does not confer the same level of data protection as EU-because of the Patriot Act)
    • Binding Corporate Rules (for US. Set of rules agreed by the EU Commission when transferring data outside EU)
    • Safe Harbor Agreement (for US that certifies those part of this agreement comply with the EU data protection rules)

 Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

 

Privacy versus Data Protection

November 27, 2012 6 comments

Today, E-Crime Expert presents the main similarities and differences between privacy and data protection concepts mainly from two different legislative perspectives:  Canada and the European Union (EU), and briefly from the United States (US).

Also, this blog post provides the main privacy and data protection legislative acts from Canada and EU as a useful resource for those interested or working in this field.

Last but not least, you could find bellow the full EU Data protection revision 2012 package.

I.      US versus EU versus Canada

-The United States (US) and European Union (EU) have different concepts regarding personal information and private data, such as Privacy in the US versus Data Protection in the EU.

US’s approach to privacy focuses on narrowly applicable legislation.

  • sector-based,
  • with a mix of legislation,
  • regulation and self-regulation,
  • focusing on the protection of personal information by specifically addressing a particular industry sector (i.e. medical information, online transactions, credit check, etc)
  • regulating data collected by the federal government

EU has a more comprehensive approach.

  • set of rights and principles for personal data treatment (processing),
  • without considering that the data is held in the public or private sector,
  • protects just natural persons not legal entities
  • the relation between data protection and the economic value as a proper balance between fundamental rights and free flow of information (which has economic value).
  • by granting data protection as a fundamental right, the aim is to protect the individuals but also to encourage the free flow of information, giving data subjects legal certainty and encouraging them to not negatively affect the exchange of information and data

-Canada – similar level of protection to the EU one.

  • Privacy is regulated by the government at the federal and provincial level:
    • The Privacy Act (federal level for private information held by the gov),
    • PIPEDA (federal level for private sector),
    • PIPA (provincial level for private sector, Alberta for example),
    • FOIP (provincial level for public sector, Alberta for example),
    • HIPA (federal level for health information),
    • HIA (provincial level for health information, Alberta for example)
  • The difference between Canada and EU
    • Canada’s legislation regulates both organizations and individuals privacy rights and access
    • EU’s legislation regulates the individuals’ rights (no organizations)
    • Canada gives to the individual the right to access their data or other individuals’ or organizations data along with their privacy protection right under the same Act (The Privacy Act, FOIP)
    • EU gives to the data subject the right to protection of their personal data under one single act (Directive 95) and to access data for public interest under the Transparency Regulation (1049)-no others personal data could be accessed in the private sector (just for law enforcement)
  • Canada enacted different acts for different data categories (private-PIPA, public-FOIP, health-HIA, children-Child, Youth&family enhancement act, etc)
  • EU has the same Legislative Act (e.g. Directive) but with different degrees of protection and limitations based on the data categories sensitivity (identification, medical, criminal, etc).
  • Canada sets forth a minimum time for information retention when EU sets forth a maximum time for data retention
  • in Canada information sharing is done based on Information Sharing Agreements (local, federal, international)
  • in EU the data transfer has three layers of protection for exchange locally within the same institutions, bodies, organizations, between EU member states, or internationally (with third countries).

 II.      Privacy versus data protection

  • The concept of privacy and data protection is not the same.
  • Data protection has a privacy dimension, but it is narrower in scope than the privacy concept, “as the privacy encloses more than personal data” (i.e. private life, private home, private correspondence, etc.)
  • From a different angle, it encloses a wider area, “since personal data are protected not only to enhance the privacy of the subject, but also to guarantee other fundamental rights, such as the right to freedom of expression, or the right to know what data is gathered about you,  to have access to your data, to ask for modification or deletion of your data, etc”
    • Furthermore, data protection gives individuals the right to know
  • What personal data is collected,
  • on what legal grounds,
  • how it is used, for how long it used and kept,
  • and by whom.
    • specifically grants data subjects with the rights to access, modify,   update or ask for deletion of such data

 III.      EU legislative framework

IV.      EU Data protection revision 2012 (to reflect the new technological developments and to provide a consistent legislative framework across EU):

Click here to access the new proposed EU Data Protection regulation

  • It was proposed a Regulation versus the existing Directive. A Regulation is better, as it is immediately and more uniformly implemented into the Member States national law.
  • Data subjects
    • increasing responsibility and accountability – companies would have to notify their clients of any theft or accidental release of personal data
    • clarifying that where someone’s consent is required before a company reuses their personal data, they need to give that consent explicitly – people would also have access to their own private data and be able to transfer it to another service provider more easily
    • reinforcing the ‘right to be forgotten’ – people will be able to have their personal data deleted if a business or other organization has no legitimate reasons for keeping it
    • applying EU rules when personal data is processed outside Europe – people would be able to involve the national data protection authority in their country, even when their data is processed by a company based outside the EU
    • People will have easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). This will improve competition among services
  • Good for business
    • A single set of rules would encourage a more consistent application of the law across the EU. Businesses would have clear rules on how to treat personal data
    • Companies would only have to deal with a single national data protection authority in the EU country where they have their main operations (saving businesses an estimated €2.3bn a year)
    • The obligation of appointment of a data protection officer for organizations with 250 employees and over (private sector
    • Instead of the current obligation of all companies to notify all data protection activities to data protection supervisors – a requirement that has led to unnecessary paperwork and costs businesses €130 million per year, the Regulation provides for increased responsibility and accountability for those processing personal data
    • Companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours)
    • Organisations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. Likewise, people can refer to the data protection authority in their country, even when their data is processed by a company based outside the EU. Wherever consent is required for data to be processed, it is clarified that it has to be given explicitly, rather than assumed
    • EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens
    • Independent national data protection authorities will be strengthened so they can better enforce the EU rules at home. They will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to €1 million or up to 2% of the global annual turnover of a company
  • Better enforcement
    • The new rules would give national data protection authorities powers to enforce the EU rules more rigorously
    • A new Directive will apply general data protection principles and rules for police and judicial cooperation in criminal matters. The rules will apply to both domestic and cross-border transfers of data. For the new Directive click here.
  • Next steps
    • The proposals is aimed to encourage more online commerce by improving consumer trust – contributing to economic growth and job creation. The new Data protection proposed legal framework (Regulation+Directive) must be approved by the European Parliament and Council before becoming law.
  • Commission Proposals on the data protection reform: legislative texts

Source: Directorat General Justice of the European Commission

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

Training and workshops

E-Crime Expert as a legal consultancy specialized in the fields of data protection, privacy, cybercrime, and the Internet, offers the following services:

  • Drafting of notification and documentation for personal data processing, transfer, compliance
  • Legal mechanisms for the cross-border transfers of personal data
  • Privacy Impact Assessments

Now, E-Crime Expert is offering also training session, workshops, tutorials and talks tailored to specific audience such as:

  • Corporate

 
 
 
 
 
 
 
 
  • Various events and conferences
 

 
 
 
 
  • Seniors
 

 
 
  • Teenagers
 

 
 
  • Children
 

 
 

If interested, please contact us at: dan@e-crimeexpert.com

Support Nicole Basaraba as a Samsung Global Blogger – 2012 London Olympics

May 23, 2012 1 comment

This Professional Blog would have not came into existence without the tremendous help of Nicole Basaraba owner of Annotations Editorial, who helped E-Crime Expert with its online presence and social media platforms in order to deliver them in a coherent brand and as a precise and functional package. In this role, Nicole developed an overall communications strategy, designed, tailored and edited all the content (ex. blog posts, articles, pictures, videos, etc.). Nicole has helped implement E-Crime Expert’s website, this blog, YouTube tutorials, Twitter, and Facebook page.

I am glad and honoured to support Nicole as she is competing to be a Samsung Global Blogger in London for the 2012 Olympic Games. I am extremely positive that Nicole through her creativity and genuine dedication, will achieve great accomplishments in this role, and all of us will greatly benefit from being continuously updated and connected in real-time with the atmosphere of the 2012 Olympic games.

So if you’d like to show your support for Nicole as a Samsung Global Blogger please feel free to:

  • click the “thumbs up” support button on her video 
  • re-blog this post
  • spread the word/link on Facebook and to your preferred social networks
  • tweet & retweet the link to her video:

Support @NicoleBasaraba (#Belgium) as a Samsung Global Blogger: http://samsungglobalblogger.uk.msn.com/videos/2979 #samsungglobalblogger

Nicole’s second video entry will be up shortly. In the meantime, you can find her audition video and give it the thumbs up here: http://samsungglobalblogger.uk.msn.com/videos/2979

Thank you to all!

%d bloggers like this: