ENISA A new ENISA Position Paper on "Privacy and Security Risks when Authenticating on the Internet with European eID Cards"

A new ENISA Position Paper on "Privacy and Security Risks when Authenticating on the Internet with European eID Cards" has been published.

The paper is focusing on authentication risks with European eID Cards. It analyses seven vulnerabilities, identifies 15 threats and gives security recommendations.

Whenever we use internet services, the first steps we take are usually identification (we insert our names) and authentication (we prove that it is us). How we actually identify and authenticate ourselves depends on the security level of the application. The means used can vary from a simple combination of username and password, through a secret PIN, to a PIN generated by some external device or a smart card using cryptography. Smart cards are being used increasingly for authentication purposes. Many European identity cards now contain a smart-card chip, equipped with functionalities for online authentication. They are usually called 'electronic identity cards' (eID cards). The paper focuses on authentication using smart cards and compares this approach with other common means of authentication.

Press release:http://www.enisa.europa.eu/media/press-releases/position-paper-security-risks-online-banking-and-eid-cards

Full report:http://www.enisa.europa.eu/act/it/eid/eid-online-banking

EU/US Bank data transfer deal reached

EUobserver.com reports today that EU justice ministers approved a provisional bank data transfer deal with the United States, allowing American anti-terrorist investigators to access European financial transaction data for another nine months.

The interim agreement had sparked controversy among European Greens and Liberals, who cited data privacy concerns and slammed member states for "rushing" to get the deal done before the European Parliament acquires more powers in this field. A day later, with the coming into force of the Lisbon Treaty, the legislature would have had a bigger say on the agreement.

Read the entire story here: http://euobserver.com/9/29072/?rk=1

European Commission consultation on e-invoicing

The European Commission has published today the report of expert group on e-Invoicing. The group was mandated to design a European e-Invoicing framework, to contribute to the uptake of open and interoperable electronic invoicing solutions within the EU. Particular emphasis was put on the needs of Small and Medium Enterprises (SMEs). The report, which does not necessarily represent the views of the Commission, will be open for consultation until 26 February 2010.

e-invoicing, short for electronic invoicing, is the electronic transfer of billing and payment information, via the Internet or other electronic means between the parties - businesses, the public sector, consumers - involved in commercial transactions.
Compared to paper invoices, e-Invoices may offer huge advantages for companies - they are said to be easier to process, they reach the customer faster and can be stored centrally at very low cost. A recent report predicts potential annual benefits of up to €40 billion across Europe in the business-to-business field alone

Source and further reading: http://ec.europa.eu/enterprise/sectors/ict/e-invoicing/

20% Discount for ARMA members on PCI Europe on 3 December in Brussels

The information available at this event will add real value to your business and your department. It will focus on how to maximise the business value of PCI DSS compliance by integrating it into an enterprise-wide risk-based security strategy at a time when they must also keep a careful eye on budgetary constraints.

To view the agenda please click here.

Value in attending:
This year's agenda is designed to overcome issues across the spectrum of data security compliance and risk management. You will take away a great deal of practical information on a number of topics related to PCI DSS compliance and IT Security, including:

• Approaching IT and transaction environments to reach security in the most intelligent way
• Avoiding pitfalls: the things that can go wrong when implementing PCI DSS and how to avoid them
• Matching solution paths to wider business goals in order to ensure security does not mean answering single compliance or business requirements
• Understanding issues created by grey areas; avoiding delay to, and increased expense of, compliance programs
• Managing technical audits; understanding the depth necessary to reach compliance
• Creating wider business value for internal customers and integrating compliance into existing enterprise programmes
• Giving PCI DSS business value by making it work for you
• For further information, please visit the PCI Portal
  
  Who is the forum designed for:
  This forum is specifically designed specifically for those responsible for securing I.T. and transaction environments in the payment card industry, including:
  - PCI DSS Project managers
  - Risk or Compliance officers
  - IT Security professionals
  - IT professionals
  
  To book your place please contact Aneta Atanasova or alternatively you can register online.

EU’s cyber security agency, ENISA launches a comprehensive, new report on Cloud Computing

How can businesses and governments get the obvious benefits of cloud computing without putting their organisation at risk? The EU's cyber security agency, ENISA (the European Network and Information Security Agency) answers this question in a comprehensive, new report on "Cloud Computing: Benefits, risks and recommendations for information security". It covers the technical, policy and legal implications and most importantly, makes concrete recommendations for how to address the risks and maximise the benefits for users.

Get the entire story here: http://www.enisa.europa.eu/media/press-releases/enisa-clears-the-fog-on-cloud-computing-security-1

EU stalls bank data deal with US ahead of Lisbon Treaty

According to EUObserver.com, opposition from four EU member states to a draft agreement between the EU and US allowing the use of banking data in anti-terrorist investigations is likely to delay a decision until after 1 December, drawing the European Parliament into the decision making process.

Citing data privacy concerns, Germany, Austria, France and Finland are opposing the text negotiated by the Swedish EU presidency and the European Commission allowing American authorities access to information from the Society for Worldwide Interbank Financial Telecommunication (Swift) - the interbank transfer service.

Read the article here: http://euobserver.com/9/28984/?rk=1

Google unveils privacy tools

The FT reports that Google has unveiling tools that will allow users to see what information the internet company is keeping on them, to aleviate the concerns of privacy campaigners.

Users who have signed up for any of Google’s consumer services, such as Gmail, Blogger, Picasa, and YouTube, will be able to see a “dashboard” listing the personal details that are stored about them. Users will be able to edit and delete the information.

The dashboard is similar to the tools Google introduced earlier this year to allow people to see the data that it was collecting about them in order to serve them targeted advertising.
Privacy campaigners welcomed the privacy tools as a step forward. “If the rest of the industry took this line, we would start to solve some of the problems with privacy,” said Simon Davies of Privacy International, the pressure group.

Read the article here: http://www.ft.com/cms/s/0/e5116b30-c9f5-11de-a5b5-00144feabdc0.html

International Domains Get ICANN Thumbs Up

PC World reports that starting in mid-November, countries and territories will be able to apply to show domain names in their native language, a major technical tweak to the Internet designed to increase language accessibility.

On Friday, the Internet's addressing authority approved a Fast-Track Process for applying for an IDN (Internationalized Domain Name) and will begin accepting applications on Nov. 16.
The move comes after years of technical testing and policy development, said the Internet Corporation for Assigned Names and Numbers (ICANN), which held a meeting in Seoul this week.

http://www.pcworld.com/article/181052/international_domains_get_icann_thumbs_up.html

EU opens historical archives to public

Euractiv.com reports that thousands of EU publications were made available to the public for free last week (16 October) following the launch in Frankfurt of a new digital library, the 'EU Bookshop'.

The EU Bookshop website hosts an electronic library containing 12 million scanned pages from over 110,000 historical publications. A further two million pages from more recent ones are also included.

The site, launched at the Frankfurt Book Fair, features all publications edited by the EU's Publications Office on behalf of the European institutions, agencies and other associated bodies since 1952.

New publications will be added every day at a rate of up to 1,600 per year.
"With the digital library, we have total transparency" of EU legislative and cultural publications, Multilingualism Commissioner Leonard Orban told AFP on Sunday, adding: "No-one can complain now of problems consulting legislative texts and associated documents."

Read the entire article here: http://www.euractiv.com/en/culture/eu-opens-historical-archives-public/article-186546

EU to tackle digital book copyright in 2010

According to Eurocativ.com, the European Commission will establish "simple and cost-efficient rights clearance systems" on the digitisation of published works and their availability on the Internet, it announced this week (19 October).

The legal implications of digitisation en masse and the potential costs for rights clearance are the two main issues that emerged from a consultation with libraries, publishers and other stakeholders.

The Commission says it will deal with the copyright aspects of digital publishing in the context of a new strategy on intellectual property rights in 2010.

Read the entire article here: http://www.euractiv.com/en/infosociety/eu-tackle-digital-book-copyright-2010/article-186586

ECB joins chorus attacking EU hedge fund plans

EOObserver.com reports that the European Central Bank has added its name to the extensive list of critics of EU plans to clamp down on the hedge fund sector, saying over-regulation could drive the industry out of Europe.

The European Commission came forward with a draft directive before the summer to improve regulation of the hedge fund and private equity sectors, with the proposals currently being studied by the European Parliament and member states.

The commission plans call for the registration and regulation of all "alternative investment funds".

The funds would be obliged to disclose information on the types of assets it invests in as well as provide details on their use of short selling, one of the tactics blamed for exacerbating the financial crisis.

Non-EU fund managers would also be obliged to comply with the rules if they wished to sell their products within the bloc.

But consensus is growing amongst bankers and EU officials that the commission's one-size-fits-all' approach for all types of funds is too simplistic and needs alteration.

Read the entire article here: http://euobserver.com/9/28875/?rk=1

Anti-fraud body not eager to cut loose from EU commission

EUObserver reports that leading politicians and civil servants on Monday expressed serious reservations at making EU's anti-fraud body fully independent from the European Commission, an idea floated by its newly reappointed chief Jose Manuel Barroso.

Ten years since its creation, the European Anti-Fraud Office (Olaf, to use its French acronym) is still fighting some "childhood diseases", its head, Franz Hermann Bruner, told an anniversary conference on Monday (12 October) in Brussels. He admitted that there were still gaps, that the statute of its staff was somewhat unclear, but rejected the idea of cutting the institution completely off from the European Commission.

ARMA European Regional Board Elections

To all European ARMA members:

On behalf of the Steering Committee of the European Region, I am writing to invite nominations for the upcoming elections of the 2010 European Region's first Board Members.
The following positions will be elected, and then supplemented with appointees (made by the elected officers) for specific functions such as Membership, Education, Public Relations and Strategic Partnerships:

Region Director:
The role of the European Region Director will be to represent the best interests of the voting members of the European Region of ARMA International. Duties include:

• To provide leadership, and overall direction for all regional activities and initiatives.
• To be accountable to the Region's members, and to represent the wishes of the majority.
• To be accountable to the ARMA Board [Note: this may change under the new Two-Committee structure that took effect on 1 July 2009]
• To ensure that the Region complies with ARMA International accounting and other rules.
• To adhere to the Bylaws and established Policies and Procedures of ARMA International.
• To serve as the link between the Region and the ARMA European Office; Member Services at ARMA Headquarters; and the International Region.
• To submit an Activity Report to the Director of Member Services, at least one month prior to each regularly scheduled meeting of the Board of Directors.
• To attend (at ARMA's expense) ARMA International's Region and Chapter Leadership session(s), including those held in conjunction with ARMA's annual Conference.
• To delegate responsibility for regional operational functions (e.g: Website, newsletter, blog).
• To appoint Task Forces [Working Groups] including, for example:
  -Membership Task Force.
  -Strategic Alliance Task Force.
  -Marketing and Public Relations Task Force.
  - Education and Professional Development Task Force.
  - Regional Conference(s) Task Force.
• To sanction and charter new Chapters within the European Region, whenever deemed appropriate. [Note: The European Region's Board to take account of the wishes of the local membership in determining whether Chapters should be based on Country, City or other entity]

Deputy Region Director:
To support the Region Director in his/her tasks listed above and replace him/her when required.

Secretary:
To maintain the minutes of the Board meetings and of the annual business meeting and submit them within ten (10) days of said meeting to the Board members for approval.

• To coordinate, and take ownership of, all official communications - internal and external - with relevant Task Forces, Committees and Staff.
• To establish standardised procedures and processes for managing the life-cycle of the Region' business records in accordance with Records and Archives Management best practice.
• To establish processes for managing the Region's Archives (relating to the establishment, structure and administration of the Region) and memorabilia, in appropriate repositories.

Treasurer:

• To be accountable to the Region's Board and members, for the Region's financial matters.
• To work with the Region Director to create and manage the budget for the fiscal year.
• To ensure that the Region fully complies with ARMA's approved accounting procedures.
• To collect and deposit all revenues (eg: from membership dues, meeting attendance fees, sales of publications, or fees from special events, etc.) in a secure place.
• To submit a report to the Region's Board meetings, itemizing the revenues and expenditures.
• To submit all proposed expenditures to the Region's Board for its approval (if an immediate approval is required, then the Director may approve).
• To submit financial and other reports as required by ARMA International.

To nominate yourself, may I kindly ask you to submit to me a short bio (max 300 words), a picture, and a short motivation (max 300 words) supporting your nomination, for example outlining a vision of where you would like to take ARMA Europe, and why you would like to be elected.

Please note that the deadline for nominations is 19 October. Only self-nominations will be accepted. Voting will be carried-out electronically, between 20 October and 3 November 2009 and will be anonymous. All European ARMA members will receive an e-mail on or around 20 October with a link to the voting survey. The results will be announced shortly after voting ends.

Please do not hesitate to contact me should you have any questions. We look forward to receiving your nomination.

Kind regards,

Michiel Gen
European Representative
----------------------------------------------
ARMA International - European Office
287 Avenue Louise
1050 Brussels, Belgium
tel +32 2 627 0161
fax + 32 2 645 2671
michiel.gen (at) armaintl.org
www.arma.org

ARMA International is a not-for-profit professional association and global authority on managing records and information. Make us your first stop for education, standards, and other information management-related resources!

Future of internet has dangers for privacy, Brussels warns

EUObserver.com reports that according to the European Commission, the future of the internet contains pitfalls as well as possibilities

There is a dark side to some of the impressive new online technologies that are appearing, from social networking to behavioural advertising to RFID smart chips, the European Commission's internet chief has warned.

While such technologies offer great vistas of opportunity, the commission is monitoring their development "closely" for the very real potential threats to privacy they contain, information society commissioner Viviane Reding said on Monday at a debate on the future of the internet in Brussels.

Read the article on EUObserver.com here: http://euobserver.com/9/28792/?rk=1#

Commission proposes to strengthen financial supervision in Europe

Further responding to the financial crisis, the European Commission has adopted a key legislative package today to strengten financial supervision in Europe. It envisages the creation of a European Systematic Risk Board (ESRB), which is to monitor and assess risks to the stability of the EU's financial system as a whole. Where necessary, it is to issue warnings and recommendations to prevent dangerous situations from materialising. The package also envisages the creation of a European System of Financial Supervisors (ESFC) along with the creation of three new European Supervisory Authorities.

These authorities for the banking, securities and pension sectors will be responsible for the coordination and facilitation of the work of national financial market supervisors. The current financial crisis has highlighted weaknesses in the EU's supervisory framework, which remains fragmented along national lines despite the creation of a European single market more than a decade ago. The new European supervisory system is designed to prevent the EU getting to the point reached in autumn 2008 where banks had to be bailed out. The package is being presented one day before the G20 Summit in Pittsburgh where a global reform of the financial markets will be high on the agenda.

More information

FIRST MoReq2 COMPLIANCE CERTIFICATE ANNOUNCED; MoReq2 ROADMAP MAINTENANCE AND DEVELOPMENT ANNOUNCED

At the DMS Expo in Cologne (Germany), Toivo Jullinen, Chairman of the EU-sponsored DLM Forum, a European community of Information and Records Management experts from both the public and private sector, today presented Mr Karl Mayrhofer of Fabasoft AG of Linz, Austria, with the Certificate of Compliance to mark the successful testing of MoReq2, the European specification for Electronic Records Management.

Toivo Jullinen, Head of Strategic Planning, National Archives of Estonia, and Chairman of the DLM Forum, commented: “On behalf of the Executive Committee of the DLM Forum, we are delighted that all the hard work carried out over the past three years to develop the MoReq2 specification has resulted in the first certification of a product. I would like to congratulate Fabasoft for taking the initiative and offer our thanks to imbus for completing the testing of the first MoReq2 certified product.”

“The DLM Forum today also announces the development of the MoReq2 Roadmap for the maintenance and development of MoReq2. We invite other government and commercial organisations, regulators and vendors to adopt the MoReq2 specification, and join the DLM Forum community to be informed of the latest developments and best practice records and information management across Europe; and the related certified suppliers.”

For Inforesight Limited, Director Marc Fresko commented “As leader of the MoReq2 development team and member of the MoReq Governance Board, I am thrilled at this major milestone. The Information Management community in Europe is now truly positioned to benefit from the best practice standards-based approach MoReq2 offers to all.

The road is now open for other software vendors to follow Fabasoft’s lead, and the announcement of the Roadmap means the future direction of MoReq is clear, open, and assured.” Karl Mayrhofer, CEO of Fabasoft Distribution said: “We at Fabasoft AG are proud to be the first company to receive compliance with MoReq2 specifications, which demonstrates our commitment to providing the latest electronic records management products in Europe.”

The testing for compliance was carried out by the first DLM Forum-approved testing authority, imbus AG of Möhrendorf, Germany, from whom Thomas Rumi, (Managing Consultant, Testing Service, Lead of the imbus TestCenter) commented: “Imbus is pleased to have completed the first successful testing of the MoReq2 specification and we look forward to working with other major vendors that seek to gain compliance with this exciting new specification for electronic records management across Europe.”

The representative and observer for the European Commission on the DLM Forum Executive Committee, Jef Schram, added these words: “On behalf of the EU, which provided initial financing for the development of the MoReq2 specification, we are delighted that the first certified product has been tested and certified. The European Commission continues to support MoReq and looks forward to further involvement with the DLM Forum in this crucial part of the EU’s plans to advance best practice in electronic information management in the future”. Representatives of the Europe-wide National Archives across the EU have welcomed this development.

Richard Blake, Senior Manager Public Sector Team at The National Archives commented: “We welcome these announcements which will encourage a wider adoption of electronic records management through the MoReq2 programme.”

Dr. Michael Hollmann of the Bundesarchiv added: “The German Bundesarchiv as member of the DLM Forum supports the MoReq2 initiative and congratulates Fabasoft on obtaining the first MoReq2 certification."

E-health hampered by interoperability glitches

According to Euractiv.com, ptential cost-savings from e-health are being jeopardised because computer systems cannot talk to one another, according to experts. Healthcare IT specialists also warn of resistance from healthcare workers and patients amid ongoing concerns over data protection.

Potential cost-savings from e-health are being jeopardised because computer systems cannot talk to one another, according to experts. Healthcare IT specialists also warn of resistance from healthcare workers and patients amid ongoing concerns over data protection.

Continue reading here: http://www.euractiv.com/en/health/health-hampered-interoperability-glitches/article-185309

EU firms voice fears of trade secret 'leakage' in China

Euractiv.com reports today that Confidential data provided by European companies to the Chinese authorities as part of patent applications and environmental impact assessments are being leaked to local competitors, according to the European Union's Chamber of Commerce in China.

There is a growing concern amongst European companies about the "leakage of confidential information," with Chinese government agencies demanding detailed data on the products and practices of foreign firms.

"It is unfortunately not uncommon for such proprietary knowledge to be leaked to Chinese competitors," according to a new position paper published by the EU Chamber of Commerce 's office in Beijing

Read the full article here: http://www.euractiv.com/en/enterprise-jobs/eu-firms-voice-fears-trade-secret-leakage-china/article-185148#

Survey Uncovers Market Trends, Obstacles in Information Management

Did you know that, very few records managers express high e-discovery confidence? According to a survey conducted by Forrester Research (Nasdaq: FORR) in conjunction with ARMA International barely 20 percent of records management decision makers report they are "very confident" that, if challenged, their organization could demonstrate their electronically stored information (ESI) is accurate, accessible, and trustworthy.

This information and much more is available in the September 2009 Forrester Research report, ''Records Management: User Expectations, Market Trends, And Obstacles.

For more information on the survey and for information on obtaining a copy of the report view the press release available on PR Web today HERE.

BNP Ex-Security Chief Fined For Leaking Members List

A former senior official in the British National Party was fined £200 yesterday and castigated by a district judge after he admitted leaking the far-right party's membership list online.
Matt Single, 37, the BNP's former security chief, was behind the disclosure of the names and addresses of 12,000 people, including a police officer who was consequently sacked. Single had been charged under the Data Protection Act.

Continue reading here: http://www.securityoracle.com/news/detail.html?id=15839

European Commission to Investigate Google Book Deal

A European Commission hearing on 7 September will investigate whether a US legal settlement concerning Google breaches EU copyright law, the European Voice reports.

The settlement, which is still being studied by the US courts and justice department, would allow Google to use in-copyright material scanned in libraries in its Book Search service, which allows people to read extracts, and in some cases the full text, of digitised books. An agreement was reached last year between Google, the US Authors' Guild and the Association of American Publishers.

It covers out-of-print books which are either in- copyright or have uncertain copyright status, and works whose copyright holder cannot be found (known as orphan books). Such books account for around 75% of an average library's collection. Books by European authors are included in the settlement's remit.

Read the entire article here: http://www.europeanvoice.com/article/imported/google's-books-deal-under-scrutiny/65779.aspx?lg=1

The settlement is opposed by a coalition of companies (including Amazon, Microsoft and Yahoo), as well as some authors and publishers, who argue that it would give Google an unhealthy dominance over other digital library services.

The opponents announced last week that they had formed a lobby group, the Open Book Alliance (OBA), to campaign against the deal. According to an OBA statement, “a digital library controlled by a single company and a small group of colluding publishers would inevitably lead to higher prices and sub-par service for consumers, libraries, scholars and students”.

EU digital library scheme plodding along, complains EU Commissioner

EUObeserver roports that Europe's construction of a 21st Century digital Library of Alexandria is plodding along in a rather too unhurried fashion, according to Brussels' information society commissioner Viviane Reding, responsible for all things electronic and virtual.

With just 4.6 million books, maps, artworks and newspapers from Europe's assembly of national libraries, museums, and archives digitised for access on Europeana, the EU's multilingual digital library launched last November, the project is less than half the way to its early goal of building a collection of 10 million items by 2010 - just four months away.

Continue reading here: http://euobserver.com/9/28599/?rk=1

EU takes sides in new standard war for wireless

The European Commission took another step to promote the LTE standard for the fourth generation of wireless telecommunications by announcing a further investment of €18 million in this technology, de facto ditching the alternative WiMax.

Continue reading here: http://www.euractiv.com/en/infosociety/eu-takes-sides-new-standard-war-wireless/article-184678

EU-wide tax databases suggested

In a bid to use the momentum of the economic crisis which has strained EU public budgets, the European Commission has proposed a potentially controversial system to boost fight against tax fraud by allowing national authorities to directly access taxpayer data in other countries.
"In the current economic situation it is more important than ever to fight tax fraud efficiently and a fully functioning administrative cooperation between tax administrations is key in that respect," the EU's taxation commissioner Laszlo Kovacs said in a statement on Tuesday (18 August).

Introducing the proposed structure, the Hungarian commissioner said he wanted to provide national tax officers with "all technical and legal means to take action" and protect other states' tax revenue "as effectively as their own."

The key element of the blueprint is the creation of "Eurofisc" - a scheme for rapid exchange of targeted information to which the authorities from all 27 EU member states would have direct access, in order to "stop fraud and catch fraudsters," Mr Kovacs said.

continue reading here: http://euobserver.com/9/28564/?rk=1

Why Cross-Border Litigation is a Compliance Concern

As the global economy expands, more and more organizations are conducting business across borders, inevitably leading to litigation, government inquiries and compliance audits that span international boundaries. Not surprisingly, cross-border litigation often results in complex electronic discovery (often referred to as e-discovery) issues, where organizations are required to produce electronically stored information from various countries as evidence.

Continue reading here

Swedish Pirate Party support soars after file-sharing verdict

Support for the Pirate Party, a political party running in the European elections, has soared in the wake of last week's conviction of the four Swedish founders of the file-sharing site.

Backing for the Swedish Pirate Party has now leapfrogged that of the domestic Green Party. While it may be a blip of anger after the verdict and opinions may change come election day, almost 50 percent of young men under 30 say they intend to vote for the new faction in the June 2009 elections to the European Parliament.

http://euobserver.com/9/27969/?rk=1

5 Security Flubs Users Make When Browsing the Web

From haphazardly installing Active X controls, to ignoring security warnings, a look at five common ways users get off the security track online and ways to set them straight: http://www.csoonline.com/article/489738/_Security_Flubs_Users_Make_When_Browsing_the_Web_

EU deal to tighten oversight of rating agencies

Euractiv.com reports that European Union legislators have struck a political agreement over new rules to tighten control of credit rating agencies such as Fitch and Moody's, which have been singled out among the main culprits for the financial turmoil.

The key element of the agreement, reached on Wednesday (15 April) between representatives of the European Parliament, member states and the Commission, concerns the registration and supervision of rating agencies.

According to the deal, the Committee of European Securities Regulators (CESR ), a body made up of national regulators, will be temporary in charge of registering credit rating agencies. So far registration was not required.

The new rules require the CESR to manage a database of historical performance information about rating agencies operating in the EU. This should allow users of rating services - such as investors - to quickly verify the accuracy of economic predictions and compare them with competitors

Under the new rules, credit rating agencies will have an obligation to disclose the names of rated companies that contribute to more than 5% of an agency's revenue. This is to prevent biased ratings driven by financial interest. They will also be forbidden to rate companies in which their analysts own shares or financial products. The consulting and advisory role of rating agencies will also be denied to companies which are themselves subject to rating. Analysts will be forced to rotate in order to avoid becoming too close to the industry sector they rate.

For more go to http://www.euractiv.com/en/financial-services/eu-deal-tighten-oversight-rating-agencies/article-181344

"Personal data - more use, more protection?", 19-20 May 2009

The European Commission organises a personal data use and protection conference to look at new challenges for privacy.

How should personal data be protected in a globalised world with increased mobility and in the wake of modern communication and information technologies and new policies? Which data is accessed and exchanged by public authorities and private companies? How well are current rules on international transfers of personal data working in a time of “cloud computing”? What are the expectations of individuals and business and society as a whole? These and other topical questions will be addressed by a conference on the use, exchange and protection of personal data in the EU, organised by the European Commission, which will take place in Brussels on 19 and 20 May 2009.

Interested individuals, business leaders, consumer associations, academics, data protection supervisors and public authorities from both the EU and third countries are invited to take part.
Among the speakers will be the Vice-president of the European Commission in charge of Justice, Freedom and Security, Mr Jacques Barrot.

The conference will give the opportunity to various stakeholders to express their views and questions on the new challenges for data protection and the need for an effective information management strategy in the EU. The conference is part of the Commission’s open consultation on how the fundamental right to protection of personal data can be further developed and effectively respected, in particular in the area of freedom, justice and security.
Interpretation will be provided in English, French and German.

http://ec.europa.eu/justice_home/news/events/news_events_en.htm

EU says UK failing to protect internet users' privacy

According to EUobserver.com, the European Commission has threatened to take the UK to court over "structural" failures to guarantee internet users' privacy, in line with European law.
In a formal letter sent from Brussels to London on Tuesday (14 April), the commission gave UK authorities two months to respond to criticism of new web surveillance technology or face legal action at the Court of Justice in Luxembourg.

The complaint centres around US-based software company Phorm, which uses records of people's surfing activity obtained from internet service providers to help advertisers target customers more accurately.

Read the entire article here: http://euobserver.com/9/27945/?rk=1

Commission recommends staff to be intransparent

EU affairs blogger Julien Frisch reports that in a Vademcum (handbook) leaked on Wikileaks it has become obvious that the Commission is advising its staff to write documents and emails in way that allow maximum intransparency.

Continue reading here: http://julienfrisch.blogspot.com/2009/04/commission-recommends-its-staff-to-be.html

UK Counter-terrorism chief quits after revealing confidential document to photographers

Britain's most senior counter-terrorism officer has resigned after making a security blunder which caused an anti-terror operation to be brought forward, the BBC report. Assistant Commissioner Bob Quick inadvertently revealed secret papers to photographers when arriving for a Downing Street briefing on Wednesday.

Continue reading here: http://news.bbc.co.uk/2/hi/uk_news/7991307.stm

EU officials warned to be careful about email content

According to EUObserver.com, new rules on public access to EU documents have prompted one of the European Commission's key departments to circulate a memo warning officials to be careful about what they write in emails and advising them on how to narrowly interpret requests for information.

The 15-page handbook was circulated in January to officials working in the commission directorate for trade, one of the EU's most important policy areas affecting millions of people both within and beyond the bloc.

It reminds DG trade employees that all documents, including emails, are "in principle subject to disclosure" and asks them to think of the regulation when they are producing documents.

"Each official must be aware that all his/her documents, including meeting reports and e-mails can potentially be disclosed. You should keep this in mind when writing such documents.

This is particularly the case for meeting reports and emails with third parties (e.g. industry), which are favourite "targets" of requests for access to documents, especially by NGOs," reads the memo.

Continue reading here: http://euobserver.com/9/27935/?rk=1

Storing EU Customer Data in the U.S. is Legal

From ARMA's InformationOverload blog:

Nikki Sandison reported for Marketing Direct, "The European Commission has confirmed that it is legal under EU data protection law to store customer data in the US - as long as a Safe Harbor certification is in place. European organisations and companies have been concerned about the US's Patriot Act, which grants federal officials the right to inspect any data stored in the U.S. if it relates to a national security investigation." However, "The issue is not simply with the Patriot Act but that the concern was that 'companies within the EU could collect personal data about individuals and export this data to countries outside of the EU having lesser standards of data protection, using this as a means to circumvent EU data/protection requirements,'' this article said, quoting Phil Lee, senior solicitor at Osbourne Clarke's data privacy team.

Hey there! ARMA_INT is using Twitter

ARMA International is on Twitter @ARMA_INT (Come see what all the buzz is about!)

Airbus admits to spying on staff

Aircraft maker Airbus has admitted to spying on its staff in an attempt to uncover potential corruption. Airbus ordered checks on all staff working in Germany from 2005 to 2007, the company acknowledged. The checks were to see if workers' bank account numbers matched those of suppliers. No wrongdoing was found.

The head of Germany's national rail operator Deutsche Bahn resigned this week after the company also admitted to spying on thousands of its employees. The Airbus checks, which were ordered by former management at the company's German business, emerged in an audit launched by current management. "At that time, an internal comparison of data was regarded as being legally permissible," Airbus said.

Get the full article here: http://news.bbc.co.uk/2/hi/business/7978713.stm

ARMA International Challenges Organizations to Implement Better Recordkeeping - Announcing the Generally Accepted Recordkeeping PrinciplesSM

Records are the foundation of compliance and the key to success for organizations – big or small, public or private – in any industry. Litigation professionals, too, are becoming painfully aware of the need to manage e-mail at an organizational level in order to mitigate risk during the legal discovery process. Businesses are also coming to realize greater efficiency and cost savings due to better information management. As a result, recordkeeping best practices have become a process and skill needed by not only records professionals, but by every employee.

Due to the exponentially expanding volume of information available and the pressing need to manage information correctly, ARMA International is pleased to announce a set of Generally Accepted Recordkeeping Principles (GARP) SM.

Through these principles, ARMA International provides a framework for guidance in implementing information management programs to help business leaders, legislators, the judiciary, and other stakeholders understand and address the key components of records and information management as a discipline and as a best business practice. The principles were developed from related information management legislation, the combined experiences of the task force members, applicable ARMA International, ANSI, and ISO standards, the recommendations of ARMA International’s more than 11,000 professional practitioners, and case law.

Each of the eight principles has an expanded description containing detailed information on how to ensure organizations are meeting the criteria for a sound information management program. These descriptions, as well as other information on the principles, can be found at www.arma.org/garp.

The eight Generally Accepted Recordkeeping PrinciplesSM are:
Accountability
Integrity
Protection
Compliance
Availability
Retention
Disposition
Transparency

Using these generally accepted principles as a guide helps to ensure that the company’s most important assets, their records, are used correctly to support the organization’s essential activities such as budgeting, planning, demonstrating compliance with laws and regulations, and other day-to-day operations.

A task force was initially formed to help encapsulate these principles. It was comprised of a multi-disciplined group of widely respected professional practitioners at the highest levels of their professions. ARMA International members and non-member stakeholders then reviewed the proposed principles and submitted comments that were taken back to a task force for review and consideration. This same task force will continue to monitor legislation and case law and will recommend changes to the principles when appropriate. The principles have been approved by the ARMA International Board of Directors.

For more information about the Generally Accepted Recordkeeping PrinciplesSM or ARMA International, please visit www.arma.org.

Cheaper and easier EU trade mark protection

The fees for EU-wide trade mark rights are to be reduced by 40% from 1 May 2009, saving businesses some €60 million a year, and the registration procedure will also be simplified. Instead of paying €1750 for the application and registration of a Community trade mark, businesses will be charged only an application fee of €1050 in future. Those who file their applications via the Internet will benefit from a greater reduction and will be charged merely an application fee of €900 in place of the total amount of €1600 to be paid at present. This means that in future businesses will pay 40% less for obtaining a Community trade mark – and as much as 44% less when using electronic means. The fee reduction and simplification of procedure essentially consist in setting the registration fee for Community trade marks to zero. Businesses will therefore pay only an application fee, and will no longer have to pay a separate fee for registration. As a result, the processing time for the registration of a Community trade mark will also become significantly shorter. In addition, the individual fee for international trade mark applications and registrations designating the European Community under the Madrid Protocol will go down from €1450 to €870, which also corresponds to a 40% decrease.The EU agency responsible for registering trade marks and designs that are valid in all 27 Member States is OHIM, the Office for Harmonisation in the Internal Market, located in Alicante, Spain.
More information

EU must get tough on data protection says commissioner

EU consumer protection commissioner Meglena Kuneva has issued a "get tough" message over data protection issues.

Speaking in Brussels on Tuesday, she said her hardline comments should be seen as a last chance warning to the industry to clean up its act.

She told an audience there was a "much-needed" debate on the increasing ability to profile consumers and then use their details for commercial purposes.

Research showed that young people - "the most confident of internet users" - use the internet in spite of the fact that they generally do not trust it, she said.

She told the meeting, "Let me be very clear from the start [that] I believe the internet and the new generation of digital communications offer immense possibilities to consumers."The regulatory protection we have in Europe is extensive and far-reaching [although] there is a huge task ahead of us in terms of enforcement of the rules.

"The Bulgarian official predicted that "behavioural targeting" online "become increasingly pervasive and consumers understandably feel uncomfortable".

"Today, I want to send a very clear message to those involved in all aspects of the digital world - consumer rights must adapt to technology, not be crushed by it," she added.

"The current situation with regard to privacy, profiling and targeting is not satisfactory."Kuneva added, "It is regulators that bear the ultimate responsibility of ensuring markets work well and develop their greatest potential with the interest of citizens at heart.

"I want to send a warning signal that we cannot afford foot dragging in this area. If we fail to see an adequate response to consumers' concerns on the issue of data collection and profiling, as a regulator, we will not shy away from out duties nor wait for a cataclysm to wake us up.

"The commissioner was the keynote speaker at a roundtable debate in Brussels on the issue of online data collection and profiling.

Kuneva later appeared before a conference in parliament on "EU consumer protection policies - market or regulation?" The event, co-hosted by ALDE MEP Silvana Koch- Mehrin, focused on the expansion of consumer protection rules.

Source: TheParliament.com

ENISA Report on E-health

ENISA has just released a report presenting major potential Emerging and Future Risks in a possible remote health monitoring and treatment scenario. The report is the result of an Emerging and Future Risk assessment based on scenario building and analysis. This e-health scenario is the first in a series that will be developed and analyzed by an international group of interdisciplinary experts. In the report 14 risks have been identified. It also underlines the importance of a cautionary approach to be followed in regards to the adoption of beneficial e-health solutions....You will find more information and the full report at:http://www.enisa.europa.eu/pages/02_01_press_2009_03_20_being_diabetic_2011.html.

Nouvelle Norme Pour L'Archivage Electronique

Attendue de longue date, la nouvelle version de la norme AFNOR relative à l’archivage électronique (NF Z42-013) a pris effet le 4 mars 2009. Le texte contient plusieurs innovations dont la plus importante concerne les supports d’archivage. La version précédente de la norme datée de décembre 2001 ne concernait que les supports non réinscriptibles de type disque WORM (write once, read many). Les supports réinscriptibles de type disques magnétiques sont désormais reconnus à condition que l’intégrité des archives soit assurée par des moyens cryptographiques (empreinte, horodatage, signature électronique).


puce Lire la suite : http://www.cecurity.com/site/PubArt200902.php

From: Newsletter de Security News

Microsoft to Have Expanded Presence in Records Management

From ARMA's Informationoverload Blog:

According to this Digital Energy Journal post, "Paul Duller, information services director for Tribal Software and chairman of the 1,500 member UK Records Management Society, says he believes that Microsoft will soon have a much bigger presence in records management services in the oil and gas industry."

Invitation to ARMA members working in financial institutions

Last week’s Turner report has raised the bar on record management yet again:

“In the future the FSA’s supervisors will seek to make judgements on the judgements of senior management and take action if in their view those actions will lead to risks to the FSA’s statutory objectives. This is a fundamental change.” DP 09/2 11.14 p. 186.

Evidence would suggest that few are able to clear the current MiFID Article 51 bar. The Committee of European Securities Regulators (CESR) has given us the option to comment on the current level of standards across Europe – we have until 7 April to respond if we want this “low priority” to be taken seriously http://www.cesr.eu/index.php?docid=5641.

The JWG-IT Think-Tank, who are leading new approaches to EU record keeping requirements, invite you to an industry seminar on 30 March from 16:00-18:00 at a financial institution in Canary Wharf, London to:

1. Review of the recent FSA shifts and MiFID Art. 51 implementation status
2. Discuss the what a ‘good list of minimum records for wholesale business’ looks like (including an overview of our FSA Industry Guidance efforts)
3. Agree next steps (including the response to the CESR/09-088 work plan).

Drinks will follow the seminar.

This seminar is open to all JWG-IT members and employees of financial institutions. Regardless of where you sit - compliance, facilities, technology, operational risk or elsewhere – we welcome your participation.

To reserve your seat, please contact jitz@jwg-it.eu

April is RIM Month: Promote RIM Within Your Organisation!

Managing records and information is an essential element to the competitiveness and accountability of an organization. Too often, RIM professionals are the unsung heroes of the organization. It’s time to promote the value of RIM!


Click here for more: http://www.arma.org/rim/promotion/index.cfm#logos

Records@Work Pamphlet
They're brief, easy-to-read, and specifically targeted to non-records management staff. This is the brochure series that will have everyone in your organization reading and learning about the value of solid records and information management. Records@Work brochures cover basic RIM topics that every employee in your organization needs. These are great for orientation packets and training. Choose from four titles (click on the link below to view a sample of the brochure).

What Is a Record?
What Do I Do with All This e-Mail?
What Do I Do with All of My Old Records?
How Should I Pack Records for Storage?
What Information Do I need to Keep Secure?
What Do I Do with All This Paper
What Is a Records Center
What Are Vital Records?

Frequently asked questions relating to transfers of personal data from the EU/EEA to third countries

The Data Protection Unit of the Directorate-General for Justice, Freedom and Security at the European Commission has published aswers to FAQs with a view to assisting EU/EEA entities, and more particularly SMEs, in understanding the EU legal framework applicable to transfers of personal data processed in the EU (and the EEA) to “third countries” (i.e. countries that are not members of the EU or the EEA).
Download the document here: http://ec.europa.eu/justice_home/fsj/privacy/docs/international_transfers_faq/international_transfers_faq.pdf

EDPS second Opinion on ePrivacy Directive review and security breach

On 9 January, the EDPS adopted an Opinion on the review of the Directive on Privacy and electronic communications ("ePrivacy Directive"). This Opinion follows upon a first EDPS Opinion (pdf), as well as Comments (pdf), in which recommendations were made to help ensure that the proposed changes effectively provide for the best possible protection of personal data.
This Second Opinion comes as a response to the Council's Common Position which, on a number of critical points, fails to endorse some of the data protection safeguards proposed by the European Parliament and the European Commission, or previously recommended by the EDPS.

The Opinion particularly focuses on the provisions relating to the setting up of a mandatory security breach notification system for which the Supervisor believes there is still some room for improvement. It also includes a number of recommendations covering the following issues:
scope of application : the EDPS supports the Parliament's approach to broaden the scope of application of the Directive to include publicly accessible private networks in the Community. He recommends to further clarify the types of services that would be covered by the broadened scope; processing of traffic data for security purposes : the EDPS considers the new article introduced by the Parliament - and maintained by the Council's Common Position and the Commission's Amended Proposal - legitimising the collection of traffic data for security purpose as being unnecessary. In the EDPS view, such a provision may be subject to risk of abuse, especially if adopted in a form that does not include the necessary data protection safeguards;
right of action against infringements to the Directive : the EDPS calls upon the Commission and the Council to endorse the provision introduced by the Parliament that gives the possibility to legal entities, such as consumer associations, to bring legal action against infringements of any provisions of the Directive.

> EDPS Opinion (pdf)

New mandate for the EDPS: Peter Hustinx reappointed as Supervisor, Giovanni Buttarelli appointed as Assistant Supervisor

In December 2008, The European Parliament and the Council have agreed to reappoint Peter Hustinx as European Data Protection Supervisor (EDPS) for a second term of office. They have also appointed Giovanni Buttarelli as Assistant Supervisor for the same five-year term. He replaces Joaquin Bayo Delgado who decided not to run for a second mandate.

The new EDPS and Assistant EDPS formally took office on 17 January 2009.

Peter Hustinx has served as EDPS since January 2004, contributing to the building of the new supervisory authority and developing its role at Community level. Information on Peter Hustinx's background is available on the EDPS website.

Giovanni Buttarelli has been a member of the Italian judiciary since 1986, and Secretary General of the Italian Data Protection Authority since 1997. In 2002-2003, he served as President of the Joint Supervisory Authority set up in pursuance of the Schengen Agreement, after being its Vice-President in 2000-2001. He has represented Italy in many committees and working groups operating in the field of data protection, both at the level of the European Union (EU) and at the Council of Europe.

> EDPS press release (pdf)

Strong opposition to UK data sharing clause

The UK government is facing strong opposition to the clause in a draft Bill currently being debated in Parliament that removes barriers to data sharing between government departments to support improved public services. Justice Secretary Jack Straw is being called upon to remove the 'information sharing orders', aka clause 152, from the Coroners and Justice Bill. The British Medical Association has said that the whole profession is concerned for doctor/patient confidentiality, because the clause allows information obtained for one purpose to be used for another, with limited justification. Opposition also comes from such weighty quarters as Liberty, GeneWatch UK, Patient Concern, the Royal College of Psychiatrists, and the British Computer Society. Further, the Information Commissioner wants 'much stronger safeguards' in the bill to protect sensitive data, particularly health records. He has made a number of criticisms in an updated commentary on the Coroners and Justice Bill (outlined in Volume 9, Issue 4 of Privacy & Data Protection.) A copy of the ICO's commentary is available from the ICO's website.

Source: PDP Data Protection News

Call for Comment: ARMA International's Generally Accepted Recordkeeping Principles

ARMA International’s Board of Directors has approved a set of generally accepted recordkeeping principles (GARP) for member and public comment. These principles will serve as a framework for guidance in implementing information management programs. The defined set of principles will help business leaders, legislators, the judiciary, and other stakeholders understand and adress the key components of records and information management as a discipline and as a best business practice.

You can view and comment on the proposed principles at www.arma.org/GARP. Please use the e-mail address at the bottom of each page (garp@arma.org) for any comments regarding the supporting principle narratives. The comment period for GARP will end on Friday, March 6.
On behalf of ARMA International and the profession, thank you in advance for your participation in this exciting endeavor.

Offer to ARMA Members: Discounted Rate on RMS Conference

ARMA is pleased to announce that it is supporting the annual conference of the Record Management society of Great Britain which will take place on 19-21 April in Brighton (UK). As a result, ARMA members are able to register at the same rates as RMS members:

For more information on the conference and the conference programme, please visit http://www.rms-gb.org.uk/conference.To book, please visit http://www.rms-gb.org.uk/conference-delegates-2009, select the member rate and mention the word 'ARMA' when asked for a membership number on the booking form (only the word not the quotes). ARMA will also be present at the exhibition with a booth.

EU Data protection group publishes pre-trial discovery guidance

The Article 29 Working Party, an EU data protection watchdog, has published a guidance document on pre-trial discovery for cross border civil litigation.

This working document provides guidance to data controllers subject to EU Law in dealing
with requests to transfer personal data to another jurisdiction for use in civil litigation. The
Working Party has issued this document to address its concern that there are different applications of Directive 95/46 (Data Protection Directive) in part as a result of the variety of approaches to civil litigation across the Member States.

In the first section of this document the Working Party briefly sets out the differences in
attitudes to litigation and in particular the pre-trial discovery process between common law
jurisdictions such as the United States and the United Kingdom and civil code jurisdictions.

The document goes on to set out guidelines for EU data controllers when trying to reconcile the demands of the litigation process in a foreign jurisdiction with the data protection obligations of Directive 95/46.

Download the full document here: http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp158_en.pdf

Fresh start for lost file formats

Long lost file formats could soon be resurrected by pan-European research.
The 4.02m euro (£3.58m) project aims to create a universal emulator that can open and play obsolete file formats.

Read the entire article here: http://news.bbc.co.uk/2/hi/technology/7886754.stm

Deutsche Bahn accused of spying on own staff

Deutsche Bahn is in deep trouble. Not only has the state-owned operator had to postpone a recent planned part-privatisation because of the financial crisis., the BBC reports. Now it is also accused of spying on its own staff.

Berlin's data protection commissioner and prosecutors are currently conducting an investigation into the affair over any breaches of data protection.

Read the article here: http://news.bbc.co.uk/2/hi/business/7887017.stm

ARMA Foundation Newsletter

Check out the latest newsletter of the ARMA Educational Foundation here: http://content.delivra.com/etapcontent/ARMAInternationalEducational/March09FoundationHighlights.pdf

Commission dismantles data watchdog group

Group ‘compromised' by US interests; expert group met only once.
The European Commission has disbanded a group of experts that was supposed to review EU data protection legislation, following complaints in the French parliament that the body comprised people “representing American interests”.

The group of five experts, one of whom works for Google and another for Intel, was disbanded at the end of January – just over a month after the group first met – despite having been set up for a one-year renewable term. Alex Türk, a French senator and the chairman of data protection supervisors from the 27 member states, is understood to have complained about the group to Jacques Barrot, his compatriot, who is the European commissioner for justice, freedom and security.

French senate
Türk had raised the matter on 25 November in the French national assembly's European affairs committee and then raised it again in the French senate's equivalent committee last week (3 February). The senate committee was told that the group of experts was “composed of four-fifths of personalities representing American interests in order to reflect on the revision of the European directive of 1995 relating to the protection of personal data”, according to a report from the hearing on the French senate's website.
The committee proposed a resolution stating that it was “unacceptable” that four members of the group “are either from American companies or law firms whose principal establishment is in the US”.

Working language
The resolution also said that it was unacceptable that the working language of the group was English, as set down in its terms of reference.
Türk told the senate committee that he had spoken to Barrot about the group and he had admitted the “situation was abnormal”. Barrot had suggested forming a larger group of experts, but had yet to confirm if this could be done, Türk added. “Europeans must note that the gap is big between the American vision and the European vision,” Türk told the committee.
A spokesman for Barrot denied that any pressure was put on the commissioner to disband the group. He said that Barrot had wanted to broaden the consultation on the review of data protection laws beyond a small group of experts. “We were happy with passing on to the next level and a broader dimension was clearly seen. It's in the sense of having a broader approach,” he said. A letter dated 23 January from Barrot to Türk refers to the broader consultation and a series of conferences, adding that the expert group “will not last beyond the launch” of such a consultation.

Barrot's spokesman said that it was not unusual for an expert group set up by the Commission with a one-year mandate to be disbanded after one meeting.

‘No nationality issue'
The spokesman also denied the composition of the group and the nationality of the experts had any bearing on the decision to disband it. “You have to gather expertise in this globalised technical field and have people that can reflect and have knowledge of new technology,” he said.
The group's experts, who were not paid for their services, were selected after a tendering process and included: Peter Fleischer, global privacy counsel for Google; David Hoffman, director of security policy and global privacy officer for Intel; Henriette Tielemans a privacy lawyer with Covington and Burling, a US law firm; Christopher Kuner, a privacy lawyer with Hunton and Williams, a US law firm; and Jacob Kohnstamm, chairman of the Dutch data protection authority.

Information listing the members of the group and the text of the tendering process were taken off the Commission's website this week without any mention that the group had been disbanded.

Source: European Voice

Data Retention Directive has sound legal basis, rules ECJ

The European Union's Data Retention Directive has a sound legal basis because it connects to policing but does not actually cover policing functions, the European Court of Justice (ECJ) has said.

Ireland and Slovakia had objected to the Directive, which orders countries to pass laws requiring telecoms companies to retain phone and internet usage records for between six and 24 months so that they can be used to help solve crime.

Ireland and Slovakia took legal action to repeal the Directive because it was introduced by mechanisms reserved for economic laws and not through the processes reserved for laws relating to policing and justice.

The ECJ has said, though, that the Directive does regulate economic activity and not policing activity, and so was legally introduced and will stand.

Continue reading here: http://www.out-law.com/page-9783
View the ruling here: http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=EN&Submit=rechercher&numaff=C-301/06

Source: Out-law.com

Online consultation on the SEMIC.EU Multilingualism Study

Source: ePracice.eu

A study on multilingualism has been published by the Semantic Interoperability Centre Europe (SEMIC.EU) in January 2009. In order to collect stakeholders’ opinions and to help shaping SEMIC.EU’s future approaches to multilingual issues, a public online consultation has been launched.

The SEMIC.EU Study on Multilingualism describes efficient ways to deal with multilingual data exchange and argues that pivot mappings are the key to preserving meaning. The study can be summarised as follows:

Interoperability in a multilingual environment:

• How should multilingualism be incorporated in Semantic Interoperability Assets?
• How should pan-European federated applications be interconnected?

The SEMIC.EU Study on Mulitilingualism argues that any mapping between different languages should be performed by using pivot mapping and appropriate mapping languages.

English as a pivot language:

All data exchanged as well as the defining artefacts within a Semantic Interoperability Asset should be available in the pivot language accepted by all partners. Usually, English is used as the pivot language in the context of the European Union. It is highly advisable to widely use the pivot language, e.g. for identifiers, in technical artefacts like XML schemata, etc. The pivot mapping reduces the number of mappings.

Schema Mapping and Controlled Vocabularies:

This approach exploits two elementary mapping techniques. Schema mapping, on the one hand, can be used for structural changes and is a syntactic method to solve semantic issues. The usage of controlled vocabularies, on the other hand, requires more sophisticated techniques such as taxonomies, multilingual thesauri, or ontologies. These techniques offer powerful means to translate terms on a semantic level superior to pure machine translations.

Further information:
SEMIC.EU Website – Multilingualism section
ePractice Library – EU: SEMIC.EU Study on Multilingualism
Direct link to the online consultation on the Multilingualism Study

Offer to ARMA Members: Discounted Rate on RMS Conference

ARMA is please to announce that it is supporting the annual conference of the Record Management society of Great Britain which will take place on 19-21 April in Brighton (UK). As a result, ARMA members are able to register at the same rates as RMS members:

For more information on the conference and the conference programme, please visit http://www.rms-gb.org.uk/conference.To book, please visit http://www.rms-gb.org.uk/conference-delegates-2009, select the member rate and mention the word 'ARMA' when asked for a membership number on the booking form (only the word not the quotes).

ARMA will also be present at the exhibition with a booth.

EU mulls new data protection initiatives

Source: euractiv.com

As Europe celebrated its third 'data protection day' yesterday (28 January), the European Commission announced plans to tighten the relevant rules. Meanwhile, EU privacy authorities are focusing on Internet search engines' data storage and street viewing software.
Brussels will launch a Europe-wide public consultation by April on how to reinforce data protection. "We have to reflect on the possible necessity of modernising the existing legal framework to respond to the challenges posed by new technologies," said EU Justice and Home Affairs Commissioner Jacques Barrot during a conference in the European Parliament yesterday (28 January).

An expert group set up by the Commission is currently studying possible innovations that could help update the Data Protection Directive , which dates back to 1995. Many issues are at stake, including extending the concept of personal data to IP addresses and cookies, which allow very detailed profiles of Internet surfers to be created, although they only provide indirect identification of users (EurActiv 05/12/08).

National privacy regulators have already issued an opinion in favour of broadening the list of personal data to include IP addresses and cookies. They will further discuss the issue at their next meeting on 10-11 February, when they will also address the duration of data retention by search engines.

Google, Yahoo, and MSN store information (cookies) on Web users' computers. By retrieving the cookies, they put together detailed profiles of users every time they access the Web. This improves the quality of services offered: thanks to cookies, there is no need to retype passwords in accessing a restricted area, for example. However, such data reveals much about the user, and it is often used for sending unsolicited and targeted advertising.

EU data protection authorities, brought together in the 'Article 29 Working Party', proposed a six-month retention period for cookies. Search engines offered various reactions to the plans. Google, whose business model is highly reliant on personal data, voluntarily cut its retention period from 18 to nine months. Microsoft abided by the six-month proposal, seizing upon it as a possible standard for the industry (EurActiv 10/09/08).

Representatives of the two US giants will participate in the data protection meeting in February, together with delegates from Yahoo, and Ixquick. No decisions are expected to be taken at the meeting, but a new opinion on the issue from the Article 29 Working Party is expected in the coming months, according to sources close to the dossier.

The other delicate subject on EU privacy authorities' table in the coming months is the potential risks posed by "panoramic street-level view services," made famous by the Google's successful Street View. Such software makes it possible to look at cities right down to street level, with cars, people and shops.

First introduced in the US, Street View has already been launched in France, Italy and Spain. EU regulators discussed the service, "as it raises privacy and data protection concerns," according to a press release recently issued by the Article 29 Working Party.

Google blurs faces, car plates and other features that could allow the identification of people, but problems could arise from the storage of the massive amount of pictures required to enable the service and which Google has already collected. "Data protection rules might be applicable," the European data protection supervisor, Peter Hustinx told EurActiv.

In such a case, Google must ask the prior consent of those who appear in the pictures, even if blurred. The service could thus find itself hit heavily. "We will work with all relevant institutions and authorities and we look forward to providing any additional information that may be requested," commented Peter Fleischer, global privacy counsel at Google.

To celebrate the third data protection day, a conference was held yesterday (28 January) in the European Parliament to raise awareness among young people of the privacy and security risks hidden in the Internet.

As underlined by Barrot, "in the 15-24 age group, only 33% are aware of their rights in relation to their own personal data," despite being the main users of the Internet and social networking websites, such as MySpace or Facebook. "They are exposing their everyday lives online without being aware of the risks the online activities could entail," he said.

UK Information Commissioner's Office launches public consultation on a Privacy Notices Code of Practice

The UK's Information Commissioners Office (ICO) has launched a public consultation prior to publishing a Privacy Notices Code of Practice. The Code of Practice will help organisations to draft clear privacy notices and make sure that they collect information about people fairly and transparently. The Code contains good and bad examples that organisations will be able to use to help draw up their own privacy notices.We would welcome your comments on the draft code of practice by Friday 3 April 2009.

How to respond
Please use the response form for submitting your comments. Forms should be saved in Word format and emailed to: consultations@ico.gsi.gov.uk . Alternatively you can print out this form and post to: Data Protection Development Team, ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.Click on the titles below to view the draft code of practice and the consultation response form.
Draft Privacy notices code of practice
Privacy notices code of practice: consultation response form

EU to launch biometric passports by summer

From euobserver.com

MEPs on Wednesday (14 January) backed new rules on the introduction of biometric passports throughout the EU later this year, while exempting children under 12 years from having fingerprints included in their passports.
The rules were approved at a first reading by an overwhelming majority of MEPs – 594 against 51, while 37 abstained.

The parliamentarians underlined the need to improve document security in the EU by introducing "more reliable biometric data, namely fingerprints," and highlighted the different criteria member states currently apply when checking the passport applicants' identity.

Continue reading here: http://euobserver.com/9/27407/?rk=1

Libel Tourism: Are English courts stifling free speech around the world?

From The Economist 8 January 2008

SEEN one way, it is nothing short of a scandal. Small non-British news outlets and humble non-British authors (in many cases catering almost wholly to a non-British public) are being sued in English courts by rich, mighty foes. The cost of litigation is so high ($200,000 for starters, and $1m-plus once you get going) that they cannot afford to defend themselves. The plaintiffs often win by default, leaving their victims humiliated and massively in debt.

Click here to continue reading: http://www.economist.com/world/international/displaystory.cfm?story_id=12903058