Archive

Archive for the ‘News’ Category

European Companies Preparing for Data Protection Overhaul

April 21, 2012 Leave a comment

The recently unveiled European Union (EU) data protection proposals call for hefty fines, new rules for reporting data breaches, large companies to appoint a data protection officer and several other regulations. Although the legislation has yet to be put into effect, many European enterprises are already planning ahead, making changes to their IT security strategies and policies.

The data protection proposal would enable the EU to fine companies in violation of the laws up to 2 percent of their global annual turnover. Combined with the increasing prevalence of cyberattacks and data breaches, the threat of severe financial punishment has prompted many businesses among EU member states to make continuous compliance an organizational priority.

According to a recent study by Tufin Technologies, 42 percent of network security managers believe the EU proposal has led to heightened risk awareness in their organization. Additionally, 34 percent of respondents said their attitude toward continuous compliance has changed due to the data protection legislation, and 54 percent said automating compliance audits would help reduce the risk of violating the regulations, potentially saving the company from being fined.

“While 29 percent of respondents have partially automated compliance audits, those processes that are not automated run the risk falling out of compliance the moment after the auditor signs off on the audit,” said Shaul Efraim, vice president of marketing and business development for Tufin.

The report said respondents provided vastly different answers regarding best practices in reducing the risk of noncompliance. According to Tufin, some IT security professionals said a strict regulatory compliance strategy that includes a comprehensive data security awareness program would help organizations meet EU compliance standards.

While the proposed legislation may cause headaches for enterprise compliance officers and other IT professionals, the EU and Justice Commissioner Viviane Reding are confident the laws will facilitate stronger data protection standards for government organizations, businesses and consumers.

“Seventeen years ago less than 1 percent of Europeans used the internet,” Reding said. “Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds. The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data.”

Reding said the presented changes to the existing policy will save businesses around €2.3 billion per year by providing them with a single set of rules and one data protection authority to report to, reducing costs related to paperwork and other compliance expenses. Meanwhile, enterprises will be required to notify authorities about data breaches as quickly as possible – within 24 hours if feasible. Also, companies with more than 250 employees will have to appoint an independent data protection officer.

With the new regulations requiring organizations to quickly report data breaches, and large fines for companies that fail to do so, it’s essential for IT decision-makers to consider implementing security solutions capable of detecting and eliminating advanced threats before a major breach occurs. Some IT security providers offer integrated, state-of-the-art systems that can analyze security events in real time, giving enterprises the ability reduce costs, efficiently detect threats and decrease risk. These advanced solutions can also help organizations meet regulatory compliance standards by encrypting critical data, controlling access and constantly monitoring company networks, systems and endpoints.

The importance of data protection legislation, organizational policies and awareness is at an all-time high, as cyberattacks are more sophisticated and widespread adoption of mobile devices has opened the door for new threats. According to a recent global survey, 86 percent of IT professionals believe their job would be at risk if a data breach occurred, revealing yet another reason enterprises must develop better security and data protection plans.

Security News from SimplySecurity.com by Trend Micro

Advertisements

Ghanaian Parliament Passes Data Protection Bill

April 19, 2012 1 comment

After reports last July that the Data Protection Bill had been withdrawn from Ghana’s Parliament for adjustments, the bill was re-introduced and Parliament has passed the bill on February 10.  The Act, said to be awaiting presidential assent to be fully operational, is modeled upon European precedents and will set out the rights and responsibilities of data controllers, data processors and data subjects in relation to personal data, under the supervisory authority of a Data Protection Commission.  Ghana swore in a new President, John Atta Mills, a 64-year-old law professor, on January 8.

Five African Nationals Arrested for Fake Visas, Passports, and Counterfeit Currency

February 19, 2012 Leave a comment

Five foreign nationals from Africa in India, including a woman, were arrested in the national capital for allegedly providing fake passports and visas, police officials said Friday.

“Gabriel Olawale Ajisafe, Sunny Odigie Sunday, Enwere Okethukwa Kelvin Enwere from Nigeria, Karolin Cherotich from Kenya, Augustine John Johm Kwaku Kyare from Ghana were arrested Wednesday from the Golchha theatre in Daryaganj and Ganesh Nagar,” said an official from Delhi Police.

It is believed that there were at least two more similar units functioning out of west Delhi, a place that has a high concentration of foreigners.

Around 120 fake passports, 300 Visas, and $22,000 USD worth in counterfeit US currency were recovered from the accused. “The mastermind of the gang was identified as Gabriel Olawale Ajisafe, 52. Ajisafe has been residing in Delhi for the last 30 years,” police officials add.

Sources said the east Delhi gang had operated from rented apartments and kept shifting to avoid detection. The gang spread its “message” in a unique manner. “The gang would arrange for fake passports for a certain client and offered them nominal discounts (the charges were anywhere between Rs 10,000 and Rs 25,000) if they spread the word about their ‘good work’ to the rest of their contacts. The gang also kept in regular touch with Indian “touts“, who would inform the gang about potential clients from FRRO, the passport cell and even local courts,” claimed a source

The arrests come days after the cops busted one of the biggest such networks run by Pakistan-based Kana and recovered fake currencies with a face value of Rs 2.3 crore and believe that the gang can have links with the illegal immigration rackets operating from Nepal and Bangladesh. The gang has also been producing fake passports of African and European countries and rough estimates show that they had sent over 110 men out of the country using fake documents and currencies. Most of those who sought their help were African nationals, whose passports and other travel documents had been confiscated by the Indian authorities after they violated Indian laws.

“The printing was exquisite and they could even reproduce the impression of the water mark of the genuine US Dollar. The prepared fake passports of the African countries were provided to the citizens of African countries whose passports had either been impounded in criminal cases or they had entered India illegally through the neighboring countries. The accused used multimedia technology software like Autocad, Corel Draw and other software for preparing the counterfeit dollars and fake documents,” said additional DCP (crime) Sanjay Bhatia.

The suspects had been running their office from Ganesh Nagar in east Delhi for the last one year.

German police clearance may have been forged or faked

January 27, 2012 Leave a comment

A developing story out of New Zealand indicates a government inquiry has been launched into Kim Dotcom’s (born Kim Schmitz) residency as legal experts doubt his alleged clear criminal record.

Dotcom is a German-Finnish computer programmer and businessman who rose to prominence during the dot-com bubble and was convicted of insider trading and embezzlement in its aftermath. He is also known as the founder of Megaupload and its associated websites. He legally changed his surname to Dotcom circa 2005. On January 20, 2012, the New Zealand police placed him in custody under the charges of criminal copyright infringement in relation to his Megaupload website.

German law dictates Dotcom’s convictions should not have been wiped before 2017 and one lawyer believes he may have forged his way into New Zealand.

Arriving in New Zealand, every foreign national must present a police clearance form and until now New Zealand’s Prime Minister John Key has insisted Kim Dotcom’s was clean, but yesterday admitted their background checking process is flawed and that a Government inquiry is underway.

“There’s clearly an anomaly between the way the law is interpreted with tests between residency and the Overseas Investment Act because one looks at convictions and one looks at records and that’s a slightly different test,” says Prime Minister John Key.

Regardless of how the law was interpreted it’s clear that New Zealand’s residency and immigration background check program is severely flawed if source documents are not validated.

FTC Takes Action for False Claims of Safe Harbor Status

October 10, 2011 Leave a comment

Special Caution:
In preparing the following post we did some cursory research on screening companies listed on the U.S. Department of Commerce Safe Harbor List and found at least 15 companies “Not Current” on their certification status. If such companies still provide international service we would highly recommend updating the company’s certification with the Dept. of Commerce as soon as possible.

The Story

Late September it was reported that an online retailer was recently ordered from making misrepresentations that it is in voluntary compliance with the U.S. Safe Harbor Framework. The EU Data Protection Directives require EU member countries to implement legislation that prohibits the transfer of personal data outside the EU except to countries that the EU had found to have adequate laws requiring security and are equivalent to the EU’s privacy provisions. Defendants represented that they self-certified to the U.S. Dept. of Commerce that they complied with the Safe Harbor when, in  fact, the defendants never self-certified. The FTC’s consent judgment indicated that the representation was false and misleading and constituted a deceptive act or practice in violation of Section
5 of the FTC Act.

Recommendation to Screening Companies: Be sure if your organization claims to be Safe Harbor self-certified than be certain that the organization has in fact filed the proper self-certification registration with the U.S. Department of Commerce. Additionally, ensure the organization stays up to date with its annual re-certification requirements. Re-certificate is not automatic.

Categories: Data Protection Act, News

Canada Proposes PIPEDA Amendments – How will this impact employee screening?

October 10, 2011 Leave a comment

On September 29, 2011, the Canadian Parliament reintroduced amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) as Bill C-12, Safeguarding Canadians’ Personal Information Act.

The proposed changes serve to modernize the requirements for handling personal information, taking into account changes in technology as well as the limitations of the current legislation in the face of certain business realities.

Proposed Amendments
Bill C-12 proposes numerous amendments to PIPEDA. Of particular significance are
the following:

  • disclosure of personal information without consent in the context of business transactions;
  • exclusion of “business contact information” from the obligations in PIPEDA in certain circumstances; and
  • mandatory notification to the Privacy Commissioner and affected individuals of material breaches of PIPEDA.

Conclusion: the good news from our assessment for those companies operating within the guidelines of the US Safe Harbor as well as EU Data Protection Directives the new amendment should it pass will have little effect.

Recommendation: Ensure hiring staff in fact obtain copies of written consent from candidates to collect and subsequent permission prior to collecting and conducting any background checks on personnel.

ACG to participate in panel discussion at 29th Cambridge International Symposium on Economic Crime

April 18, 2011 Leave a comment

Aletheia Consulting Group’s managing principal Terry Corley to participate in workshop related to Issues surrounding law enforcement / private sector partnerships in background screening for employment purposes at the 29th Cambridge International Symposium on Economic Crime September 7, 2011.

The annual Cambridge Symposium is a truly unique event which over the years has made an unrivalled contribution to understanding the real issues involved in preventing and controlling economically motivated serious crime. As a respected and trusted international forum and network it has also made an impressive and meaningful contribution to fostering international co-operation and promoting mutual understanding and goodwill.

The Twenty–Ninth symposium will focus primarily on the responsibility of those who look after other people’s wealth, or who advise or oversee those who do, to identify and manage risk. In particular, we will concentrate on risks resulting from criminal and subversive activity and, perhaps perversely, those thrown up by laws and regulatory initiatives designed to attack criminal activity.

The programme is structured to provide a depth and breadth of opportunity – second to none, for those participating in the programme to become aware not only of existing, but also new threats, and how best to address them.

Those who are concerned to protect and promote the integrity and wellbeing of their national economy, institution or enterprise – or who are concerned to better understand the risks facing business today, cannot afford to miss this very special event.

Categories: News
%d bloggers like this: