ENISA Report on E-health

ENISA has just released a report presenting major potential Emerging and Future Risks in a possible remote health monitoring and treatment scenario. The report is the result of an Emerging and Future Risk assessment based on scenario building and analysis. This e-health scenario is the first in a series that will be developed and analyzed by an international group of interdisciplinary experts. In the report 14 risks have been identified. It also underlines the importance of a cautionary approach to be followed in regards to the adoption of beneficial e-health solutions....You will find more information and the full report at:http://www.enisa.europa.eu/pages/02_01_press_2009_03_20_being_diabetic_2011.html.

Nouvelle Norme Pour L'Archivage Electronique

Attendue de longue date, la nouvelle version de la norme AFNOR relative à l’archivage électronique (NF Z42-013) a pris effet le 4 mars 2009. Le texte contient plusieurs innovations dont la plus importante concerne les supports d’archivage. La version précédente de la norme datée de décembre 2001 ne concernait que les supports non réinscriptibles de type disque WORM (write once, read many). Les supports réinscriptibles de type disques magnétiques sont désormais reconnus à condition que l’intégrité des archives soit assurée par des moyens cryptographiques (empreinte, horodatage, signature électronique).


puce Lire la suite : http://www.cecurity.com/site/PubArt200902.php

From: Newsletter de Security News

Microsoft to Have Expanded Presence in Records Management

From ARMA's Informationoverload Blog:

According to this Digital Energy Journal post, "Paul Duller, information services director for Tribal Software and chairman of the 1,500 member UK Records Management Society, says he believes that Microsoft will soon have a much bigger presence in records management services in the oil and gas industry."

Invitation to ARMA members working in financial institutions

Last week’s Turner report has raised the bar on record management yet again:

“In the future the FSA’s supervisors will seek to make judgements on the judgements of senior management and take action if in their view those actions will lead to risks to the FSA’s statutory objectives. This is a fundamental change.” DP 09/2 11.14 p. 186.

Evidence would suggest that few are able to clear the current MiFID Article 51 bar. The Committee of European Securities Regulators (CESR) has given us the option to comment on the current level of standards across Europe – we have until 7 April to respond if we want this “low priority” to be taken seriously http://www.cesr.eu/index.php?docid=5641.

The JWG-IT Think-Tank, who are leading new approaches to EU record keeping requirements, invite you to an industry seminar on 30 March from 16:00-18:00 at a financial institution in Canary Wharf, London to:

1. Review of the recent FSA shifts and MiFID Art. 51 implementation status
2. Discuss the what a ‘good list of minimum records for wholesale business’ looks like (including an overview of our FSA Industry Guidance efforts)
3. Agree next steps (including the response to the CESR/09-088 work plan).

Drinks will follow the seminar.

This seminar is open to all JWG-IT members and employees of financial institutions. Regardless of where you sit - compliance, facilities, technology, operational risk or elsewhere – we welcome your participation.

To reserve your seat, please contact jitz@jwg-it.eu

April is RIM Month: Promote RIM Within Your Organisation!

Managing records and information is an essential element to the competitiveness and accountability of an organization. Too often, RIM professionals are the unsung heroes of the organization. It’s time to promote the value of RIM!


Click here for more: http://www.arma.org/rim/promotion/index.cfm#logos

Records@Work Pamphlet
They're brief, easy-to-read, and specifically targeted to non-records management staff. This is the brochure series that will have everyone in your organization reading and learning about the value of solid records and information management. Records@Work brochures cover basic RIM topics that every employee in your organization needs. These are great for orientation packets and training. Choose from four titles (click on the link below to view a sample of the brochure).

What Is a Record?
What Do I Do with All This e-Mail?
What Do I Do with All of My Old Records?
How Should I Pack Records for Storage?
What Information Do I need to Keep Secure?
What Do I Do with All This Paper
What Is a Records Center
What Are Vital Records?

Frequently asked questions relating to transfers of personal data from the EU/EEA to third countries

The Data Protection Unit of the Directorate-General for Justice, Freedom and Security at the European Commission has published aswers to FAQs with a view to assisting EU/EEA entities, and more particularly SMEs, in understanding the EU legal framework applicable to transfers of personal data processed in the EU (and the EEA) to “third countries” (i.e. countries that are not members of the EU or the EEA).
Download the document here: http://ec.europa.eu/justice_home/fsj/privacy/docs/international_transfers_faq/international_transfers_faq.pdf

EDPS second Opinion on ePrivacy Directive review and security breach

On 9 January, the EDPS adopted an Opinion on the review of the Directive on Privacy and electronic communications ("ePrivacy Directive"). This Opinion follows upon a first EDPS Opinion (pdf), as well as Comments (pdf), in which recommendations were made to help ensure that the proposed changes effectively provide for the best possible protection of personal data.
This Second Opinion comes as a response to the Council's Common Position which, on a number of critical points, fails to endorse some of the data protection safeguards proposed by the European Parliament and the European Commission, or previously recommended by the EDPS.

The Opinion particularly focuses on the provisions relating to the setting up of a mandatory security breach notification system for which the Supervisor believes there is still some room for improvement. It also includes a number of recommendations covering the following issues:
scope of application : the EDPS supports the Parliament's approach to broaden the scope of application of the Directive to include publicly accessible private networks in the Community. He recommends to further clarify the types of services that would be covered by the broadened scope; processing of traffic data for security purposes : the EDPS considers the new article introduced by the Parliament - and maintained by the Council's Common Position and the Commission's Amended Proposal - legitimising the collection of traffic data for security purpose as being unnecessary. In the EDPS view, such a provision may be subject to risk of abuse, especially if adopted in a form that does not include the necessary data protection safeguards;
right of action against infringements to the Directive : the EDPS calls upon the Commission and the Council to endorse the provision introduced by the Parliament that gives the possibility to legal entities, such as consumer associations, to bring legal action against infringements of any provisions of the Directive.

> EDPS Opinion (pdf)

New mandate for the EDPS: Peter Hustinx reappointed as Supervisor, Giovanni Buttarelli appointed as Assistant Supervisor

In December 2008, The European Parliament and the Council have agreed to reappoint Peter Hustinx as European Data Protection Supervisor (EDPS) for a second term of office. They have also appointed Giovanni Buttarelli as Assistant Supervisor for the same five-year term. He replaces Joaquin Bayo Delgado who decided not to run for a second mandate.

The new EDPS and Assistant EDPS formally took office on 17 January 2009.

Peter Hustinx has served as EDPS since January 2004, contributing to the building of the new supervisory authority and developing its role at Community level. Information on Peter Hustinx's background is available on the EDPS website.

Giovanni Buttarelli has been a member of the Italian judiciary since 1986, and Secretary General of the Italian Data Protection Authority since 1997. In 2002-2003, he served as President of the Joint Supervisory Authority set up in pursuance of the Schengen Agreement, after being its Vice-President in 2000-2001. He has represented Italy in many committees and working groups operating in the field of data protection, both at the level of the European Union (EU) and at the Council of Europe.

> EDPS press release (pdf)