Open Rights Group General Election Hustings

The Open Rights Group (ORG) in association with some other NGOs is organising a series of general election hustings in Brighton, Bristol and Manchester.  Details of the hustings are on the following meet Up pages:

Brighton : http://www.meetup.com/ORG-Brighton/events/221341373/

Bristol: http://www.meetup.com/ORG-Bristol/events/221436815/

Manchester: http://www.meetup.com/ORG-Manchester/events/221281329/

The reasons companies don’t fix cyber security

Following a series of high-profile losses of customer’s personal data suffered by major companies such as Sony, Home Depot and Target, Erik Sherman considers on the CBS Moneywatch website why companies do not improve IT security and safeguards for customer data.

The answer is that although the cost of remediation and fixes following such data leaks looks enormous to the average person, the financial impact on companies is negligible.  For example, when Target lost 40 million credit card numbers and 70 million other records, the cost after deductions was 105 million dollars which is less than 0.1 percent of the company’s revenue.

Even the reputational damage to companies from huge data losses seems relatively short-lived.  Following a major breach of Sony’s network the Ponemon Institute polled consumers every 48 hours to check the company’s reputation.  After less than six months the Sony’s reputation had recovered its place to where it was prior to the breach.

Hospital staff breached rules to view colleague’s medical records

Neal Keeling reports in the Manchester Evening News that an investigation has been launched after scores of hospital staff at Salford Royal Hospital allegedly broke data protection rules to look at a colleague’s medical records.

The person’s records were accessed via the Electronic Patients Record system which was installed two years ago.  Some 7,000 health care professionals have access to the system which is supposed to have a high level of security control, with users receiving formal training in information governance on an annual basis.

The member of staff whose records were viewed had been admitted to the hospital for treatment a few months ago and is now believed to have commenced legal action against the hospital.

The Intelligence and security Committee (ISC) Report into Surveillance in the UK

The Intelligence and Security Committee (ISC) has issued a report into surveillance by the security services in the United Kingdom.  The report titled “Privacy and Security: A modern and transparent legal framework” is the result of a review started by the ISC in 2013, following revelations by the former US Intelligence contractor Edward Snowdon about the extent of surveillance by UK and US intelligence services.

The report considers whether current legislation provides sufficient oversight and accountability and the impact of surveillance on privacy.  It concludes that there is a lack of transparency around surveillance which is not in the public interest.  This has come about due to the way the legal framework has developed in a piecemeal fashion.

The key recommendation of the report is that the current legal framework should be replaced by a single new Act of Parliament governing the intelligence and security agencies.

The report can be found here, or alternatively on the ISC website: http://isc.independent.gov.uk/