We then considered enforcement trends. The total number of fines is going up; the maximum under the DPA is £½ m, the maximum under the GDPR will be €20m or 4% of global turnover. Today the ICO can fine under two laws, the Data Protection Act and the Privacy and Electronic Communication Regulation (PECR), which regulate Data Controllers and Processors and direct mailing houses respectively. The ICO have taken more interest in the DPA since they gained fining powers. This note looks at the record in court, the change in enforcement powers, and notes that the preponderance of fines have been levied due toinadequate technical protection. …
IT security and privacy in Italy
CSI Piemonte, an Italian public sector co-operative visited Sun yesterday to talk about today and tomorrow’s Security with Alec Muffet and Dave Walker, and I had the honour of hosting and MC’ing the meeting. This article looks at tools for implementing defence in depth and looks at the Italian privacy laws. …
Upgrading the Qube
Three days ago, I finally received another Qube with two shiny new disks and found that at home my 5 year old PC has an ethernet controller old enough to permit the recovery disk to boot. This part of the process is really neat and hard to get wrong. (I have initialised the Qube from the OS recovery disk. This involves booting another computer using the recovery disk which is a Linux disk. This system acts as a boot server and I configured the Qube to boot from the net.) I have just finished running the upgrade process for the Qube. Given the OS was published in 2001, there are 73 upgrades and order is significant. …