Privacy Compliance & Data Security : Data Security Lawyer & Attorney : Fox Rothschild Law Firm : Privacy Rights, Security Breach Responses

Microsoft recently announced its new Trustworthy Computing: Data Governance web site at Tech•Ed.

According to Microsoft, it is promoting data governance because:

“Growing public concerns about abuses of consumers’ personal information threatens to curtail the growth of online commerce and services. Data Governance directly addresses these concerns.

Data Governance can reduce an organization’s IT costs and improve its control over its information, which increases data security and privacy and improves responses to changing compliance requirements.

Conversely, poor Data Governance raises the risks of data breaches, including identity theft and fraud, which can erode trust in an organization, trigger financial or legal penalties, or reduce confidence among employees, customers, and investors.”

Although the purpose of the Data Governance web site is to serve as a reference for software and application developers, it is also a good reference to any person involved in developing and maintaining data integrity, security, storage and sharing that contains personal information.

Among other things, the Data Governance web site is a resource for developing data policies, complying with regulatory and best practices requirements, and establishing length of storage issues.

As required by more and more state statutes, Microsoft is promoting the development and implementation of data policies and action plans.

Although the materials are helpful and directed as more of a what-to-do, not a how-to-do it, Microsoft does publish its own standard privacy guidelines, as well as an IT Compliance Management Guide. Although these materials are prepared for Microsoft, and are not applicable to very many businesses, they are good resources for anyone wanting to get a flavor for these types of documents.

• Print
• Comments
• Trackbacks
• Share Link

Starting April 6, 2009, European Union telecommunications companies and Internet service providers (ISPs) suddenly found themselves required to store even more data about their users.

Under existing requirements under the 2006 Data Retention Directive, telecommunications providers are required to retain records (when calls were made and the origination/destination details) regarding telephone calls made over their lines.

Now, The Data Retention Regulations 2009, those European telecommunication providers, and for the first time some ISPs (other than ISPs that also provide voice over IP services, which have always been covered), must retain details of Internet traffic and electronic mail transmissions for a period of six (6) to twenty-four (24) months from origination.  The United Kingdom has determined that the period of retention shall be twelve (12) months.  Sweden has threatened to “ignore” these new requirements.

Although the new regulations do not require the retention of the actual data (i.e., the telephone conversations, Internet content or the electronic mail content), affected European telecommunication providers and ISPs must retain the details of the transmissions (e.g., origination and destination telephone numbers, length of telephone calls, IP address of the user, but not the destination IP addresses, and electronic mail addresses, time of transmission).

• Print
• Comments
• Trackbacks
• Share Link