Archive

Posts Tagged ‘Web 3.0’

Cybercrimes: Battling a New Kind of Home Intruder

December 18, 2012 1 comment

As technology it is not slowing down and cybercrime is on the rise — it is crucial that information on cybercrime and awareness is made more available for all people. For this reasons, E-Crime Expert is glad to welcome Home Security, as a guest and feature their valuable website and material bellow.

About:

Home Security.org is a constantly developing comprehensive Home Security and Personal Security information resource.

The blog post below is provided by Home Security.

In the not-too-distant past, the threat of hacking was confined to PCs and laptops. Today, we rely on a proliferation of electronic devices for communication, directions and entertainment – all potential channels of information for hackers with malicious intent. Wi-Fi and Bluetooth technology, cell phones, Global Positioning Services (GPS), Internet-enabled TVs, tablets and wired cars are all susceptible to thieves trying to access critical personal information.

Cybercrime is on the rise, one of the most rapidly growing areas of prosecuted crime. Hackers may be computer geeks with malicious intent, identity thieves, spies, traders in illegal pornography or businesses attempting to disrupt competitor’s websites. The impact on society can be staggering, ranging from downed systems for vital infrastructure like hospitals or emergency response systems to financial cost. Brand damage is difficult to measure, and the cost to repair and prevent future damage from hackers annually runs into the billions.

What Kinds of Cybercrime Exist?

While it seems that hackers crack codes for every new device that hits the marketplace, there are some defined forms of cybercrime that have been deemed illegal by state and federal authorities.

  • Harassment: The most common form of cybercrime, the term harassment includes obscenities or insulting comments directed towards an individual or group of individuals, and may or may not be related to sexual orientation, religion, ethnicity or gender.
  • Offensive Content: Obscene and distasteful content on the Internet is not only something that children should not see; it is illegal in many countries.
  • Fraud: Internet fraud can take many forms, but it is most often in the guise of misrepresenting oneself and enticing a consumer to provide sensitive information. Fraud is usually financial in nature and is often related to identity theft. Technically, it is also fraudulent to use your neighbor’s Internet signal if you are not paying for it.
  • Trespassing: Hackers illegally gain access to individual hard drives and can remove or copy files, install software, view browsing history and access your passwords. Trespassing is often fraudulent; for example, a cloned website of a familiar vendor may request that readers click a link or download a file that allows access to a hard drive.
  • Drug Trafficking: Encrypted emails are used by drug traffickers around the world to share manufacturing formulas and arrange deals and delivery of illegal drugs.
  • Hardware Hijacking: Some peripheral externals, like printers, contain design flaws that allow them to automatically receive software updates via an Internet connection. Criminals can surreptitiously download damaging files to these devices.
  • Spam: Unsolicited e-mail is not only annoying; it is often used for phishing, a practice that deceives users into providing delicate data such as Social Security numbers, birthdates, passport identification numbers or credit card numbers. This information is used by identity thieves, or to access bank and credit card accounts. Spam often contains malicious bits of code that can permanently damage your computer. Some spammers practice spoofing, allowing them to use your email address to send the same code to everyone in your address book.
  • Information Warfare: Targeted at businesses and large, complex systems, information warfare aims to disable these systems. These cybercriminals either use malicious code or repeatedly hit the server from multiple computers at once, causing the target server to crash.
  • Malware: A very common source of disabled devices is malware, or malicious software. Malware files can be downloaded to your device without your consent, sometimes even without your knowledge. These files allow criminals to monitor your activities on your device or crash it permanently. Cell phones are particularly prone to malware due to their small screen size; it may be easy to miss a link or download notification on a cell phone.

Devices other than laptops and cellphones are at risk. In April 2012, Sony’s PlayStation Network was famously hacked, shutting down its network and releasing personal information for 100 million users. Internet TVs, designed to allow access to streaming content like Netflix and Pandora, open a window for hackers to not only access your television, but any computers that are linked to the same network. Cars that are wired for personal use, which are increasingly popular in new models, may provide criminals a pathway to your phone and all of the delicate information kept therein. Alarmingly, it was recently proven that medical devices such as insulin pumps for diabetics can be hacked and controlled by an outsider.

Smartphone apps, those useful and helpful tools we love, can offer opportunities for hacking. Home alarm systems that are controlled by apps may allow an evil-minded hacker to access your home’s security features without your knowledge. Many popular apps are based on GPS systems, which are often provided to third parties without your knowledge. The ubiquitous Bluetooth technology is not immune to exposure; hackers can spam your phone, access its contents or take it over completely via Bluetooth channels.

Are We Defenseless?

While consumers should be aware of the possibilities, there is no reason to panic. Developers are creating code that resists hacking attempts as fast as hackers come up with new tactics, and the U.S. government is watchful. The Department of Justice, the FBI and the Department of Homeland Security all have personnel dedicated to the eradication of cybercrime, and hackers are prosecuted with misdemeanor or felony charges.

There is much you can do to protect yourself from cybercrime. Your devices are programmable for varying levels of protection, and manufacturers of the products you use pre-install protection measures and offer upgrades to security when necessary. Take advantage of these tools and make the following security best practices part of your routine:

  1. Turn off your computer. It is common practice to leave computers on all the time, especially given our impatience with rebooting. Unfortunately, leaving a computer in “sleep mode” offers no more protection than your antivirus software provides, and today’s high-speed networks can allow a hacker to access your PC or laptop swiftly. A computer that is turned off cannot be hacked from an external source.
  2. Update your antivirus software. Companies who manufacture this software are constantly revising code to keep up with new threats, and many issue patches within hours of the appearance of a new worm or malware. Even Macs, once considered immune to viruses, have been infected. Consider bolstering your current software with additional protection. Set your software to receive updates automatically, and ensure that you have spyware protection.
  3. Update your operating system. Similar to antivirus software developers, the manufacturers of your operating system are constantly reacting to new cybercrime threats. Unfortunately, some viruses, worms and malware take the guise of a software update and trick users into downloads. Take the extra few minutes to learn exactly how your system will notify you of an official update, and follow directions when prompted. If you are unsure whether an update is legitimate, check your system user’s guide.
  4. Download wisely. Never open an attachment from someone you do not know, and be suspicious of email forwards with unexplained or confusing attachments. Many antivirus programs, such as Vipre, offer an email protection setting that can alert you to a suspicious attachment from a known user; both traditional corporate and free email clients like Gmail can benefit from this extra protection. When surfing the web, set your page security settings high so that you don’t inadvertently download malware; a strong antivirus program will warn you or prevent you from accessing sites that are dangerous.
  5. Always turn on your firewall. Most laptops and PCs are equipped with a firewall, a barrier to malicious elements that can be configured to a single computer or to a network. Firewalls are commonly pre-configured into the hardware of your computer and protect you from all incoming information. Check the system security on your laptop or PC to see that you have a firewall and that it is turned on. You may also download additional firewall protection. A router for a home wireless network connection provides an extra layer of protection; routers that are set to provide wireless connectivity to multiple devices in your home automatically discard any malicious incoming traffic that is not directed to a single IP address.
  6. Be aware when traveling internationally. Any devices that you travel with, including cell phones, are vulnerable. Exercise caution where free wi-fi is offered, such as in coffee shops and airports. When you access a wireless signal outside of your home’s firewall protection, you are more vulnerable. Take only the devices you need, and back them up before you travel. Consider deleting sensitive data for the duration of your trip and using completely different access passwords for your devices. The FCC offers additional tips for travelers with electronic devices.

Vigilance and awareness are the two best defenses you can provide. The world of cybercrime is fast-moving, and talented individuals with evil intent are attempting to break into new devices as fast as they are developed. However, staying aware of current events in cybercrime news and the updates you may need, as well as fully exploiting the crime prevention tools at your disposal, will keep your home and your data safe from intruders”.

More resources provided my Home Security could be found here.

Also, please check out their other sections on the same topic:

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Advertisements

Did you get a New electronic device for Christmas?

January 6, 2012 Leave a comment

Happy New Year to everyone! Wish you all the best for this year, but most importantly, I wish you to be healthy and around your families! Also, stay safe!

Maybe for some of you Santa was kind enough and brought you new electronic devices such as a new laptop, desktop, iPad, tablet or smartphone. That sounds exciting, but have you thought what are you going to do with your old electronic device? Giving it away to charity? Selling it on a classified website, or giving it to a family member or friend? In any of these cases you should first be sure that you are not involuntarily sharring your private info and data. For this reason, E-Crime Expert presents again today some tips on how to remove this personal data from your old electronic device before being given away.

Please watch this video tutorial here:

More details are provided bellow:

A large volume of electronic data is stored on computer systems and electronic media. Much of this data consists of confidential and sensitive information, including patient records, financial data, personnel records, and research information.

If you are with a company or organization that accepts donations or properly dismantles computers, electronics, or hard drives, take them there.

If you have a computer or computer equipment that you believe is beyond repair or is too old to be useful take it to a dismantling centre.

Many computer manufacturers and computer hardware manufactures also have their own recycling or trade in programs. When you buy a new computer you could perhaps trade in the old one.

All computer systems, electronic devices and electronic media should be properly cleared of sensitive data and software before being transferred from you to another seller or dismantling centre.

Computer hard drives should be cleared by using software and then be physically destroyed. Non-rewritable media, such as CDs or non-usable hard drives, should be physically destroyed (ie. scratched, broken into pieces).

Try to destroy or dismantle you hard drive, external hard drive, printer, fax, cell phone, computer, camera, web camera, GPS, laptop because all these devices have internal memory where sensitive data is still stocked even if properly deleted manually or with a software.

When you sell an old laptop or PC, try first to “format” your device and reinstall the operating system- If you are not able to do this, at least try to DELETE:

  • All your photos, videos, music files, located on the following folders: Desktop or My Documents, My Music, My videos (Movies),
  • Archives
  • The folder that retrieves your Mail inbox on your computer
  • Recent documents folder
  • Downloads
  • Library folder
  • Data storage folder
  • Maildownloads folder
  • Info.plist document
  • Key chain, the folder that stores your passwords on a computer
  • Cookies folder
  • Calendar folder
  • Printer folder
  • Cache folder
  • Favorites folder
  • Logs folder
  • Web browser (Safari) folder
  • Sync Services folder used for cloud computing or to sync with other devices
  • Address book

Note: these folders are available on a MacBook Pro device (with Snow Leopard  OS), the order or name of the folders  may differ from computer to computer or from one operating system to another. But the principle is the same.

When you sell your used cellular phone try to do a “factory data reset” and all the information and personal settings will be removed. This is mandatory when you sell your used device.

Step 1: go to settings

Step 2: select SD&phone storage

Step 3: select Factory data reset

This should reset all your information on your phone.

Note: these folders are available on HTC Desire running on Android version 2.2. 

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used any of those methods? Are you thinking to use any of them? How do you dispose of your electronic devices and gadgets you no longer use?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

EU Member States’ national Data Protection Laws

December 16, 2011 1 comment

As announced in the last blog post here, E-Crime Expert presents today the National Data Protection Legal Acts of each Member State as required by the implementation of the Directive 95/46. This could be helpful for anyone interested as there are significant differences among the Member States DP national legal frameworks, acquired during their implementation  process of  the Directive 95/46. In this regards, for a company running commercial activities in Belgium, their compliance when processing personal data in Belgium, should be subject to the Belgian DP national Law. The Directive 95/46 has no direct implication or relation to their processing operations in Belgium or in any other member States. This Directive sets forth the general European legal framework with the minimum protection requirements  for the national DP laws implemented by each member State in their own ways. Therefore, for any interested party, company or data subject, it is useful to know which DP Laws particularly applies when running businesses, doing electronic commerce or any other activities that require processing of personal data.

Transposition of the Directive 95/46 requirements into national laws.

Here you can find the national laws of each member state:

Austria

Data Protection Act 2000, Austrian Federal Law Gazette part I No. 165/1999

Belgium

Act of 8 December 1992

Royal Decree

Bulgaria

Personal Data Protection Act

Cyprus

The Processing of Personal Data (Protection of Individuals)
Law 138(I)2001

Czech Republic

Act on Protection of Personal Data (April 2000) No. 101

Denmark

Act on Processing of Personal Data, Act No. 429, May 2000.

Estonia

Personal Data Protection Act of 2003
 

Finland

 Personal Data Act (523/1999)

Act on the amendment of the Personal Data Act (986/2000)

France

Data Protection Act of 1978 (revised in 2004)

Germany

Federal Data Protection Act of 2001

Greece

Law No.2472 on the Protection of Individuals with Regard to the Processing of Personal Data, April 1997.

Hungary

Act LXIII of 1992 on the Protection of Personal Data and the Publicity of Data of Public Interests

Ireland

Data Protection Act 1988.

Data Protection (Amendment) Act 2003.

Italy

Data Protection Code of 2003

Processing of Personal Data Act, January 1997

Latvia

Personal Data Protection Law, March 23, 2000.

Lithuania

Law on Legal Protection of Personal Data (June 1996)

Luxembourg

Law of 2 August 2002 on the Protection of Persons with Regard to the Processing of Personal Data.

Malta

Data Protection Act (Act XXVI of 2001), Amended March 22, 2002, November 15, 2002 and July 15, 2003

The Netherlands

Dutch Personal Data Protection Act 2000

Poland

Act of the Protection of Personal Data (August 1997)

Portugal

Act on the Protection of Personal Data (Law 67/98 of 26 October)

Romania

Law No. 677/2001 for the Protection of Persons concerning the Processing of Personal Data and the Free Circulation of Such Data

Slovakia

Act No. 428 of 3 July 2002 on Personal Data Protection.

Slovenia

Personal Data Protection Act , RS No. 55/99.

Spain

ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data

Sweden

Personal Data Protection Act (1998:204), October 24, 1998

United Kingdom

UK Data Protection Act 1998

Privacy and Electronic Communications (EC Directive) Regulations 2003

E-Crime Expert would like to thank you for reading this Blog and to wish you Merry Christmas and a very Happy New Year! We’ll be back in the first week of January 2012.

Till then, stay safe!

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

EU National Data Protection Authorities

December 14, 2011 1 comment

Today, E-Crime Expert presents the contact details of all the (EU) National Data Protection Authorities in order to help citizens/users know where to address and complaint in case their fundamental right to the protection of personal data it is breached. This right is granted by the Charter of Fundamental Rights of European Union. Also, the Directive 95/46 sets forth the National Data Protection Authorities to protect the right to privacy and personal data of the data subjects.

Briefly, the main roles of National DPA are:

-Investigations

-Interventions

-Hear claims and engage in legal proceedings

-Advisory

-Awareness.

Here are listed the up-to-date contact details of all EU National EU DPAs:

Austria

Österreichische Datenschutzkommission
Hohenstaufengasse 3
1010 Wien
Tel.
+43 1 531 15 25 25; Fax +43 1 531 15 26 90
e-mail:
dsk@dsk.gv.at

Belgium

Commission de la protection de la vie privée
Rue Haute 139
1000 Bruxelles
Tel. +32 2 213 8540; Fax +32 2 213 8545
e-mail:
commission@privacy.fgov.be

Bulgaria

Commission for Personal Data Protection
Mrs Veneta Shopova
15 Acad. Ivan Evstratiev Geshov Blvd.
Sofia 1431
Tel. +3592 915 3531; Fax +3592 915 3525
e-mail:
kzld@government.bg, kzld@cpdp.bg

Cyprus

Commissioner for Personal Data Protection
Mrs Panayiota Polychronidou
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456; Fax +357 22 304 565
e-mail:
commissioner@dataprotection.gov.cy

Czech Republic

The Office for Personal Data Protection
Urad pro ochranu osobnich udaju
Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111; Fax +420 234 665 444
e-mail:
posta@uoou.cz

Denmark

Datatilsynet
Borgergade 28, 5
1300 Copenhagen K
Tel. +45 33 1932 00; Fax +45 33 19 32 18
e-mail:
dt@datatilsynet.dk

Estonia

Estonian Data Protection Inspectorate
(Andmekaitse Inspektsioon)
Director General: Mr Viljar Peep (Ph.D)
Väike-Ameerika 19
10129 Tallinn
Tel.
+372 6274 135; Fax +372 6274 137
e-mail: viljar.peep@aki.ee

Finland

Office of the Data Protection
Ombudsman
P.O. Box 315
FIN-00181 Helsinki
Tel.
+358 10 3666 700; Fax +358 10 3666 735
e-mail:
tietosuoja@om.fi

France

Commission Nationale de l’Informatique et des Libertés
8 rue Vivienne, CS 30223
F-75002 Paris, Cedex 02
Tel.
+33 1 53 73 22 22; Fax +33 1 53 73 22 00

Germany

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn
Tel.
+49 228 997799 0 or +49 228 81995 0
Fax +49 228 997799 550 or +49 228 81995 550
e-mail: poststelle@bfdi.bund.de

Greece

Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523
Ampelokipi Athens
Tel. +30 210 6475 600; Fax +30 210 6475 628
e-mail: contact@dpa.gr

Hungary

Data Protection Commissioner of Hungary
Parliamentary Commissioner for Data Protection and Freedom of Information: Dr András Jóri
Nádor u. 22.
1051 Budapest
Tel. +36 1 475 7186; Fax +36 1 269 3541
e-mail: adatved@obh.hu

Ireland

Data Protection Commissioner
Canal House
Station Road
Portarlington
Co. Laois
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800; Fax +353 57 868 4757
e-mail: info@dataprotection.ie

Italy

Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121
00186 Roma
Tel.
+39 06 69677 1; Fax +39 06 69677 785
e-mail: garante@garanteprivacy.it

Latvia

Data State Inspectorate
Director: Ms Signe Plumina
Blaumana str. 11/13-15
1011 Riga
Tel. +371 6722 3131; Fax +371 6722 3556
e-mail: info@dvi.gov.lv

Lithuania

State Data Protection
Inspectorate Director: Mr Algirdas Kunčinas
Žygimantų str. 11-6a
011042 Vilnius
Tel. + 370 5 279 14 45; Fax +370 5 261 94 94
e-mail: ada@ada.lt

Luxembourg

Commission nationale pour la protection des données
41 avenue de la Gare
1611 Luxembourg
Tel.
+352 2610 60 1; Fax +352 2610 60 29
e-mail: info@cnpd.lu

Malta

Office of the Data Protection Commissioner
Data Protection Commissioner: Mr Joseph Ebejer
2, Airways House
High Street, Sliema SLM 1549
Tel. +356 2328 7100; Fax +356 2328 7198
e-mail: commissioner.dataprotection@gov.mt

The Netherlands

College bescherming persoonsgegevens
Dutch Data Protection Authority
Juliana van Stolberglaan 4-10
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel. +31 70 888 8500; Fax +31 70 888 8501
e-mail: info@cbpweb.nl

Poland

The Bureau of the Inspector General for the Protection of Personal Data
Inspector General for Personal Data Protection: Mr Wojciech Rafał Wiewiórowski
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 860 70 81; Fax +48 22 860 70 90
e-mail: sekretariat@giodo.gov.pl

Portugal

Comissão Nacional de Protecção de Dados
R. de São.
Bento, 148-3°
1200-821 Lisboa
Tel. +351 21 392 84 00; Fax +351 21 397 68 32
e-mail: geral@cnpd.pt

Romania

The National Supervisory Authority for Personal Data Processing
President: Mrs Georgeta BASARABESCU
Str. Olari nr. 32
Sector 2, BUCUREŞTI
Cod poştal 024057
Tel. +40 21 252 5599; Fax +40 21 252 5757
e-mail: anspdcp@dataprotection.ro

Slovakia

Office for Personal Data Protection of the SR
President: Mr Gyula Veszelei
Odborárske námestie č. 3
817 60, Bratislava
Tel. + 421 2 5023 9418; Fax + 421 2 5023 9441
e-mail: statny.dozor@pdp.gov.sk or gyula.veszelei@pdp.gov.sk

Slovenia

Information Commissioner
Ms Natasa Pirc Musar
Vošnjakova 1
1000 Ljubljana
Tel.
+386 1 230 9730; Fax +386 1 230 9778
e-mail:
gp.ip@ip-rs.si

Spain

Agencia de Protección de Datos
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91399 6200; Fax +34 91455 5699
e-mail:
internacional@agpd.es

Sweden

Datainspektionen
Drottninggatan 29
5th Floor
Box 8114
104 20 Stockholm
Tel. +46 8 657 6100; Fax +46 8 652 8652
e-mail:
datainspektionen@datainspektionen.se

United Kingdom

The Office of the Information Commissioner Executive Department
Mr Christopher Graham
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 1 625 54 57 00

Stay posted as the next blog  post will bring you the individual EU National Data Protection legal act that transpose the Directive 95/46 into National Law.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Do you have any complaint? Did you know where to address in case of DP breach?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Data protection glossary (part 3)

December 12, 2011 Leave a comment

This is the last post of a series brought you by E-Crime Expert, that aims to make the readers and data subject familiar to the most common terminology in order to better understand and protect their personal data and privacy.

You could read the first post here and the second post here.

(R) Reliability (Information Security)

Reliability is the property of consistent intended behavior and results.

Residual Risk (Information Security)

Residual risks are the risks that remain after risk treatment or, in other words, after protective measures were introduced.

Right of rectification

Anyone can have incorrect data relating to him rectified free of charge, and have other data erased if they are irrelevant, incomplete or prohibited, or have the use of those data prohibited. If the controller does not react, the data subject may address the Commission, which will attempt to mediate. The data subject may also submit a complaint to the judicial police.

Right to object

You may always object to the use of your data, provided that you have serious reasons for this. You cannot object to a data processing operation that is required by a law or a regulatory provision, or that is necessary to perform a contract you have entered into. However, you always have the right to object to the illegitimate use of your data and can always object free of charge and without justification if your data are processed for direct marketing purposes.

To object you have to send a dated and signed request, including a document proving your identity (for example a copy of your identity card) to the controller by letter or by fax (a request by e-mail is only accepted with an electronic signature). The request can also be submitted on the spot. The controller then has one month to reply. If he fails to do so or if his reply is not convincing, you can address the Commission, which will try to mediate. You can also take your case to court.

Risk (Information Security)

A risk is the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization (for example a virus deleting a file). It is measured in terms of a combination of the probability of an event and its consequence.

A risk is characterized by two factors: the probability that an incident will occur and the gravity of the potential direct consequences and the indirect impact.

The risk can also depend on time: the situation can become worse after an incident if adjusting measures are not taken in time (for instance a software glitch infecting a database, spyware retrieving passwords, encrypted codes or pin numbers). That way, an innocent incident can have disastrous consequences.

Risk Management (Information Security)

Risk management identifies the most important risks and distinguishes between the risks that have to be taken care of and acceptable risks. It uses security resources that deal with the dangers for personal data according to a scale of priorities. The risk management process constitutes a cycle that is repeated depending on the particular characteristics of the systems and the identified risks. Risk management results in final processes and an updated security policy, and often also in adaptations to the organization and its procedures in order to better take into account possible new risks, as well as the measures that have been taken.

(S) Safe Harbor Principles

In consultation with the European Commission, the American Department of Commerce elaborated the Safe Harbor Principles, intended to facilitate the transfer of personal data from the European Union to theUnited States. If companies make a statement to the American Department of Commerce agreeing with these principles and declaring they are prepared to respect them (meaning, among other things, that the American Federal Trade Commission can check whether theyr respect these principles), they are considered as companies ensuring adequate safeguards for data protection.

Security measures (Information Security)

Security measures, also called “protective measures” or “security controls”, are procedures or decisions that limit risks. Security measures can be effective in several ways: by lessening possible dangers, correcting vulnerabilities or limiting the possible direct consequences or indirect impact. It is also possible to work with time: if incidents are traced better and sooner, action can be taken before the situation gets any worse.

Sensitive data

Certain personal data are more sensitive than others. An individual’s name and address are rather innocent data, but this does not hold true for his political opinions, sexual preferences or judicial past. The Privacy Law regulates registration and use of those sensitive data more strictly in comparison with other personal data.

Sensitive data relate to race, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, suspicions, persecutions and criminal or administrative convictions. In principle, processing such data is prohibited.

Standard Contractual Clauses

For persons wishing to transfer data outside the European Community, the European Commission has elaborated standard contractual clauses, which allow for a data transfer meeting the European legal conditions for data protection (article 25 ff of Directive 95/46/EC). In other words, the parties signing these contracts are considered as parties ensuring adequate safeguards for the protection of privacy.

(T) Threat (Information Security)

A threat is any unexpected event that can damage one of the enterprise’s assets and therefore prejudice personal data protection.

There are environmental threats (fire), technical threats (system failures) or human threats.
Human threats can be accidental (mistakes, forgetfulness, unadapted procedures) or intentional (harmful intent, intrusion, theft), internal (dissemination of information) or external (espionage).

(U) Unambiguous, free and informed consent

Consent is understood:

  • to have been freely given. In other words, the data subject was not pressurised to say “yes”;
  • to be specific, meaning that the consent relates to a well-defined processing operation;
  • to be informed. The data subject has received all useful information about the planned processing.

It is not necessary for the consent to be given in writing, but oral consent does create problems with the burden of proof in case of difficulties.

(V) Vulnerability (Information Security)

Vulnerability is the weakest link of an asset or a group of assets that can be exploited by one or more imminent dangers (developer’s mistake, wrong installation). In most cases vulnerability is due to the fact that an asset is not sufficiently protected, rather than to the asset itself.

Vulnerability in itself is not harmful to the organization. Only when an imminent danger can accidentally use the vulnerability and possible special circumstances, a damaging incident can occur.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Are you used to this terminology? Do you find it useful?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

%d bloggers like this: