Workshop on the Data Retention Directive

Job posting

The BBC is looking for an Advisor, Information Policy & Compliance

Click here for more information: http://jobs.bbc.co.uk/fe/tpl_bbc01.asp?newms=jj&id=25171&aid=15571

Updated Agenda ARMA EU Roundtable

The latest agenda of ARMA's 3rd EU Roundtable on Information Govezrnance and Records Management which will take place in Brussels on 7 November is available here: http://www.arma.org/brusselsroundtable/. To register your participation, please click here: https://www.agsreg.com/arma_international/registration.php?e=1679091c5a880faf6fb5e6087eb1b2dc

This exclusive event will involve key policy makers from the European Union institutions as well as relevant stakeholders and will include presentations by noted experts in the Information Management field, with open dialogue by participants. Issues which will be addressed include:
· Transparency: The review of the Regulation 1049/2001 on access to documents - Access to third party documents and information
· The Markets in Financial Instruments Directive (MiFID): Records Management Compliance for multinationals
· E-Health Interoperability - Challenges for records and information management
· The Internet of the Future - The internet of "things" and privacy considerations

ENISA workshop on "Improving the resilience of public eCommunications networks", 12-13 November, Brussels

THe EU Network and Information Security Agency (ENISA) is organising a workshop on “Improving Resilience in European e-Communication Networks - Putting the pieces together”. the egenda is now available at http://www.enisa.europa.eu/sta/workshop2008.
The workshop will be held at Brussels on 12-13 November, 2008, and is organised in the
context of ENISA’s Multi-annual Thematic Program (MTP) http://www.enisa.europa.eu/doc/pdf/management_board/decisions/enisa_wp_desig_ver_2008.pdf with the overall aim to evaluate and improve the resilience of public eCommunications networks in Europe.

Legal blow to opponents of data retention bill

The European Court of Justice advocate general on Tuesday (14 October) delivered a blow to member states hoping to overturn an EU law on harmonising telephone and internet data retention rules, saying the case is an internal market matter, not a justice and home affairs issue.
The directive - which was approved by a qualified majority of EU states in February 2006 - sets a time period of six months to two years during which telecom operators are to keep phone and internet data, in the name of fighting terrorism and crime and increasing security.

Irish telecoms operators and internet service providers currently face tougher rules and must keep the data for up to three years, according to the Irish Times. Consequently, Ireland, backed in its position by Slovakia, wanted the rules to be subject to justice and home affairs provisions, rather than to internal market ones.

In the realm of justice and home affairs, a unanimity of member states is needed for directives to be approved, whereas a qualified majority of EU countries is sufficient to pass an internal market one.

But EU advocate general Yves Bot on Tuesday "invite[d] the court to dismiss the action, taking the view that the directive was correctly based on the EC Treaty," a court press release reads.
Mr Bot estimates that the bill "does not contain any provisions liable to come within the notion of 'police and judicial co-operation in criminal matters'," and is primarily an internal market issue.
"As regards Ireland's argument that the sole or main purpose of the directive is the investigation, detection and prosecution of serious crime, the advocate general … considers that the mere fact that the directive refers to such an objective is not sufficient for a finding that it is an act falling within the area covered by police and judicial co-operation in criminal matters," according to the court's press release.

The advocate general's opinion is not binding on the court, but is however adhered to by the ECJ in around 80 percent of all cases. A date for the ECJ's ruling has not been set at this stage.

From www.EUobserver.com

Job posting

Geneva School of Business Administration

Le département Information documentaire cherche: Un-e professeur-e HES en archivistique et en records management ou Un-e chargé-e d'enseignement HES en archivistique et en records management

Taux d'activité: 100%

Mission

• Enseignement dans le domaine de l’archivistique et du records management,selon expérience, et ce, dans les formations de base Bachelor voire Masteret les formations continues (MAS-DAS-CAS) ;
• Responsabilité du volet archivistique et records management de la formation ;• Direction et encadrement de travaux d'étudiants (projets et travaux de find'études) ;
• Tâches de gestion et d'organisation liées au domaine d'enseignement et derecherche ;

Pour le poste de professeur-e HES :

• Conduite de projets de recherche appliquée et de prestations de service pour les milieux professionnels et les entreprises

Profil

• Diplôme d'une haute école en information documentaire (volet archivistiqueou RM) ou titre jugé équivalent, complété par un 2e cycle, 3e cycle souhaité
• Expérience professionnelle de plusieurs années
• Expérience d’enseignement dans le domaine de la formation supérieure
• Capacité d'intégration dans un environnement en pleine mutation
• Motivation à travailler en équipe et à porter une ambition commune
• Facilité de rédaction en français. Si possible, connaissance de l'allemandet/ou de l'anglais

Pour le poste de professeur-e HES :

• Expérience avérée dans la conduite de projets de recherche appliquée et demandats, si possible au niveau international

Délai de candidature
14 novembre 2008

Entrée en fonction
1er février 2009 (à discuter)

La HEG examine les candidatures dans une perspective de parité. Les dossiers de candidature complets sont à adresser à :Mme Magali Dubosson Torbay, directrice – Haute école de gestion de GenèveCampus Battelle – bât. F. – 7, rte de Drize – CH-1227 CarougeRenseignements : Yolande Estermann Wiskott, responsable du département Information documentaire+41 22 388 17 53 yolande.estermann@hesge.ch

Reding: EU to govern Internet of the future

The European Commission will roll out a range of initiatives in the coming months to promote the Internet of the Future, while remaining highly vigilant in protecting citizens and networks, Information Society Commissioner Viviane Reding told EurActiv in an interview.

The EU executive identified the following key topics to be addressed by 2009 in to prepare Europe to the new generation of the Internet: the early challenges of the Internet of Things, rolling out Next Generation Access Networks, opening radio spectrum to wireless services, broadband for all, security of critical communication infrastructure, privacy concerns related to the massive deployment of Radio Frequency Identification (RFID) tags and Internet governance.

Speaking at the Internet of Things conference organised by the French EU Presidency in Nice on 6-7 October, Commissioner Reding outlined told EurActiv what she expected would be the main challenges ahead.

First of all, Brussels wants to pave the way for possibly the biggest revolution that the Web has ever seen: the emergence of an Internet of Things, whereby objects have a virtual identity and communicate between each other to provide services of every kind, from healthcare to transport security.

At the end of September, the Commission opened a public debate on the main issues related to the Internet of Things, publishing a position document . In November, a recommendation is expected on the privacy and security risks linked to the deployment of RFID tags, the technology at the core of the Internet of Things. Commissioner Reding wants to maintain a fair balance between the promotion of RFID and the new societal risks posed by society (EurActiv 06/10/08).

In early 2009, the EU executive is due to publish definitve guidelines for the roll-out of Next Generation Access Networks, the key infrastructure for a future Internet based on data-hungry services (EurActiv 19/09/08). A review of radio spectrum is also ongoing, so as to exploit the so-called 'digital dividend' which will result from the switch from analogue to digital TV by 2012. The target is to increase the provision of wireless and mobile Internet services and, as a result, broadband penetration in Europe.

Protection of critical online infrastructure, such as networks or key servers, is also high on the Commission's agenda. To avoid cyber-attacks such as that which hit Estonian public Internet services in 2007, the EU executive will propose concrete action at EU level in a document to be published in 2009 (EurActiv 09/04/08).

The global governance of the Internet and its next developments is also considered crucial by Brussels, with Reding explicitly aiming to challenge US control of many key elements of the Net.
To read the full text of the interview, please click here.

Links
European Union
European Commission: Communication on future actions of the Commission on Internet issues (29 September 2008)
European Commission: Working document on the early challenges regarding the Internet of Things (29 September 2008)
European Commission: Draft recommendation on NGANs (18 September 2008)
EU French Presidency: Conference on the Internet of Things, the Internet of the future (6-7 October 2008) [FR]

From euractiv.com

Public comment period for eHEALTH Standardization

CEN, CENELEC, and ETSI, the three European Standards Organizations (ESOs) announce the launch of a public comment period for the final draft report of the joint project ‘eHEALTH-INTEROP’, which will address the requirements of the European Commission mandate on standardization in the field of e-health. This mandate (M/403) aims to provide a consistent set of standards to address the needs of this rapidly evolving field. The report includes the result of an inventory of existing standards from the many different organizations in the sector, including international formal bodies and industry standards consortia. An analysis of sector needs and recommendations for specific standards development has subsequently been carried out, and a first draft of a work program has been included that reflects the need for coherent, cost-effective, and secure provision of electronic healthcare services.

Currently, public consultation on the draft work programme and final reporting to the European Commission is possible. The draft report is available on the website: www.ehealth-interop.nen.nl
On 7 November, an Open Meeting will be organized in Copenhagen to discuss amendments. The draft agenda is available at www.ehealth-interop.nen.nl/publicaties/2899.

For more information, please contact Ms. Shirin Golyardi, NEN, shirin.golyardi@nen.nl.

EDPS decision on the right of access to and rectification of medical file

On 14 November 2007, an employee of the European Parliament submitted a complaint to the European Data Protection Supervisor (EDPS) claiming that she was denied to exercise her right of access and rectification to her medical file by the Sick Leave Management Unit of the Parliament.

In his legal analysis, the EDPS gave inter alia a non-restrictive interpretation of Article 13 of Regulation (EC) No. 45/2001 (right of access) and held that the complainant did not only have the right of access to her medical file but also the right to obtain a copy or photocopy without any limitation in terms of copies of her own medical data. With regard to the right of rectification of her data, the EDPS stressed that although it is impossible to rectify medical appreciations, the complainant should have the right to keep her medical file up to date by adding other medical opinions. As to the complainant's request to transfer her medical file to the doctor appointed by her, the EDPS considered that the necessity of such transfer was demonstrated by her explicit consent, which also proved that it could not have prejudiced the data subject's legitimate interests.

The EDPS concluded that the Parliament:

• had not respected the 3 month deadline foreseen in Article 13 of the Regulation according to which the complainant should have been granted access to her medical file;
• had refused to allow the complainant to make photocopies of her medical file without a legal basis contrary to Article 13;
• had not granted the complainant the right to rectify her data so that all data in her medical file are complete and kept up to date, in violation of Articles 14 and 4(d); and
• had refused to transfer the complainant's complete medical file to the doctor appointed by her in infringement of Article 8 (transfer of data).

In the light of the above, the EDPS urged the Parliament to ensure that the complainant's rights are fully respected. The EDPS decision on this complaint was of a particular interest for the Parliament's trade union SFIE which sent an e-mail to the staff of the European Parliament citing the EDPS recommendations.

For more, go to http://www.edps.europa.eu/

EU privacy advisory body looking at e-discovery

The Article 29 Working Party subgroup dealing with E-discovery met in September to discuss this transborder issue. A draft working paper should be proposed for discussion and possible adoption at the next plenary session of the Article 29 Working Party in December.

The Article 29 Working Party on the Protection of Individuals with regard to the Processing of Personal Data is an independent advisory body on data protection and privacy, set up under Article 29 of the Data Protection Directive 95/46/EC. It is composed of representatives from the national data protection authorities of the EU Member States, the European Data Protection Supervisor and the European Commission. Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC. The WP is competent to examine questions covering the application of the national measures adopted under the data protection directives in order to contribute to the uniform application of the directives. It carries out this task by issuing recommendations, opinions and working documents.

http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/index_en.htm

EU to pave way for deployment of smart tags

From Euractiv.com

The French EU Presidency will today (6 October) hold a high-level conference dedicated to building the so-called 'Internet of Things'. The meeting comes as the Commission prepares to present measures aimed at overcoming privacy concerns related to the use of the Radio Frequency Identification (RFID) microchips that are expected to lead the technological revolution.

Brussels considers the creation of the 'Internet of Things' as a key priority as it could provide solutions for a wide range of societal problems, such as ageing populations.

In a future world where ubiquitous tags and sensors would be attached to everything from letters to walls or clothes, the Commission believes many things will be possible. "A blind person might see," said one information society expert at the EU executive.

Indeed, according to the 'Internet of Things' vision, objects could communicate among themselves, for instance allowing a blind person to walk down a street knowing exactly what is around him. "This would be done by using a tag reader, able to detect and read the information contained in tags disseminated everywhere," added the expert.

Elderly people could also benefit from household goods that anticipate their needs and requests, such a fridge which orders more eggs from the supermarket once they have run out, or clothes capable of constantly measuring key health indicators, like blood pressure or heartbeat.

However, the use of RFID chips also raises concerns regarding the privacy and security of carried information, as tags could contain personal details potentially exploitable by anyone equipped with a tag reader.

To address these concerns, the Commission will present, in November, a recommendation to member states encouraging them to adopt initial measures to make people more aware of the existence of RFID embedded in objects or rooms, and to avoid misuse of the new technology.
According to the upcoming recommendation, a draft of which has been circulating since April 2008 (EurActiv 26/02/08), all companies interested in using RFID, from airlines to retailers, will have to draw up a 'privacy impact assessment' to verify the potential privacy-related risks of the devices they are using.

What's more, retailers, such as Carrefour or Metro, will be required to de-activate any tags attached to items they sell once the buyer leaves their stores. However, retailers are already resisting such a measure for fear that it will push up their costs and act as a disincentive to the deployment of tags, EurActiv has learnt.

The Commission will also propose two harmonised logos to indicate the presence of RFID in products and tag-filled environments. Awareness-raising campaigns will also be organised and funding is envisaged for projects aimed at developing privacy and security-friendly tag designs.
But the RFID revolution still appears distant, hampered not only by privacy and security concerns but also by a lack of international standards. Technical skills are also lacking, with the software industry pointing out that Europe would be incapable of coping with massive deployment of RFID due to a lack of qualified engineers to deal with tags.

In September, the EU executive launched a public consultation on the "early challenges of the Internet of Things," which is expected to result in the publication of an official document in the second quarter of 2009.

For more, go to http://www.euractiv.com/en/infosociety/eu-pave-way-deployment-smart-tags/article-175998

Deutsche Telekom Says Data From 17 Million Customers Was Stolen

Deutsche Telekom has confirmed that personal information from 17 million of its mobile phone customers was stolen in 2006, including secret telephone numbers of high-profile politicians and celebrities.

Deutsche Telekom said the stolen data includes customer mobile phone numbers, addresses, dates of birth and, in some cases, email addresses. Bank information or credit card numbers were not accessed, said the Bonn-based firm.

There has reportedly been no indication that the data has been misused, though the Telekom said "extreme criminal energy" was behind the theft.

German newsmagazine Spiegel reported on Saturday, Oct. 4, that is had obtained access to the missing information via a third party. The news apparently came as a surprise to Deutsche Telekom, where the case was considered closed.

"We had assumed that this data had been fully secured as part of an investigation by the district attorney," Philipp Humm, director of Deutsche Telekom's mobile phone division T-Mobile, said in a statement. Data security measures had been fortified since 2006, he added.

According to media reports Saturday, Oct. 4, Telekom had contacted the appropriate authorities as soon as the data was stolen in 2006 and an investigation has since been underway.

Telekom said it had conducted research after the theft and discovered that copies of the data had been offered on the black market but had apparently not been bought. Few customers brought complaints pertaining to the data mishap, though a special hotline telephone number was set-up.

The public prosecutor's office in Bonn told reporters that pieces of data had been confiscated from private homes, but that the thieves themselves had not yet been detained.

Celebrity customers, including comedian Hape Kerkeling and television moderator Guenther Jauch, high-ranking politicians, billionaires and clergymen were reportedly among those affected by the data breach.

For some of them, it could represent a threat to their security if their secret personal telephone numbers landed in the hands of criminals.

Saturday's revelation is not Telekom's first brush with data scandals. Earlier this year, the firm admitted that calls between journalists and board members had been illegally monitored in 2005 and 2006.

From http://www.dw-world.de/dw/article/0,2144,3690132,00.html

How to prevent on-line manipulation: EU Agency ENISA publishes white paper on ‘Social Engineering’

ENISA, the European Network and Information Security Agency, has launched a white paper on ‘Social Engineering’, (i.e. on-line manipulation, through social networks, email, also known as ‘Nigeria-letters’ or ‘advance-fee frauds’, instant messaging, or Voice Over Internet Protocols (VoIP)). The Agency provides 3 case studies portraying how easy users are manipulated, identifies 5 defence measures and issues a check list, ‘LIST’, for users to counter social engineering. Finally, the Whitepaper includes an exclusive interview with the world famous security author, speaker, and consultant Kevin Mitnick.

What are the risks of on-line manipulation, or “Social Engineering”? Fraudsters frequently manipulate people and exploit human weaknesses through ‘social engineering’. That way, people break their normal security procedures. The scale and sophistication of such fraud is increasing, (27.649/month, Jan.’07-Jan ‘08, according to APWG). Several new ways are used to reach users (e.g. instant messaging, VoIP, and social networking sites apart from emails). Successful social engineering entails:

• A convincing pretext for contacting the target,
• Getting the facts right by research,
• Timing and exploitation of current events, e.g., the Tsunami event, or a Santa Claus mail around Christmas, with a worm included.
• Exploit human behaviour and psychology.

Three e-mail based case studies portray how easy it is to trick ordinary users:

• Case 1: 179 respondents assessed 20 messages (11 bogus, and 9 legitimate), and only 42% of the users could correctly classify the mails; (32% were classified incorrectly and 26% as ‘do not know’.)
• Case 2: Of 152 targeted end-users within an organisation, 23% were tricked into accepting malware infections.
• Case 3: Over 500 undergraduate students followed embedded links, opened attachments, etc. The rate of failure was 38-50%. The good news is that the failure rate was reduced with training.

The Agency identified 5 defence measures against social engineering. However, the key to success lies in improving users’ awareness. Users should use a checklist of questions to verify the Legitimacy, Importance of the Information, the Source and Timing (LIST) (for full checklist see p 25-26 of the report.) Mr Mitnick underpins the report with the claim that it is much easier to trick someone into revealing their password, rather than making an elaborate hack.

The Executive Director of ENISA, Mr. Andrea Pirotti, comments:
“Making staff and users aware of security is of serious concern for Europe. We should all become more aware and ‘responsible on-line EU-citizens’, in our own interest of being able to benefit of the Internet safely”

The report has been elaborated with the kind support of the ENISA Awareness Raising Community and is available at: http://enisa.europa.eu/doc/pdf/publications/enisa_whitepaper_social_engineering.pdf

European Digital Library to soon go online

The vision to make available Europe's cultural diversity in books, music, paintings, photographs, and films to all citizens via one single portal could become reality this autumn.

This vision is the driving force behind all efforts for the establishment of the European Digital Library, Europeana, an initiative within the framework of European Commission’s i2010 strategy. This digital library shall serve as single point of access for digital versions of works from cultural institutions all over Europe, including material from museums, libraries and archives abroad, which users will be able to visit without having to travel or turn hundreds of pages to find a piece of information.

According to Viviane Reding, EU Commissioner for Information Society and Media, "The European Digital Library will be a quick and easy way for people to access European books and art – whether in their home country or abroad. It will, for example, enable a Czech student to browse the British library without going to London, or an Irish art lover to get close to the Mona Lisa without queuing at the Louvre."

However, according to the Communication from the Commission of August 2008, further efforts by the EU Member States are needed, on making available digital versions of works from cultural institutions all over Europe. In particular, the vision of a European Digital Library needs substantial investment from national institutions. However, at present most countries only provide small scale, fragmented funding for digitisation. Therefore, The Commission called on Member States to raise digitisation capacities to make their collections available for Europe's citizens, team up with the private sector, and address the following priorities:

• More funding needs to be allocated to digitisation, along with plans for how much material will be digitised.
• Most countries still lack methods, technologies and experience for the preservation of digital material, vital so that content remains accessible to future generations.
• Common standards need to be implemented to make different information sources and databases compatible for and usable by the European Digital Library.

The Commission itself confirmed its commitment to help Member States bring their valuable cultural content online. To this purpose, in 2009-2010 € 69 million from the EU's research programme will go to digitisation activities and the development of digital libraries, while approximately another € 50 million will be allocated by Europe's Competitiveness and Innovation Programme to improve access to Europe's cultural content.

The launch of Europeana is expected to take place in November 2008.

Further information:
Rapid Press release
European Commission’s Communication - Europe’s cultural heritage at the click of a mouse COM(2008) 513
Europeana

From http://www.epractice.eu/document/5068

ARMA International's 53rd Annual Conference and Expo in Las Vegas October 20-23

Is the management of electronic records and information keeping you awake at night? Have litigation demands driven you to distraction? Do you wish you had solutions to the information management issues facing your organization? There's only one place to go for help...ARMA International's 53rd Annual Conference and Expo in Las Vegas October 20-23. Yes, this world-renown event is where professionals go for real business solutions, best practices, technology tools and innovative ideas. Professionals like yourself who are

• Records and information management professionals
• General and inside counsels
• Legal administrators
• RIM and IT consultants
• CIOs and IT managers

Fact is, if you're involved in managing records and information, this is the place to go to become inspired, educated, connected. You'll get to choose from more than 100 sessions. You'll see the latest technology products and services from 200 of the industry's top providers, including CA, Oracle, IBM, Google, Iron Mountain, and so many more. Plus, you'll be able to meet and talk with an estimated 3,000 colleagues from around the world.You won't find a better opportunity anywhere else. Come for the weekend and play. Or better yet, attend one of the Pre-Conference seminars on Saturday, October 18 and Sunday, October 19. Then prepare yourself, because things really start rockin' and rollin' on Monday.

For more, please visit http://www.arma.org/conference/2008/

Swedes and Dutch best EU broadband performers

Sweden and the Netherlands are the best EU performers when it comes to broadband internet, while Bulgaria and Cyprus come last, according to a report by the European Commission.

"Both countries [Sweden and the Netherlands] have a favourable socio-economic context, with a high propensity to use advanced services and a competitive environment that has ensured affordable prices and high speeds," says the commission in its paper on broadband performance in the EU member states.To measure that performance, Brussels is using a so-called Broadband Performance Index (BPI) based on a series of factors, including speed, rural coverage, affordability, innovation, as well as socio-economic dimensions.

Denmark, the UK, France and non-EU member Norway follow Sweden and The Netherlands, while Poland, Romania, Cyprus and Bulgaria come last.

"Their performance is limited in most dimensions by the socio-economic context and by high prices" in some of the countries, reads the paper.

Poor competition, lack of digital skills and limited PC penetration are among the other cited factors.

On average, some 36 percent of EU households currently enjoy high-speed internet access, although the figures vary widely among the member states.

The commission's aim is "to make broadband Internet for all Europeans happen by 2010," EU telecoms commissioner Viviane Reding stated last week.

Brussels also believes Europe could take the lead in the next internet generation - or Web 3.0 - as it is "already well placed to exploit [the] broadband opportunities, thanks to an open and competitive environment for investments."

"Web 3.0 means seamless 'anytime, anywhere' business, entertainment and social networking over fast reliable and secure networks … Europe has the know-how and the network capacity to lead this transformation," Ms Reding said.

"We must make sure that Web 3.0 is made and used in Europe," she added.
The commission launched a public consultation on Monday (29 September) on its strategy "to respond to the next wave of the Information Revolution" and on the private sector's possible responses to the developing situation.

From: http://euobserver.com/9/26831