Monday, 29 September 2008

Germany and UK want global financial regulator

The UK and Germany believe that a new international system regulating the financial sector must be constructed to prevent a repeat of global banking crisis in the future.

Peter Steinbrueck, Germany's Social-Democrat finance minister, raised on Sunday (21 September) the idea of "an international authority that will make the traffic rules for financial markets," while speaking to German radio, Reuters reports.

Meanwhile, UK Prime Minister Gordon Brown is to outline proposals for just such a body, run under the authority of the International Monetary fund, in a speech to the Labour Party conference on Monday, as well as domestic plans to crack down on "irresponsible" bonuses handed out in the City, London's financial quarter.

"I think what people haven't appreciated is we've now got global financial systems but we've only got national regulators to cover them," Mr Brown told the BBC ahead of the speech, adding that he had been trying to convince his international counterparts for years of the need for "a global system of financial regulation."

His finance minister, Alistair Darling, according to the country's Guardian newspaper, is also set to tell his fellow Labour Party members: "Just as one government alone cannot combat global terrorism, just as one government alone cannot combat climate change, so one government alone cannot deal with the consequences of globalisation."

Continue reading here: http://euobserver.com/9/26784?print=1

Workshop"International Transfers of Personal Data", Brussels

The European Commission organises on 21 October 2008 in Brussels a Workshop on International Transfers of Personal Data jointly with the Article 29 Data Protection Working Party - the independent EU Advisory Body on Data Protection and Privacy - and the United States Department of Commerce's International Trade Administration.

This Workshop is a follow up of the previous Conferences held in Brussels in October 2006 and in Washington in October 2007 organised by the European Commission, the Working Party and the US Department of Commerce.

More information on the programme. (PDF File 69 KB)
For further information, please contact: JLS-DP-CONFERENCE@ec.europa.eu.

Friday, 26 September 2008

How do you sell security to the CEO?

How do you open the CEO’s eyes for security? EU Agency report launched on how to get support and funding for security initiatives from corporate executives. How do you get the CEO to open the wallet?

The EU Agency ENISA (The European Network and Information Security Agency) launches a report on how to convince the CEO to support and invest in security initiatives. The Agency issues 9 recommendations on how to overcome obstacles, identifies 7 hands-on advice to get a buy-in in a senior management meeting, and gives 5 cases studies to identify key problems, issues and solutions in the report ‘Obtaining support and funding from senior management’ for awareness raising initiatives.

The cost of lost data due to human errors is almost 30% according to Pepperdine University, (where 40% is attributed to hardware failure, and software corruption/viruses amounts to only 19%). So how do you get your CEO to understand that security and the ‘soft’ element of awareness raising is crucial for business, and to open the corporate coffers for investments? The ENISA paper points out obstacles and challenges to obtain support and funding from senior management and provides practical advice on how to overcome these issues during the planning and implementation phases of an information security programme.
Five areas are identified as being crucial to obtain corporate security investments, in brief:
1. Define the investment rationale and the right stakeholders.
2. Build a persuasive business case to make senior management better understand the value of the investment to obtain funding and commitment.
3. Estimation of programme costs: allows organisations to identify the most common expenses which may incur and make rough estimates.
4. Linking business benefits to an information security initiative, define and calculate performance metrics.
5. Detail a typical path to face a corporate executive in a senior management briefing.

Effective communication is critical: the right information should be delivered at the right time, in the right manner, preferably 6-12 months ahead the project.

According to the Executive Director of ENISA, Mr. Andrea Pirotti:
"Making CEO’s understand that security is crucial for business and a corporate matter, not merely an ICT issue, is key, but not a trivial exercise. This is a guide for European business how to anchor the Return Of Investments in security and make it to a business case."

For further details: http://www.enisa.europa.eu/

Thursday, 25 September 2008

Article 29 Data Protection Working Party reacts to Google's reply to the Opinion on data protection issues related to search engines

In reaction to the opinion of the Article 29 Working Party on search engines, Google reaffirmed its wish to collaborate with European data protectionauthorities and announced that it will reduce its retention period to 9 months. But in substance, Google refuses for the moment to submit to the Europeandata protection law.
__________________

On April 4, 2008, the Article 29 Working Party published an opinion on search engines,reaffirming the applicability of the European data protection law, recommending a maximumretention period of 6 months and indicating that web users must be able to provide consent to the exploitation of their data in particular for profiling purposes.Google answered to this opinion on September 8, 2008, by reaffirming its interest for a better consideration of data protection. Two significant modifications were announced on thisoccasion:
1. From now on, IP addresses associated with the requests carried out on the searchengine will be anonymized after 9 months (instead of 18 as it is now the case) ;
2. A link to Google’s privacy policy appears on its homepage.

Alex TÜRK, Chairman of the Article 29 Working Party and the French Data Protection Authority (CNIL), takes note of this improvement with satisfaction. M. TÜRK also notes thecommitment of Google to collaborate with data protection authorities and its efforts to inform its users about data protection issues using clear and innovative tools.

However, he considers that strong disagreements remain. In particular, Google:
- considers that the European law on data protection is not applicable to itself, even though Google has servers and establishments in Europe;
- wishes to retain personal data of users beyond the 6 months period requested by the Article 29 Working Party, without any justification;
- does not make any improvement to its anonymization mechanisms, which are still insufficient;
- considers that IP addresses are confidential data but not personal data, which prevents granting certain rights to its users,
- does not express the willingness to improve and clarify the methods that are used to gather the consent of its users.

In conclusion, despite some progress, significant work must still be carried out to guarantee the rights of internet users and to ensure the respect of their privacy. In this perspective, theArticle 29 Working Party will lead hearings with Google to discuss the points of dissension.

For the press release, go to: http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_16_09_08_en.pdf
For more on EU data protection, go to: http://ec.europa.eu/justice_home/fsj/privacy/news/index_en.htm

Wednesday, 24 September 2008

ARMA International presents Records and Information Management: You, Your Organisation, and the Profession

The next organised opportunity for European members to meet will be on 6 November 2008 in Brussels when ARMA International presents Records and Information Management: You, Your Organisation, and the Profession

The agenda will include topics such as:

  • Future trends in RIM
  • The link between RIM and enterprise risk management
  • The importance of collaboration between RIM, IT, Security and Legal
  • Advancing your RIM career, including the role of competencies and professional certification

Registration

Members: EUR 90 (+VAT)*
Non Members EUR 130 (+VAT)*

*Includes evening dinner and refreshments


The fee for non members includes a EUR 50 credit toward other participation in other ARMA International events in Europe. Click here to join ARMA and get a discount on every ARMA event and enjoy the benefits of being a member of the largest global professional society for records and information managers.

Registration information will be made available soon. To pre-register and reserve a place, please send an email to Europe@arma.org

Join the LinkedIn Group for ARMA International members in Europe

Join the LinkedIn Group for ARMA International members in Europe. This group will allow you to strengthen your professional network, interact with your professional peers and exchange ideas, information and best practices.

To join, please click here: http://www.linkedin.com/e/gis/893797

ARMA International Board Approves Formation of European Group

Over the past couple of years ARMA International has increased its efforts to promote the records and information management profession and principles in Europe. As a result, we have seen increased interest at the policy-making level as well as the individual professional level. The association has been approached about forming an official entity in Europe that would allow individuals to affiliate more closely with ARMA International as members.

The Board of Directors approved the formation of a group in Europe at its May meeting. This group is being formed as a catalyst for current and future members in Europe to network, convene local education programs, and provide broader dissemination of regulatory and policy information provided through ARMA International’s EU Policy Brief, for example.

It also opens the possibility for the creation of local Chapters where this is desired. For more information on how to create a chapter in your area, please contact Tom Killam, Director of Members Services at ARMA HQ at tkillam@arma.org.