Tag Archives: Privacy

BAE Systems launches “major update” to NetReveal platform for financial institutions

The latest version of BAE Systems’ NetReveal platform combines the best of advanced analytics and human expertise to enable financial institutions to effectively combat financial crime and fraud in an environment of rapidly evolving regulatory requirements and changing financial crime patterns.

Faced with increasing transactions, evolving regulations, a growing number of payment channels, customer friction, investigation challenges and strengthening privacy regimes, financial crime and fraud investigators are under pressure to make more confident and intelligence-led decisions and do so at an unprecedented pace.

Built on modernised modular technology, NetReveal addresses these challenges by working smarter and faster and supporting an intelligence-led approach:

Smarter: Profiling and detection against transactional data that commonly takes hours to process is now processed within 30 minutes (on average)

Faster: Advanced analytics with machine learning techniques improve operational performance by driving fewer false positives. Integrated Robotic Process Automation (RPA) means that routine tasks are automated, enabling investigators to focus more on high value strategic investigative work. The Real-Time Detection Engine helps institutions to keep pace with sophisticated criminals across growing digital channels

Intelligence-Led: Entity-based investigations deliver efficiency improvements of 20-30% on average by streamlining multiple detections into a single combined alert dashboard. Interactive lists also provide actionable information to adjudicate alerts effectively

BAESystems

Culmination of major investment

Rob Harrison, head of product and solutions for the financial services sector at BAE Systems Applied Intelligence, said: “This release is the culmination of major investment and engineering development of our financial crime platform and suite of solutions. We’ve focused on providing compliance and fraud teams with the latest advanced analytics, technology advancements and productivity improvements.”

Harrison added: “The latest version of NetReveal combines the best of human expertise and advanced analytics which we believe puts financial institutions in the strongest position possible to address the major market challenges of today, namely regulatory complexity and change, evolving fraud patterns, productivity and efficiency pressures and new risk management approaches.”

Julie Conroy, research director for the Aite Group’s Retail Banking practice, commented: “The use of RPA to improve financial crime operations significantly increases accuracy, reduces operational costs and enhances productivity. Given the growing data challenge, having the ability to advance investigator efficiency by reducing repetitive manual tasks, human error and, by extension, the number of false positives ultimately frees up time to focus on more strategic tasks.”

NetReveal is a single integrated platform for money laundering compliance and fraud prevention, enabling financial institutions to benefit from lower total cost of ownership across their compliance and fraud teams thanks to a single solution.

A comprehensive range of compliance and counter-fraud solutions can be deployed either individually or collectively.

Leave a comment

Filed under Risk Xtra

Shred-it proud to join ranks of UK’s Business Superbrands in 2019

Shred-it, the information security company, has been awarded Business Superbrand status for 2019. Shred-it’s protection solutions and services include secure document destruction, media destruction, branded goods and uniforms destruction as well as recycling services. It helps businesses to comply with legislation and ensures that customer, employee and confidential business information is protected at all times.

The Business Superbrands survey has been tracking the perception of a wide-range of business brands in the UK since 2001. This year’s research process, managed by The Centre for Brand Analysis (TCBA) in partnership with Dynata – one of the world’s leading data research companies – evaluated approximately 1,600 brands across 63 categories and involved 2,500 UK business professionals with an expert council comprising 24 senior business-to-business marketing leaders. Only the most highly-regarded brands from each category are awarded Superbrand status.

Unusually for an industry award, brands do not pay or apply to be considered. In order to provide a broad review of the market and identify the strongest brands in each category, all the key players in each sector need to be voted on. All voters were asked to judge brands against the three core factors inherent in a Superbrand, namely quality, reliability and distinction.

Shred-itBusinessSuperbrands2019

Additionally, brand perception and voting by individuals is also influenced by a range of both short and long-term factors, from the brand’s current profile to its latest marketing activities and new product and service developments, in turn affording an holistic picture of how brands are currently perceived.

Stephen Cheliotis, CEO of TCBA and chairman of Superbrands, commented: “In unsettled times, businesses that are well-regarded and possess a positive reputation benefit from competitive advantage over weaker branded rivals, providing greater immunity against short-term market volatility. Being perceived by buyers and influencers as a leading Business Superbrand is a positive business signal, while also recognition of the hard-work and dedication of the employees of each business attaining Superbrands status.”

Secure document and media destruction

Secure document and media destruction are critical in today’s data-driven environment as security compliance and risk management have become a critical part of the business landscape. This is duly reflected in a worldwide market that’s forecast to grow 8.7% to US$124 billion in 2019 (Source: Gartner Inc.). This is being driven by several factors including a greater and broader understanding of security risks and data breaches, privacy concerns and stricter regulation around data loss prevention as well as the need to view sensitive data and related systems as critical infrastructure.

ShreditTruck

Andrew Johnston, marketing and PR director (EMEA) for Shred-it, stated: “In an increasingly competitive market, Shred-it sought a clear point of differentiation to distinguish its offer. The business identified a number of key insights following research of its worldwide customer base which led to the brand’s positioning around the ‘We protect what matters’ strapline. Shred-it protects people, it protects customers, it protects brands and reputations and it protects the environment. This has enabled the brand to better focus its communications around the core idea of protection – the brand’s ‘red thread’ – which is transferable across markets, sectors and channels.”

The business has a one team, one goal motto with a customer first approach to ensure the safeguarding, understanding and management of confidential information. Shred-it’s values around excellence in service provision, depth of experience and sector knowledge, accountability and integrity, together with sustainability and continuous improvement underpin its market position.

*To learn more about Shred-it visit www.shredit.co.uk/superbrands or watch the video

Leave a comment

Filed under Risk Xtra

Jacksons Fencing shortlisted for Data Centre Physical Security and Fire Suppression Product of the Year category at coveted DCS Awards

Jacksons Fencing (one of the UK’s leading designers, manufacturers and installers of security fencing and access control systems) has been shortlisted as a finalist in the hotly-contested Data Centre Physical Security and Fire Suppression Product of the Year category at this year’s DCS Awards.

The DCS Awards were created to acknowledge and reward product designers, manufacturers, suppliers and providers operating in the Data Centre arena. They recognise the achievements of solution vendors and their business partners alike and, in 2016, encompass a wider range of both facilities and IT categories than ever before.

Print

The product selected by the panel is the Trident Jakoustic 3, an LPS 1175-certified perimeter fence designed, developed and manufactured by Jacksons Fencing. It’s the only timber-based fencing system that combines certified security ratings with acoustic barrier properties, and was designed specifically for sensitive applications where privacy, a discrete appearance and maximum protection against unauthorised access by cutting through, burrowing under and scaling over is required.

What makes Trident Jakoustic 3 ideal for applications in and around Data Centres is that it offers up to a 28 dB reduction in noise entering or migrating from a site. This is an important factor for a business operating 24/7, 365 days a year where generators for UPS and HVAC play an integral part in site operations.

Peter Jackson, CEO of Jacksons Fencing, commented: “It’s great to be recognised in the DCS Awards. It’s proof that, even in the Internet of Things obsessed world of data security, there’s recognition of the fact that, if you cannot protect the perimeter and manage access, you leave your facility, its staff and assets vulnerable to attack.”

*To cast your vote for Jacksons Fencing visit: http://www.dcsawards.com/voting.php 

**Voting closes on Friday 22 April

Leave a comment

Filed under Risk UK News, Uncategorized

“RIPA not fit for purpose” states Home Affairs Select Committee

The Regulation of Investigatory Powers Act (RIPA) 2000 – the legislation governing communications data – “needs a complete overhaul”. That’s the conclusion of the latest Home Affairs Select Committee report.

The Home Affairs Select Committee acknowledges the operational need for secrecy both during investigations and afterwards (so that investigative techniques more broadly are not disclosed). However, there has to be proper oversight and scrutiny. The Committee recommends that the Home Office uses the current review of the RIPA Code to ensure that law enforcement agencies discharge their RIPA powers properly.

The Committee noted that the Rt Hon Sir Paul Kennedy, the Interception of Communications Commissioner, launched an inquiry in October 2014 to determine whether the acquisition of communications data had been used to identify journalistic sources. He wrote to all chief constables and directed them, under Section 58(1) of RIPA, to provide him with details of all investigations that had used powers under Chapter 2 of Part I of RIPA to acquire communications data to identify journalistic sources. His office will undertake a full inquiry into these matters, report the findings to the Prime Minister and then publish them.

The Committee believes all local police forces must communicate openly and efficiently with the Commissioner regarding the information they give him about their work. The Committee considers that IOCCO should be given further resources to carry out its job in an effective and timely manner, particularly in respect of its inquiry into the use of RIPA powers regarding journalistic sources.

Keith Vaz MP: chairman of the Home Affairs Select Committee

Keith Vaz MP: chairman of the Home Affairs Select Committee

Updated Code of Practice

The Communications Data Code of Practice was drafted eight years ago and, unlike the interception or the Surveillance Code which were recently updated, contains no advice on dealing with professions that handle privileged information nor any guidelines on the use of confidential helplines.

The Committee notes Sir Paul’s recommendation to the Home Office concerning the need for improvements to the statistical requirements in the RIPA Code of Practice. It’s vital that the statistical requirements are enhanced so that the public can be better informed about the use which public authorities make of communications data.

On 15 October this year, the Home Secretary Theresa May announced that the Home Office was conducting a review of the use of RIPA in response to concerns over its deployment to access journalists’ phone records. The Government has stated that a revised Code will be published in draft form “this autumn” and will be subject to public consultation. With only 26 days until the New Year, the Home Affairs Select Committee has stated that the Home Office has failed to meet its own timetable.

Keith Vaz MP, chairman of the Home Affairs Select Committee, said: “RIPA is not fit for purpose. We were astonished that law enforcement agencies failed to routinely record the professions of individuals who have had their communications data accessed under the legislation. Using RIPA to access the telephone records of journalists is wrong and this practice must cease. The inevitable consequence is that this deters whistle-blowers from coming forward.”

Vaz continued: “The recording of information under RIPA is lamentably poor. The whole process appears secretive and disorganised without proper monitoring of what is being destroyed and what’s being retained. We’re concerned that the level of secrecy surrounding the use of RIPA allows investigating authorities to engage in acts which would be unacceptable in a democracy with inadequate oversight.”

Home Secretary Theresa May

Home Secretary Theresa May

In conclusion, Vaz explained: “The Home Office has failed to publish its review within its own timetable, and not for the first time. It should hold a full public consultation on an amended RIPA Code of Practice. Any updated advice should contain special provisions for dealing with privileged information such as journalistic material and material subject to legal privilege. It’s vital that the Home Office uses the current review of the RIPA Code to ensure that law enforcement agencies discharge their RIPA powers properly.”

Response from Liberty and Big Brother Watch

Responding to the Home Affairs Select Committee’s report on RIPA, Isabella Sankey – director of policy for Liberty – said: “The secret use of RIPA to investigate journalists’ sources will chill anyone who values free speech and a free press, but what’s really disturbing is that the abuses detailed in this damning report are the tip of the iceberg. Records about your phone calls and e-mails build up an incredibly detailed data picture of every single one of us – who we are, where we go and what we do.”

Sankey added: “We urgently need safeguards to stop this valuable data being accessed without judicial warrant. What we’re getting is the Government handing itself even more powers to snoop in the form of the ill-targeted Counter-Terrorism and Security Bill.”

Emma Carr, director of Big Brother Watch, said: “When a senior Parliamentary Committee says that the current legislation is not fit for purpose then this simply cannot be ignored. It’s now abundantly clear that the law is out of date, the oversight is weak and the recording of how the powers enshrined in RIPA are used is patchy at best. The public is right to expect better.”

Emma Carr: leader of Big Brother Watch

Emma Carr: director of Big Brother Watch

Carr continued: “The conclusion of the Committee that the level of secrecy surrounding the use of these powers is permitting investigations that are deemed ‘unacceptable in a democracy’ should make the defenders of these powers sit up and take notice. At present, the inadequacy and inconsistency of the records being kept by public authorities regarding the use of these powers is woefully inadequate. New laws would not be required to correct this.”

Big Brother Watch’s director said: “While this report concentrates on targeting journalists, it’s important to remember that thousands of members of the public have also been snooped on, with little opportunity for redress. If the police fail to use the existing powers correctly then it’s completely irresponsible for the Home Office to be planning on increasing those powers. Failure by the Government to address these serious points means we can already know that there will be many more innocent members of the public who will be wrongly spied on and accused. This is intolerable.”

Watch a video of Emma Carr being interviewed on this issue by BBC News:

Leave a comment

Filed under Risk UK News

‘Hire a hacker to solve cyber skills crisis’ urge UK companies

According to the latest research conducted by KPMG UK, companies admit they’re considering turning to ex-hackers in a bid to stay one step ahead of cyber criminals.

KPMG surveyed 300 senior IT and HR professionals in organisations employing 500-plus staff to assess how the corporate world is ‘skilling-up’ to protect itself against cyber security breaches. The survey reveals that many companies are becoming increasingly desperate as they struggle to hire the right people.

Nearly three quarters (74%) say they are facing new cyber security challenges which demand new cyber skills. For example, 70% admit their organisation ‘lacks data protection and privacy expertise’. The same proportion of companies are also wary about their organisation’s ability to assess incoming threats.

The majority are candid enough to admit that the shortfall exists because the skills needed to combat the cyber threat are different to those required for conventional IT security. In particular, 60% of respondents are worried about finding cyber experts who can effectively communicate with the business. This aspect is vital towards ensuring that the cyber threat is well understood by corporate leaders outside of the IT Department.

UK companies admit they are considering turning to ex-hackers in a bid to stay one step ahead of the cyber criminals

UK companies admit they are considering turning to ex-hackers in a bid to stay one step ahead of the cyber criminals

While 60% claim to have a strategy in place designed to deal with any skills gaps, it’s clear that there is a short supply of people with all the relevant skills. 57% of interviewees agree it has become more difficult to retain staff in specialised cyber skills in the past two years. The same number say the churn rate is higher in cyber than for IT skills while 52% agree there’s aggressive head-hunting going on in this arena.

According to KPMG’s research, the skills gap is forcing many companies to consider turning to ‘poachers turned game-keepers’ in order to keep up-to-speed. 53% of respondents say they would consider using a hacker to bring inside information to their security teams. Just over half (52%) would also consider recruiting an expert even if they had a previous criminal record.

Clear strategy for dealing with the skills gap

Commenting on the research findings, Serena Gonsalves-Fersch (head of KPMG’s Cyber Security Academy) explained: “Increasing awareness of the cyber threat means the majority of UK companies are clear on their strategy for dealing with any skills gaps. However, they wouldn’t hire pickpockets to be security officers so the very fact that companies are considering former hackers as recruits clearly shows how desperate they are to stay ahead of the game. With such an unwise choice on the menu, it’s encouraging to see other options on the table.”

Gonsalves-Fersch added: “Rather than relying on hackers to share their secrets, or throwing money at off-the-shelf programmes that quickly become out of date, UK companies need to take stock of their cyber defence capabilities and act on the gaps that are specific to their own security needs. It’s important to have the technical expertise in place, of course, but it’s just as important to translate that into the business environment in a language senior management can both understand and respond to in good time.”

KPMG surveyed 300 senior IT and HR professionals in organisations employing 500-plus staff to assess how the corporate world is ‘skilling-up’ to protect itself against cyber security breaches

KPMG surveyed 300 senior IT and HR professionals in organisations employing 500-plus staff to assess how the corporate world is ‘skilling-up’ to protect itself against cyber security breaches

The research comes as KPMG launches a new cyber awareness programme, offering cyber learning content across the organisation from the C-Suite through to recent graduates. It also includes a ‘bridging course’ designed to help IT and business departments understand the language and risks presented by today’s cyber threats.

1 Comment

Filed under Risk UK News

ICO Blog: ‘An updated CCTV Code of Practice fit for 2014 and beyond’

Jonathan Bamford – head of strategic liaison at the Information Commissioner’s Office (ICO) – discusses the ICO’s updated CCTV Code of Practice and outlines why a revised Code is required to meet the demands of modern society.

It’s nearly five months since I last wrote about the importance of having a CCTV Code fit for the demands of modern society. At that time the draft version of the Code was out for consultation. Now, all of your comments have been considered and our updated CCTV guidance is available on the ICO’s website.

The updated CCTV Code is one that’s truly fit for the times in which we live. The days of CCTV being limited to a video camera on a pole are long gone. Our new Code reflects the latest advances in surveillance technologies and their implementation, while also explaining the key data protection issues that those operating the equipment need to understand.

So what’s changed? Well, in some respects it’s a case of ‘keep calm and carry on’. The fundamental principles that need to be followed remain the same. People must be informed about the information being collected about them with relevant use of privacy notices and signage where required. The information also needs to be kept secure so that it doesn’t fall into the wrong hands, and effective retention and disposal schedules must be in place to make sure information is only kept for as long as necessary before it’s securely destroyed.

The ICO has updated its CCTV Code of Practice

The ICO has updated its CCTV Code of Practice

However, the Code must reflect the times. The pace of technological change since our CCTV guidance was last updated in 2008 – let alone when it was first published some 14 years ago – has been considerable. These advances bring with them new opportunities and challenges for making sure the technology continues to be used in compliance with the Data Protection Act.

One common theme from the enforcement action we’ve taken in relation to the use of surveillance cameras is that there needs to be a thorough privacy impact assessment. This needs to be conducted before deploying these increasingly powerful and potentially intrusive technologies. The Code will help operators to stay on the right side of the law and save them from wasting money and resources on non-compliant systems.

New and emerging surveillance technologies

The new and emerging technologies section of the updated Code covers the key surveillance technologies that we believe will become increasingly popular in the years ahead.

A number of organisations are starting to use body-worn video. These small, inconspicuous devices can record both sound and images. This can mean that they are capable of being much more intrusive than traditional town centre CCTV. On that basis, their use needs to be well justified with safeguards put in place such as to ensure they are not used when they’re not needed. There must be strong security in case the devices fall into the wrong hands. The Code details specific guidance to help deal with the challenges of using these new devices.

The guidance also considers technologies that are not currently commonplace, but which may prove increasingly popular in future. Just last month, the Civil Aviation Authority released figures showing that over 300 companies have now been given permission to operate UAS (Unmanned Aerial Surveillance) in the UK. This figure has risen by a third within the last 12 months alone. Many of these devices can now be bought for a few hundred pounds and can record imagery. There’s important guidance on how they can be used by organisations to record personal information.

Recreational users are also encouraged to operate UAS responsibly. For example, recording should be restricted and only carried out in controlled areas where people are informed that monitoring may be taking place. It’s important that organisations understand these obligations at an early stage if they’re to remain on the right side of the law.

Jonathan Bamford: head of strategic liaison at the ICO

Jonathan Bamford: head of strategic liaison at the ICO

The updated CCTV Code also addresses long-standing issues where the consultation responses have shown that further clarification of the law is required. One such issue is the need for operators to comply with subject access requests. These requests are an important right enshrined in the Data Protection Act and allow individuals to request a record of any personal information that an organisation holds about them. This includes CCTV footage capturing their image.

However, these requests have been causing a great deal of confusion, particularly for smaller operators unaware of this area of the law. The new CCTV guide includes an expanded section explaining how these requests should be handled, when the information should be given out and details of the statutory deadline of 40 days by which time operators have to provide a full response.

Complementing the Surveillance Camera Code of Practice

We’ve designed our guidance to complement the Surveillance Camera Code of Practice published under the Protection of Freedoms Act 2012. The Surveillance Camera Code’s ‘Guiding Principles’ apply to police forces, Police and Crime Commissioners and local authorities in England and Wales as described in the Act, and contain advice about recommended operational and technical standards that others may find useful.

The technology may change but the principles of the Data Protection Act remain the same. CCTV and other surveillance systems need to be proportionate, justifiable and secure in order to be compliant.

The updated ICO Code will help to make sure that this situation continues for the years ahead.

Leave a comment

Filed under Risk UK News

GPEN survey finds 85% of mobile apps fail to provide basic privacy information

A survey of over 1,200 mobile apps by 26 privacy regulators from across the world has shown that a high number of apps are accessing large amounts of personal information without adequately explaining how people’s data is being used.

The survey by the Global Privacy Enforcement Network (GPEN) examined the privacy information provided by 1,211 mobile apps. As a member of GPEN, the UK’s Information Commissioner’s Office examined 50 of the top apps released by UK developers.

The key findings of the research are as follows:

*85% of the apps surveyed failed to clearly explain how they were collecting, using and disclosing personal information
*More than half (59%) of the apps left users struggling to find basic privacy information
*Almost one-in-three apps appeared to request an excessive number of permissions to access additional personal information
*43% of the apps failed to tailor privacy communications to the small screen, either by providing information in a too small print or by hiding the information in lengthy privacy policies that required scrolling or clicking through multiple pages

A survey of over 1,200 mobile apps by 26 privacy regulators from across the world has shown that a high number of apps are accessing large amounts of personal information without adequately explaining how people’s information is being used

A survey of over 1,200 mobile apps by 26 privacy regulators from across the world has shown that a high number of apps are accessing large amounts of personal information without adequately explaining how people’s information is being used

Examples of good practice

The research did find examples of good practice, with some apps providing a basic explanation of how personal information is being used, including links to more detailed information if the individual wants to know more.

The regulators were also impressed by the use of just-in-time notifications on certain apps that informed users of the potential collection (or use) of personal data as it was about to happen. These approaches make it easier for people to understand how their information is being used and when.

ICO group manager for technology, Simon Rice, commented: “Apps are becoming central to our lives, so it’s important we understand how they work and what they are doing with our information. These results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer.”

Rice added: “The ICO and the other GPEN members will be writing to those developers where there is clear room for improvement. We will also be publishing guidance to explain the steps people can take to help protect their information when using mobile apps.”

The ICO has published its Privacy in Mobile Apps guidance to help app developers in the UK handle people’s information correctly and meet their requirements under the Data Protection Act 1998. The guidance includes advice on informing people how their information will be used.

Research carried out last year to support the guidance’s launch showed that 49% of app users have decided not to download an app due to privacy concerns.

View the full results of the GPEN survey

Leave a comment

Filed under Risk UK News