|
|
Keeping your staff’s personal information safe online
Media law expert Cleland Thom warns of the dangers of mixing business with pleasure.
Personal information
Private material on social networking sites is protected by the media regulatory codes, and the law.
In short – instruct your clients:
1. Never publish personal information anywhere on the web.
2. Assume the content of ALL emails will be published.
3. Never mix business with pleasure on sites like Facebook.
What’s personal
The European Convention on Human Rights gives privacy rights to:
1. Your correspondence – written and digital.
2. Your family life
3. Your private life
4. Your home life
5. Health and medical information
The PCC /Ofcom Codes
Publishing people’s personal information can be a breach of privacy. You may be able to protect clients from breaches.
Just because someone uploads their details and photos to a social networking site like Facebook does not mean they have consented to the media using them.
The media can only publish personal / private information safely if it is in the public interest. And if the person is under 16, exceptional public interest must be proved.
Photos – PCC Code and the DPA
The PCC and the courts make it clear that photos involve a greater invasion of privacy than words.
Photos published in areas of someone’s Facebook that are marked for ‘Everyone’ can be used by the media, though journalists should get consent unless publication is in the public interest.
There are issues with the Data Protection Act, too.
The Information Commissioner says that he treats images published on Facebook as for ‘personal use’ , similar to ‘family albums’.
So the journalist should not publish them without consent , unless there is a clear public interest issue.
Suicides and grief
Clients are entitled to significant protection during times of grief and shock.
The Press Complaints Commission has also issued new guidelines about the reporting of suicides:
1. Photos of victims of suicides, or other deaths on Facebook should not be used without consent of the close family, unless there is public interest in the victim – whether they are obtained from the dead person’s page, or someone else’s.
2. If there is a spate of suicides, photographs of previous victims should not be used each time a new death arises.
3. Excessive detail about suicides (including photos) should not be used.
4. Precise details about methods of suicides should not be reported.
5. Journalists should beware intruding into families’ grief and shock, both with approaches for stories and photos, or with the way stories and photos, including inquests, are presented. Note – these approaches apply to those made through Facebook as well as normal routes like door-knocks, etc. There is no problem in making an approach – but it should not amount to harassment or intrusion.
6. Tributes or comments from tribute sites, or from the Facebook pages of friends of people involved in deaths or accidents are usually safe to use – but again beware intruding into families’ grief and shock.
The law
EU Information Society Commissioner Viviane Redding has reminded the media: -European privacy rules are crystal clear: a person’s information can only be used with their prior consent.
The ECHR articles on privacy are worded the same as the PCC and Ofcom Codes. So the advice above applies to privacy law, too.
A reader can deal with an alleged invasion of privacy by a journalist, either under the codes, or through the courts, or both.
Readers are more likely to use the codes, because it is quicker and free.
This extract is taken from the PR Media Law Guide, price £19.95. To order a copy, contact: cleland@ctjt.biz
Cleland Thom does media law training and consultancy to a number of corporation and public authorities, including GPSJ, United Utilities, World Trade Group, Herts County Council, London Borough of Brent and Three Rivers District Council.
Trusteer’s research group has found that 30% of attacks against websites that use two-factor authentication are now utilizing real-time man-in-the-middle techniques to bypass this trusted security mechanism. These findings are based on monitoring of thousands of Phishing attacks.
According to Mickey Boodaei, Trusteer’s CEO, in a real time phishing attack the user enters details onto a phishing website which captures the banking credentials and authentication information; the stolen credentials are then immediately used to open a session on the real bank website to commit a fraud. Authentication information typically captured and used by criminals in real time phishing include: One Time Passwords (OTP) ; tokens; SMS authentication; Card and Readers, rendering them ineffective against this type of attack.
Most phishing attacks to date have been completely static. In traditional phishing attacks the victim reaches a phishing website, submits login credentials, and these credentials are stored for later use by e-criminals. The introduction of strong two-factor authentication systems, especially one time passwords, rendered these attacks useless as fraudsters could not use static stolen credentials to commit fraud. With strong two factor authentication the user is required to provide a OTP as part of the login process. There are many OTP approaches, some of them are based on token devices that users carry along with them, others are sent to the user’s phone as an SMS text or voice call each time the user tries to log on. OTP’s are limited in time. Even if the fraudsters managed to capture OTP data there is only a short period of time in which this data can be used. For some time, websites that used strong two-factor authentication reported a significant drop in phishing attacks. The e-criminals, however, have not given up.
Man-in-the-Middle Phishing
-Recently Trusteer have noticed an increase, on 3 different continents, of a type of attack called man-in-the-middle phishing or, real-time phishing. This tactic allows fraudsters to completely bypass two-factor authentication. The concept is not a new one and is well known in the security world; however, up until now, we haven’t seen too many attacks like this. The recent escalation of websites now experiencing this type of attack is a cause for immediate concern,” said Boodaei.
In a man-in-the-middle attack the phishing website is connected, in real-time, to the bank website. The credentials that the user submits to the phishing site, including OTPs, are stolen and used immediately by the fraudsters to initiate a fraudulent session with the bank website. It doesn’t matter if the website is using a dedicated OTP token, SMS authentication, Card and Reader, or any other type of two-factor authentication.
At first glance, real-time phishing seems just like any other phishing attack. On closer examination of the malicious website, however, one can determine that it is, in fact, connected in real-time to the bank. This enables any information submitted to the fake web page to be immediately posted to the bank website.
Many organizations that used strong two-factor authentication were dismissive of phishing attacks as they assumed that they were incapable of bypassing their security controls. This is no longer the case. Using phishing kits with real-time capabilities fraudsters have improved their operations to conduct fraud in real-time.
-With real-time phishing, OTPs are becoming useless. There is no update or improvement to OTP that can defeat real time phishing. The best form of defence is to implement dynamic layers of security, including browsing security, that can adapt to and block new threats,” said Boodaei.
Media law expert Cleland Thom offers some simple advice on an important law.
Copyright law protects original work. It affects PRs in two different ways:
1. The media may illegally use your copyright material.
2. You may illegally use someone else’s copyright material.
Copyright covers:
1. Written words.
2. Photos.
3. Logos.
4. MP3 / MP4 files.
5. Images.
6. Clips from YouTube etc.
7. Page designs.
8. Computer programmes.
9. Databases.
It doesn’t cover:
1. Facts.
2. News.
3. Information.
4. Ideas.
5. Slogans.
Who owns copyright?
1. Employers – not employees.
2. Freelance writers.
3. Freelance photographers.
If you are distributing material to the media (images, photos, words, podcasts etc), it is your job to check the copyright and obtain necessary consents.
If you have a photo that was commissioned for private or domestic use (eg: someone’s wedding photo, graduation pic etc) you must get the consent of the person who COMMISSIONED it. They have the right to veto publication. You need the consent of the PHOTOGRAPHER, too.
Fair dealing
EXTRACTS of copyright work can be used – free, and without consent, on two occasions:
1. To report current events – but you can only use words, not pix.
As a guide, you should use less than a third of the original. Weigh up:
How many extracts have been used?
What percentage of the original have been used?
The percentage the extracts make up of the new article.
2. For review purposes – words or pix.
You can only use as much as you need to make your point.
The conditions of fair dealing are:
1. The copyright owner must be given sufficient credit.
2. You must not misrepresent the work or make fun of it.
3. You must not pass it off as your own.
Don’t …
1. Lift pix from the web, or anywhere else, without written consent.
2. Use videos from YouTube or elsewhere on the web, without written consent.
3. Lift facts from copyright work, without checking they’re accurate.
4. Use ‘personal’ pix without written consent – see above.
5. Use frame-grabs from TV or the web without acknowledgement.
6. Alter graphics or pix and pass them off as yours.
7. Deep link to other sites and give the impression the content is yours.
This extract is taken from the PR Media Law Guide, price £19.95. To order a copy, contact: cleland@ctjt.biz
Cleland Thom does media law training and consultancy to a number of corporation and public authorities, including GPSJ, United Utilities, World Trade Group, Herts County Council, London Borough of Brent and Three Rivers District Council.
The ProcessFlows Text Message Server (TMS) platform was chosen by Fireco, manufacturers and installers of wireless fire safety products, as the text messaging gateway for their new Deaf Message Service (DMS) fire notification solution for the deaf and hard of hearing.
DMS has been developed by Fireco and partners – ProcessFlows, Adaptive Modules (modem technology provider) and Wireless Logic (SIM technology provider) – to meet the demand for improved emergency notification communications for the deaf community.
Using DMS, deaf people who are out and about in a public place in which DMS has been installed, can sign up to receive ‘fire alarm sounding’ notification on their mobile phone.
Text is a global success story, so it is not surprising that innovative applications are being built on top of the SMS technology.
Why was DMS developed?
One in seven people in the UK suffer some degree of deafness
Deaf people have concerns that they could remain unaware of an emergency situation in a public place
There are 76,168,000 mobile phone subscriptions in the UK (SMS mobile phone stats for 2008/2009
ProcessFlows developed TMS to be a powerful and adaptable tool – making it the ideal SMS platform on which to build wireless applications
Claire Chilton, an assessor for Level One British Sign Language exams and a TV presenter on deaf issues is profoundly deaf. Claire said -DMS is such a brilliant idea. Using text messaging to let you know a fire alarm is sounding is using something deaf people use all the time.”
How DMS works:
Stage 1 – Signing up
User visits location where the DMS system is installed – which could be your local supermarket
User sends a text with the location code to the DMS number
The DMS server receives the text and adds the user to the location given
The user is sent a text by the DMS server to let them know they are connected to DMS for that location
Stage 2 – When the fire alarm sounds
When the fire alarm sounds (unless it’s a test) DMS will send a text to the server
Users connected to the specific location receive a ‘Fire’ text advising them to evacuate
The main benefit for users:
DMS gives deaf and hard of hearing people the reassurance that they will be as aware of an audio warning of an emergency situation as the rest of us.
The main benefit for Public and Service Providers:
DMS helps service providers and employers comply with the Disability Discrimination Act (DDA). It is designed to respond to a fire alarm installed in conformity with the British Standard 5839 Part 1.
Editor’s Notes
ProcessFlows’ SMS technology is also enabling a patient appointment reminder system – SMS Patient Notification – a solution designed and developed to help cut the cost of missed appointments to the NHS.
Further information about DMS can be found at www.deafmessageservice.com
Further information about ProcessFlows at www.processflows.co.uk
Procurement specialist xynergie has called for Government savings announced in the Spending Review [Oct 20th 2010] to be achieved through improving procurement efficiencies, rather than by cutting frontline services.
xynergie chief executive Tony Lockwood said: -Government procurement inefficiencies were highlighted in Philip Green’s Efficiency Review. While the chancellor has said it will make savings by improving efficiency as well as making cuts, we are yet to see how they will achieve this. Technologies and methodologies are available and in-use in the private sector that completely rule out the levels of inefficiency shown in the Philip Green report.
-In the way it handles procurement, the Government needs to get up to speed with the private sector. It must re-engineer its procurement processes and make savings with backroom efficiency, not frontline cuts.”
For further information, go to
www.xynergie.co.uk
The emerging agreements as part of the spending review set out a clear financial expectation (required quantum and phasing of spending reduction). The challenge is to commute the expectation into practice without an unnecessary degradation in ‘front-line services’. Third Horizon experience confirms the following will be necessary:
An operational blueprint
Sponsorship from the top
An operational blueprint
The blueprint translates a financial requirement into an operational reality. Let’s take the MOD as an example. Total UK expenditure equates to 2.6% of GDP today and it is mandated that it will fall (by ~10% – according to press reports) to ~2.3% as a result of the spending review (which compares, for example to 1.8% in Australia and 1.3% in Canada). We have been spending at a relatively high level and the reduction will bring that spend more in line with our peers. But we have intractable problems within the MOD which need to be resolved as part and parcel of this spending reduction. We spend a disproportionate amount on bureaucracy and inter-service rivalry (e.g. as Liam Fox said “There is one civilian for every two armed forces personnel in the Ministry of Defence. In other words the total of civilians in the MoD is larger than the Royal Navy and the RAF combined”). This is unacceptable and must change. Defence expenditure should be primarily about achieving a security outcome rather than maintaining tradition or as a tool of industrial policy where certain businesses are propped up. The operational reality must, in the vernacular, make sure we cut the fat rather than the muscle.
Sponsorship from the top
No-one can doubt the political will to reduce government expenditure. But this does not mean the desired savings will be realised. Political will needs to be commuted to departmental intent. Sir Philip Green suggests there is scope to improve procurement across Government and he is surely right not least because other high-level reviews have come to similar conclusions. But the sceptics and cynics cry ‘why should anything happen this time’? Nothing short of a root and branch culture change will suffice and this will entail inter alia:
1. Focusing on non-negotiable outputs (rather than on inputs and processes)
2. Embedding business case thinking into all investment and change programmes (identifying the NPV taking account of risk and possible delay)
3. Removing barriers to change (whether they be people-, process- or protocol-related)
4. Effective communication (ensuring the message is heard, understood and reinforced through, for example, the reward mechanism)
Our track record
Third Horizon is currently working with a number of Australian federal and state government departments including:
The Department of Defence – a workforce and shared service review
NSW State Health Department – efficiency review and governance restructure implementation
‘Service Delivery Reform’ – a back office IT-enabled integration project across three Australian government departments (Department for Human Services, Centrelink and Medicare)
The NSW Department of Premier and Cabinet – shared services design across 13 super agencies
Department of Services, Technology and Administration – a major efficiency programme.
The overall themes of our work are:
Creation of super agencies (to deliver economies of scale and scope)
Integrating agencies at the point of delivery (to both reduce cost and improve customer experience)
Unlocking benefits from shared services (to deliver economies of scale and scope as well as improved capacity utilisation)
Better IT-enabled processes (effectively harnessing IT in both the front- and back-office).
With over 22,000 students, 800 teaching staff and 800 visiting lecturers, the University of Westminster prides itself on the ability to offer the best resources to facilitate learning. Undergraduates make up 75 per cent of students and more than 5,000 are international students from over 150 countries. Westminster is in the top 15 of most popular UK universities for international students and continuing to attract over-seas students is an important business driver for the organisation.
The University recognises the importance of technology in delivering services and facilities to attract new students. Since selecting systems integrator, Esteem Systems, to work on an ambitious IT infrastructure-transformation project, The University of Westminster has:
Powerful infrastructure running on just 18 servers (spread across two sites)
Minimised power consumption and carbon footprint
Reduced maintenance and support costs
Failover mechanisms and improved disaster recovery with two data centres
Improved performance and simplified IT management whilst minimising downtime
Secure, reliable and high availability system with dynamic resource scheduling and performance migration
The University of Westminster
With three campuses in central London and one in Harrow, the University of Westminster can offer all the academic, cultural and career opportunities expected from an international educational institution in one of the world’s most vibrant cities.
The University attracts over 22,000 undergraduates and postgraduates from 150 different nations, making it one of the most popular UK universities for international students. Westminster is the leading modern university in a number of research areas including art and design, electronic engineering and law. It has also achieved excellent QAA ratings for a wide range of courses, such as Arabic, building, communication and media, and politics.
Opening a new chapter
Today, the University of Westminster’s storage and data requirements are immense with an explosion of electronic learning and research resources such as databases, e-journals, webpages, exam papers and CD-ROMs.
Jesse Lewis, Principal Systems Development Officer (Microsoft) ISLS at the University of Westminster, explains, -Universities are more like commercial businesses than ever before and so we are in a very competitive environment. A solid technology foundation means we can continue to grow and adapt to our changing needs as an organisation.”
Before the implementation, processing power, data centre space, storage capacity and electricity consumption, were all key challenges for the University. It needed to scale its system support to meet the increasing demand for electronic and online resources, without putting any additional strain on core business applications, such as student records, HR and library resources.
-Not only did we need redundancy to meet our additional needs, we required a server infrastructure that would allow us to carry out regular maintenance without disrupting day to day needs. Our staff and students need to be able to focus on their work without worry about a frustratingly slow system or worse, lost information and data,” adds Jesse Lewis.
-We were very aware of green computing targets and how virtualisation would help us to meet these. By allowing us to reduce the physical amount of servers required, we would be able to reduce power consumption and minimise cooling equipment. It would also give us the opportunity for up-scaling in the future,” says Jesse Lewis.
The right answer
The University put out a tender to find the best virtual technology available to meets its needs and, following stiff competition Esteem was awarded the contract. -Whilst all the competitors offered a VMware solution, Esteem stood out because of its heritage in the education sector and obvious understanding of how to meet our needs,” comments Lewis.
Esteem Systems has more than 20 years experience of working with organisations to improve their performance by aligning business objectives with the delivery of tailored IT services. In this time it has designed, implemented and managed IT solutions for both public and private sector companies and has proven ROI.
The prep work
Esteem was selected to work closely with the University’s IT team to mentor them on how to operate all aspects of the new infrastructure, enabling them to complete the project. Esteem invested time into bringing the University’s IT team up to speed on how to manage the new server estate, improve availability and IT processes, meaning University staff can now manage the new IT infrastructure without the need for additional support from Esteem.
Jesse Lewis explains, -We knew virtualisation would allow us to refresh hardware more easily because we’d tested it in a development environment and were sure of the benefits. Esteem was chosen for its expertise and ability to help replicate this success for real”.
Seeing results
Working together, Esteem guided the University of Westminster staff through the process of building the new infrastructure using VMware virtualisation technology before migrating existing and additional virtual services over. Spread across two remote data centres (one in West London and one in Harrow), 18 servers are now supported using DataCore SanMelody to provide replication services in the event of disruption to one site.
Jesse Lewis continues, -Upgrading our IT performance through virtualisation has guaranteed us a significant return on server investment and a lower total cost of ownership. Every machine on the University network has already seen a performance increase in speed, which has been recognised by staff and students alike.”
Now, the University of Westminster is able to refresh its core business applications as necessary with greatly reduced downtime for staff and students. As demand changes the University can modify and allocate resources quicker than before. Before the new infrastructure was built it would take the IT team several days to buy new hardware and configure it, now the IT team simply have to manage a simple reboot and add memory to accommodate additional demands to the system.
The University can dedicate fixed resources to a chosen server when required and tailor a server’s processes through performance migration that is built into the system. Policies set within the software best utilise server capacity, for example, to schedule maintenance or updates when demand is light.
High availability of the new IT infrastructure means that in the event of physical server malfunction, all virtual servers automatically move to another physical server to prevent loss of data and downtime. The solution also provides the ability to drag and drop a running virtual server with no downtime from one host to another, which means that computer users can work without the knowledge that IT maintenance is taking place.
The northern launch of publicsectorknowhow.co.uk took place at the city of Manchester stadium in October.
The business, ambitiously described as, -the best thing to happen to the public sector this year, marks a new era of co-operation and collaboration which will help safeguard the future of public services by encouraging them to change practices and performance, and by connecting skills, experience and contacts.
Publicsectorknowhow is the innovative creation of co owners Sharon Richardson and Gill Gourley, themselves experts within the public sector in the areas of communication and programme management and procurement and transformation.
Richardson says -With experience across both the public and private sector in the last decade I can see where the two differ, but also where there is great potential for them to learn from each other. Sharon says -The current climate is difficult but not insurmountable, and it will take some radical thinking to make changes within public services and how they are procured and delivered in order to meet budgetary targets and preserve their longer term future.
Gill Gourley, added -There are a number of similar websites, associations and resources that deliver some of the information we present to some of the public sector arenas, but nowhere is there a true one stop shop that can really share experience and ideas that will truly cross fertilise across disciplines and services.
-We also have a unique procurement compare element of the site which also allows procurers to rate suppliers and services therefore sharing real knowledge. This will become an increasingly useful tool as tendering and commissioning, as we know it, changes, becoming more open and flexible.
Publicsectorknowhow is exclusive to public sector organisation and free to members via a quick sign up form. There is a forum for topical discussion and a shop provides access to free and cost effective resources and solutions including a virtual consultant. The website and forums will be supported by a new style of event that focuses on real problem solving rather than the traditional speaker workshop options.
-Our next event, not surprisingly will focus on the Comprehensive Spending Review – Analysis and Answers, but we will challenge the traditional thinking and look for some real ways forward, says Richardson.
Publicsectorknowhow is a national resource and there will be further regional launches in the South of England and Scotland in the new year.
For more information about the organisation or to find out when the next event is, contact info@publicectorknowhow.co.uk telephone 0845 838 1536 or check out the newly launched website at
www.publicsectorknowhow.co.uk
London, 18 Oct 2010 – Britain has published it’s National Security Strategy (NSS) which aims to inform thinking and drive policy over coming years.
The document categorises threats faced by the nation in tiers highlighting the level of severity, outlines actions to be taken to mitigate such threats and formed the background to the Strategic Defence Review (SDR).
High in rhetoric but offering little insight in terms of how its goals will be fulfilled against a backdrop of swinging cuts in both the Defence and Home Office budgets, the document does offer an interesting glimpse at what the present government considers are the priority concerns.
First tier threats are identified as acts of international terrorism, hostile attacks on the computer systems which nowadays underpin our critical national infrastructure, a major accident or natural hazard such as a flu pandemic, or an international military crisis between states that draws in this country and its allies.
Many of the issues highlighted in the NSS have been the subject of much debate at Counter Terror Expo in recent years and will almost certainly set direction for debate when the event is held again in April.
-Cyber Security & Electronic Terrorism- has long been considered a strategic threat to national assets.
Assumed state sponsored but carefully focused attacks against computer networks in Latvia and Iran in recent times, have illustrated clearly the impact that can be wrought on largely unprotected computer networks.
-Cyber Security & Electronic Terrorism- assumes a dedicated conference at the forthcoming Counter Terror Expo.
It is important to recognise that additional funding for so called cyber terrorism (which amounts to £500 million) is focused primarily at protecting government and military networks.
Around 80 percent of the national critical infrastructure is in private hands and these private entities are expected to fund security across the board from their own resources.
The -Cyber Security & Electronic Terrorism- conference stream is a timely response to the threat faced.
Counter Terror Expo is the only event of its kind to bring the public and private sectors together annually to debate the challenges faced and develop responses to them.
Publication of the National Security Strategy (NSS) comes hard on the heels of a report issued last week by the influential cross-party Public Administration Committee, which spoke of a chronic lack of strategic thinking in foreign and security policy threatening national interests.
Its report also warned that Britain’s ability to think strategically had been undermined by assumptions that its national interests are best served by its relationship with the United States of America and economic links within the European Union.
“Uncritical acceptance of these assumptions has led to a waning of our interests in, and ability to make, national strategy,” said the Committee.
-It is apparent that others aspects of national security highlighted in the document will not receive a similar funding boost since, as the country tightens its belt, the emphasis from government is on doing more with much less.
Maintenance of the national defences demands great ingenuity in the years to come on the part of those tasked with its delivery.
About Counter Terror Expo
Counter Terror Expo is the only event of its kind to bring the key experts from government, the military, law enforcement and the private sector together annually to discuss the issues, formulate strategy and direct policy making.
Counter Terror Expo comprises a series of high level conferences, an extensive programme of workshops and a world beating exhibition of leading solutions to the threats faced.
The next Counter Terror Expo will be held at the prestigious Grand Hall of London Olympia from 19- 20 April 2011.
More Information
Please contact Nicola Greenaway-Fuller on +44 (0) 208 542 9090.
It’s been just two months since the country’s police officers were told by their bosses to stop harassing press photographers.
Now we have AMBULANCE crews trying it instead.
Editor Stuart Littleford was out filming with cameraman Paul Bridgeman in Manchester city centre on Saturday night and took shots of a man being put into an ambulance.
Stuart, editor of the Government and Public Sector Journal, explains: ‘The paramedics sent the police over to question us and stop us filming claiming it was against the Data Protection act to film a patient!’
Earlier this year, Stuart made an official complaint to Greater Manchester Police after allegedly being assaulted by an officer while he was covering a an incident where a building collapsed.
‘So we are now getting it from the ambulance service not just the police!’ he says.
In fact the ambulance service were completely wrong when they challenged Stuart on Saturday.
I’d love to know quite why they thought filming someone in a public place could breach the DPA!
It’s another example where everybody from teachers to hospital staff wave the DPA like a magic wand any time they see a journalist or a photographer. It’s a piece of legislation that could aptly be re-named the Jobsworth Act.
It was established in 2009 that taking a photo of someone in the street was lawful.
At the Court of Appeal, Lord Justice Laws said: -Individuals do not have the right to prevent another person politely taking their photograph in public.
“The snapping of the shutter of itself breaches no rights.
Mr Laws explained that taking a photo could only be an invasion of privacy if it involved hot pursuit, face-to-face confrontation, pushing, shoving, bright lights or barging into someone’s home.
In Saturday’s incident, Stuart says he was filming unobtrusively from the other side of the street.
Perhaps the ambulance crew misunderstood a Press Complaints Commission ruling in 2008, when a local paper was censured for publishing a photo of someone receiving medical treatment after an accident.
The PCC said then: ‘There is a clear need for newspapers to exercise caution when publishing images that relate to a person’s health and medical treatment, even if they are taken in public places.’ Note – PUBLISHING images, not taking them.
The ambulance crew in question would do better to concentrate on treating the sick and injured, rather than waste time mis-applying the finer points of the law?
A statement from North West Ambulance Service NHS Trust said: -North West Ambulance Service NHS Trust aims to ensure that its staff have an understanding of how the media works. Many of the Trust’s operational staff work with film crews and journalists across the North West on specific projects and during incidents. Where possible, staff are asked to be tolerant of media filming in the public domain if there is no perceived detrimental effect to patient care. –
Sounds like they are doing us a favour by letting us film, said Stuart.
This article is by Cleland Thom and appears on his popular blog
www.ctjt-blog.biz
18th October 2010 – Reports are coming in that an unencrypted USB stick – apparently containing details on the Sellafield nuclear site’s operations – was found by a coach driver in a Cumbria hotel room.
And, says Credant Technologies, the endpoint data security specialist, it seems that the USB stick contained details of the nuclear firm’s proposed workforce transfer from its Capenhurst operation in Cheshire to uranium specialist Urenco.one.
“This fact alone is manna from heaven to enemies of the UK, especially since the data on the USB stick suggested that International Atomic Energy technicians visiting the site were not sufficiently up to speed,” said Sean Glynn, Credant’s vice president and chief marketing officer.
-While the convenience of USB sticks make them an important tool for any business, you don’t have to be a nuclear scientist to know that the data carried on these devices must be protected,”he added.
Corporate USB sticks, says Glynn, should always include encryption and other forms of security as a basic requirement because – as this incident clearly shows – unencrypted data can, and does, fall into the wrong hands.
And in the case of Sellafield – the former Windscale nuclear material processing and handling site – he added that the data on the USB stick falls firmly into the kind of information which has national security implications, especially with the UK currently being on heightened terrorist alert (bit.ly/aMhIQI).
The discovery of this data on a USB stick in a hotel room, says the Credant vice president, is the kind of plot that would do justice to a John Le Carre thriller novel, rather than real-life hotel in deepest Cumbria.
“But here we have a coach driver making a discovery that has serious national security overtones. That technicians and other employees at Sellafield are using USB sticks to store and move sensitive data is not really a surprise in today’s world, but that there are not policies and procedures in place to encrypt or otherwise protect the data on those devices is a real concern,” he said.
“As the coach driver is quoted as saying in the local press, what if the USB stick had fallen into the hands of terrorists, or contained top secret information?” he added.
“Sellafield has done the right thing in launching an investigation, but this is a potentially serious breach of data security on several levels, with national security overtones. Sellafield needs to look very carefully at its data security policies, and the technology that enforces those policies.”
Take great care when issuing a comment, or making a statement, if legal proceedings are involved. You could interfere with the course of justice, or prejudice a trial.
COCA bans you from publishing anything, before or during a trial, that could create a SUBSTANTIAL RISK of SERIOUS PREJUDICE to the trial.
And if you breach the law, you could be:
1. Given a telling off by a Judge.
2. Prosecuted and fined.
Contempt law is NOT in force all the time.
1. Proceedings have to be ACTIVE.
2. They primarily activate:
When someone is arrested or charged.
3. They de-activate:
When sentence has been passed.
It’s your job to find out if proceedings are active, and when the trial is. Phone the court, the CPS or the defence solicitor to find out.
Things that raise the risk level
1. The type of trial – crown court trials pose the biggest contempt risk.
2. When the trial is.
3. How memorable the crime is.
So …
You’re usually safe publishing many things if the trial is a long way off – ie, more than 6 months away. The closer the trial is, the more danger there is from contempt of court.
How does this affect you?
Once someone has been charged, you should only reveal their:
Name.
Age.
Address.
Job title.
Where they work.
What they have been charged with.
How long they have worked for you.
Action taken by the company (eg, the person has been suspended on full pay).
A safe comment: ‘Mr Smith remains suspended on full pay until after the trial. We cannot comment further for legal reasons. We will make a decision on his future after the trial.’
Do not use:
The defendant’s previous convictions or acquittals.
The defendant’s photograph or detailed description.
Any quotes or background material that asserts guilt, or innocence.
Any statement that the person charged is the person who committed the crime.
A useful exception:
You can write about the ISSUES arising from active court cases …
For example:
Bastows repeated their warning today of the danger of breaking into electricity sub-stations.
The reminder came as a man faced trial at Manchester Crown Court, charged with damaging a sub-station last year.
Bastows spokesman Melanie Bright said: ‘People who fool around at electricity sub-stations are not just risking prosecution. They are also risking their lives.’
This extract is taken from the PR Media Law Guide, price £19.95. To order a copy, contact: cleland@ctjt.biz
Cleland Thom does media law training and consultancy to a number of corporation and public authorities, including GPSJ, United Utilities, World Trade Group, Herts County Council, London Borough of Brent and Three Rivers District Council.
7th December 2010, The Barbican, London
How will the Police Reform and Social Responsibility Bill affect you?
With the impending budget cuts, how can you ensure quality of service remains?
If you would like to know the answer to these questions and many more, then Modernising Policing is for you!
A radical redesign of workforce strategy is required in this era of austerity. The management of personnel, information and outcomes is integral to providing a quality police service that is more transparent, accountable and accessible, and can help to reconnect the police with the public, whilst ensuring that value for money and safer communities are achievable. The challenge will be how to reorganise, collaborate more effectively and prioritise the core services that police can provide.
The Police Reform and Social Responsibility Bill will offer new opportunities for individuals, communities and police officers at all levels to shape the future of our policing. The emphasis has now shifted away from quantity-driven goals towards improving the quality of service and allowing people to challenge police performance.
At our fourth annual Modernising Policing Conference, we will discuss how to manage workforce change, implement lean strategies, build community trust, empower the public and showcase the latest innovative solution providers. This conference will give you the opportunity to debate strategic policy and learn how to deliver policing for the people with fewer resources.
Read More
Speakers Include:
Chaired by Simon Reed – Vice-Chairman, Police Federation of England and Wales
Jan Berry – Independent Reducing Bureaucracy Advocate
Detective Superintendent Gary Linton – Head of ACPO Criminal Records Office (ACRO)
Jane Furniss – Chief Executive Officer, The Independent Police Complaints Commission
Commenting on the announcement today (Thursday) that the Government will abolish 192 public bodies, TUC General Secretary Brendan Barber said:
-Of course over time some quangos come to the end of their useful life, just as new ones are needed.
-But today’s quango cull is neither about efficiency or even saving money as Ministers seem very vague about the finances, despite the job losses involved.
-Instead they want to reduce democratic accountability, get rid of bodies that stand up for ordinary people against Government or business excess, and centralise power in Whitehall.
-When independent bodies give public advice to Ministers, they have to explain why if they reject it. With no independence or transparency, corporate lobbyists will be cracking open the champagne today.
-The politics is simple. Today’s move manages to both shrink the state and reduce its democratic accountability.”
A TARDIS-STYLE kiosk, which will provide residents with information and crime prevention advice, has landed in Preston city centre.
Funded by the Safer Lancashire Board and Lancashire County Council, the kiosk is situated on Fishergate, outside the Cotswold Outdoor store.
Supt James Lee, Operations Manager for Preston Police, said: -Together with our partners we are working to create a safer environment for local people and the kiosk will help us to achieve this.
-It allows access to a wide range of information about keeping safe and enjoying the facilities the city has to offer and it also lets users speak directly to the police if they need any assistance.
-As the kiosk is located in a busy area, it is hoped that many people will take advantage of using it and it will ultimately result in less people becoming victims of crime.
The kiosk, which is the first of its kind in England, has three built-in information terminals with touch-screens which provide access to maps, tourism information and crime prevention information. Users can be put straight through to the police’s control room by pressing a ‘help’ button on the kiosk.
It has large scrolling signs at the top of the kiosk so that important messages can be given directly to members of the public.
County Councillor David Smith, lead member for community services and chair of the Safer Lancashire Board, said: “It is fantastic that through our work with the Safer Lancashire Board we are able to provide this unique initiative to support community safety in Preston.
“The kiosk will provide a wealth of useful information to local people and visitors to Preston and, more importantly, offer reassurance to the public and a safer city for people to enjoy.”
Councillor Neil Cartwright, cabinet member for development and community safety, added: -Once again, Preston is leading the way and this kiosk is an effective way of providing information and immediate police assistance should anyone need it in Preston city centre.
-This type of kiosk has worked well in Glasgow, helping to reassure and make people feel even safer when out and about in the city centre. We are delighted that Lancashire Constabulary has chosen Preston for the first kiosk of its type in England.
The kiosk, which has been based on one successfully installed in Glasgow in 2005, was installed in the early hours of Tuesday 5 October.
It will be available 24 hours a day, seven days a week.
A TEEN who refused to give police officers an encryption password for his computer has been jailed for four months.
The case is believed to be the first of its kind in Lancashire.
Oliver Drage, 19, formerly of Naze Lane, Freckleton, was arrested in May 2009.
Drage’s computer was seized but officers could not access material stored on it as it was protected by a 50-character encryption password. Drage was then formerly requested to disclose the password, which he failed to do.
Appearing at Preston Crown Court, Drage pleaded not guilty to failing to disclose an encryption key – an offence covered by the Regulation of Investigatory Powers Act 2000. At his trial in September a jury took less than 15 minutes to find him guilty of the offence. Yesterday (Monday Oct 4), Drage was sentenced to 16 weeks in a Young Offenders Institution.
Detective Sergeant Neil Fowler, Blackpool Police, said: -Drage was previously of good character so the immediate custodial sentence handed down by the judge in this case shows just how seriously the courts take this kind of offence.
-Computer systems are constantly advancing and the legislation used here was specifically brought in to deal with those who are using the internet to commit crime. It sends a robust message out to those intent on trying to mask their on-line criminal activities that they will be taken before the courts with the ultimate sanction, as in this case, being a custodial sentence.
Radio Tactics Ltd, a leading global provider of mobile phone forensics equipment is proud to announce that police in Devon and Cornwall have successfully reduced crime rates by implementing Radio Tactics’ products. Since purchasing the Hermes and Apollo property registration and identification devices; the Devon and Cornwall force has reduced property burglary by 80% in Torbay, previously the region’s hotspot.
Hermes was designed and built by Radio Tactics as a portable solution for identifying barcodes and IMEI numbers and registering items such as bicycles, laptops and mobile phones onto the national Immobilise property database. With the assistance of PCSOs, Neighbourhood Officers and Crime Reduction Officers, Hermes was taken into schools and door-to-door in Devon and Cornwall’s burglary hotspot areas to register property.
In conjunction with Hermes, police officers in the region have been using Radio Tactics’ Apollo on a daily basis. This device scans items to ascertain whether they have ever been lost, blocked or stolen and also to find out their registered owner. Local businesses, newspapers and radio stations have assisted with publicising the scheme, deterring the criminal fraternity by making the capabilities of the new equipment well known.
DS Karl Rowland, of Devon and Cornwall police said:
-It is important when planning any course of action to reduce offences such as dwelling burglary to ensure that when implemented you balance both reduction and detection techniques, ensuring that any operation is an on-going success. Although Torbay does not have a high level of domestic burglaries, the occurrences were causing concern and were detrimental to the area’s figures. It was decided that any tactics used should be long lasting and not a ‘blip’.
-Hermes was used to register all property within certain areas, thus making the property worthless to criminals. Pro-actively, Apollo was used to target individuals on stop-checks, warrants and checks of all second hand outlets including car boot sales. Schools played a large part in the registration of family property to enhance the coverage. The recording of property and recovery and return of stolen items was well documented in the media.
-The overall success was measured by a near 80% reduction in offences of dwelling burglary in areas targeted which wasn’t displaced to a neighbouring area. This reduction is still continuing over eighteen months later.”
Andy Gill, CEO of Radio Tactics added:
-We are pleased to see our products producing such excellent results, making people feel safer and dramatically reducing crime levels. As we continue to roll out Apollo and Hermes in other forces throughout the UK we look forward to seeing this positive outcome around the country. This way we can reduce the levels of a prevalent type of crime nationally and lighten the heavy workload of police officers on the beat.”
Radio Tactics employs an experienced team of specialist innovators, offering high technology solutions for the acquisition and management of digital information technology. All Radio Tactics products can be fully customised to the specification of the client and comprehensive technical assistance and support is offered to every customer.
Defamation is an untrue attack on someone’s reputation.
You could be sued if you issued a press release, or a statement, that contained a defamatory statement.
If you publish it, you are responsible.
There’s no such thing as ‘accidental libel’.
Cases are very hard to win.
The test:
Do the words TEND TO (in other words, might they:
1. Cause someone to be shunned or avoided?
2. Expose them to ridicule, hatred or contempt?
3. Lower them in the eyes of right thinking people?
4. Disparage them in their office, trade or profession?
How do you tell?
A simple test is: How would YOU feel if someone published the statement about you?
Identification
Defamation can only happen if the person who has been defamed is IDENTIFIABLE.
But there is no safety in not naming someone. Leaving out a name is pointless if people can work out who the person is from other information.
It can also be more dangerous, since other people, with similar details, could be defamed if their friends etc thought you were referring to them.
And there is no safety in giving a few clues: eg ‘A certain optician in Upford High Street is not qualified to do his job.’
Publishing this would mean that every optician in Upford High Street could sue you.
It is also possible to libel a group of people, providing the group comprises fewer than 15 people and has an ‘identity’ – for instance: the directors of Brown & Son, or Uptown police CID.
These are some of the common libel dangers:
Danger 1: Motive
Never speculate on someone’s motive for doing something. A motive cannot be proved.
For example:
A spokesman said: ‘We have discussed the matter with the leader of Pembrokeshire County Council and he has accepted responsibility, presumably with one eye on the May elections.’
Or
‘A spokesman said: ‘We’ve met Mr Bowerman before. He’s only in it for the money.’
Danger 2: Denial
Never issue a denial that repeats the original defamation. This could trigger another libel action.
For example:
A spokesman said: ‘We deny issuing any statement alleging that Upford’s highways director is unfit for his post and should resign.’
Danger 3: Rumours
Never repeat a rumour. You could be asked to prove that it is true.
For example:
A spokeswoman said: ‘We have heard that a gang from Blakely’s were working on the site moments before the explosion.’
Danger 4: Disguised allegations
It’s easy to cloak defamatory statements in grand language.
For example:
A spokeswoman said: ‘If Councillor Evans wanted to resign before the end of his term of office, we regret that he used our reservoir project as an excuse.’
Here, the spokeswoman is implying Councillor Evans is a liar – and if he sues, she will have to prove it.
Or
For example:
A spokesman said: ‘We believe the MP was less than frank about the matter when he appeared before the Select Committee.’
Again, the spokesman is implying that the MP was dishonest.
Danger 5: Careless words
Words matter in libel law.
It is dangerous to state: ‘The factory is poisoning the atmosphere with its fumes.’
You may be able to prove the factory is polluting the atmosphere. But can you prove it is poisoning it – a much more serious allegation.
For example:
A spokesman said: ‘Mrs Jones has contacted us about her electricity bill. She has five children and is on benefits, yet her partner only pays her just £45 a week.’
Here, the words ‘yet’ and ‘just’ imply the partner is not paying as must as he should be. But if he is paying the amount determined by the court, then he can sue for the implication that he is underpaying.
Danger 6: Exaggerations
Again, back to words.
For example:
A spokesman said: ‘A local authority workman deliberately removed the manhole cover.’
Or
‘Western Gas engineers always make mistakes like this.
The words in italics would be difficult to prove.
Danger 7: Words with two meanings
Take care with words that can have different meanings – eg, gay.
For example:
A spokesman said: ‘We will be meeting Mr Coates, the borough engineer, and his partner, Mr. White, on Friday morning.’
Is Mr White his business partner – or something else? Clarity is important.
Danger 8: Improper conduct
Don’t make allegations you cannot prove.
For example:
A spokeswoman said: ‘Our investigations show that Thames & Co’s engineers did not secure the site valve.’
Or
For example:
A spokesman said: ‘Bastows’ electrical work in Salford fell short of industry standards.’
Danger 9: Arrests
Never name someone who has been arrested. Wait until they are charged, or released without charge.
Danger 10: Publishing online
Beware linking to a defamatory article on another site.
Protecting yourself
Your press statements and press releases are protected by qualified privilege, if you are:
1. A local authority.
2. A government department or quango.
3. Police press office.
This means you cannot be sued for anything defamatory that you release to the media or publish on your website.
A press conference convened by any PR / comms department is covered by qualified privilege, provided the conference is on a matter of genuine public interest. Press releases given out at the press conferences are also covered by qualified privilege.
This means that your spokespeople can make defamatory comments about other people without being sued. And the media can report them without being sued.
However, spokespeople should not make statements that they know are untrue. This could compromise privilege.
Cleland Thom
Director
CTJT
This extract is taken from the PR Media Law Guide, price £19.95. To order a copy, contact: cleland@ctjt.biz
Cleland Thom does media law training and consultancy to a number of corporation and public authorities, including GPSJ, United Utilities, World Trade Group, Herts County Council, London Borough of Brent and Three Rivers District Council.
The ZeuS malware is coming of age and the infections are going to get a lot worse says Trusteer, the secure browsing services specialist. ZeuS malware has already been pushed extensively to users of Web 2.0 and/or social networking sites plus services such as Facebook, Twitter and, most recently, to users of the business social networking site, LinkedIn. Malware is also being modified by cybercriminals using coding toolkits to attack smartphone users. Recent postings by our IT security colleagues at S21sec about ZeuS targeting smartphone users are just the tip of the iceberg when considering the potential of these attacks.
ZeuS Mitmo.
-The spread of Zeus into mobile platforms marks the beginning of a new era of malware mobility,” said Mickey Boodaei, Trusteer’s CEO. -What’s dangerous in this approach is that the same malware controls two communication channels – the PC and the mobile device and as a result can launch extremely effective attacks against banks and organizations that rely on these two channels for authentication and transactions.”
-Many enterprises rely on two-factor authentication to protect against unauthorized remote access to their networks and sensitive corporate applications. Malware such as Zeus which can reside both on the PC and the mobile device can easily bypass these protections. For online banking the potential of the attack extends way behind authentication. Criminals can also control incoming voice calls and re-direct them to the attackers. So when the bank detects a suspicious transaction and calls the customer for confirmation, the criminals can pick up the phone on the other side and do that on behalf of the customer.
By controlling both the phone and the PC criminals achieve devastating power. Frankly, I’m amazed that it took them so much time to do this,” continued Boodaei.
LinkedIn
-Social networks are easy targets for malware. As a Linked In user I’ve received a few email alerts where I didn’t really know if they’re genuine or not. The first thing you want to do when you get a Linked In invite from someone you’re not sure you know is to click the View Profile link embedded into the email. These emails also include links to accept and reject invitations,” said Boodaei.
Linked In are not alone here and many of the social networks send emails with links and even experienced users may be fooled into clicking one of these really well crafted emails. Once the criminals gain control of a social network account they have access to the victim’s list of friends and they can send out more targeted messages to these friends, and raise the risk of getting infected even higher.
-Targeting social network users for distributing financial malware is a smart move for the criminals. These attacks are much more likely to succeed than phishing attacks on banks. Once Zeus installed on the user’s computer then the criminals get access not only to login information but also to real-time transactions and other sensitive information on the victim’s computer, said Boodaei.”
To defend against attacks web 2.0 attacks like this enterprises and users need to use secure browsing services in addition to gateway level firewalls ,antivirus amd anti spam defences. Trusteer works directly with leading banks around the world to identify targeted online banking attacks such as Zeus, block them, and remove them from your computer.
A simple mistake caused by the recipient auto-complete function within an email client resulted in Gwent Police committing what has been referred to as the first major UK data security breach since the new regulations introduced by the Information Commissioner’s Office came into force in April this year. What is of particular interest about this case is that a breach of this scale (10,000 records) and gravity (the data leaked involved personal and sensitive information) occurred within a police environment which allegedly had strict policies and procedures. If that is the case, how were the policies circumvented so that the officer was able to commit this breach, and are security incidents caused by human error ultimately unavoidable?
The elephant in the room is that personal and sensitive data such as criminal records should not have been placed in an excel spreadsheet if strict processes were indeed implemented, not even for internal use. In fact, it is important that organisations dealing with personal, sensitive and confidential data have well-defined information asset classification and media handling procedures. Through the identification and labelling of confidential and sensitive data, all information would be classified based on its value and risk to the organisation in terms of Confidentiality, Integrity or Availability. Criminal records, for instance, would be labelled as private, restricted or confidential depending on the classification marking scheme and would be automatically restricted to only personnel who are authorised to access this information. If a similar scheme had been in place at Gwent Police and the information clearly labelled and controlled, then the breach would have been almost certainly avoided because the data included in the email would not have been accessible by non-authorised personnel.
It is possible, though, that Gwent Police actually had all the tools necessary to protect the data, but lacked the general awareness and training extended to all personnel. Certainly it wouldn’t be the only organisation affected by this issue. Recent data collected by PricewaterhouseCoopers, illustrates that despite spending more than ever on information security, only half of companies surveyed provide staff with any form of security training, and only one in five large organisations believe their security policies are very well understood by their employees. The results of the latest Information Security Breaches Survey highlight the need for better education in order to reduce risks, as a striking 92 per cent of firms with over 250 employees and 83 per cent of smaller firms (up to 25 members of staff) admit to have recorded a security incident in the past year.
Lack of awareness, little understanding of the implications and perhaps forgetfulness or stress are the most likely causes of human error, which can result in staff ignoring security measures, such as sending confidential data to their private email address, losing an unencrypted USB device or accidentally sending information to the wrong recipient. It is important to note that in these cases, if the data was correctly labelled and encrypted there wouldn’t be a breach of the Data Protection Act. In most cases, the ICO serves an enforcement notice if there is a failure to comply with the Act and the failure has caused or is likely to cause damage or distress to anyone. The potential repercussions could include the public disclosure of the facts by the ICO, internal disciplinary actions within the organisation or a fine which, under the new regulations, can amount to £500,000.
Comparison with data collected by PwC in 2008 shows that the cost of cybercrime to the business has doubled to more than £10bn in just two years. The average cost of a breach in a large organisation is now between £280,000 and £690,000 (it was £90,000 – £170,000 two years ago) and due to the increased use of cloud computing, risks are rising rather than diminishing. Although the number of organisations with a formal Information Security policy and sufficient IT security tools has improved, the measures seem to be unable to resolve the greatest threat, the human factor: 46 per cent of large organisations have declared that staff have lost or leaked confidential data, which in 45 per cent of cases resulted in a -very or -extremely serious breach of information security.
As this data suggests, even with the most advanced technology in place it is not possible to eradicate risk altogether; however, it is possible to mitigate the damage and prevent mistakes like the one the Gwent police officer made by adopting encryption technology and policies that are emitted from the top and are backed up by disciplinary procedures- but it is extremely important that these are accompanied by extensive training and awareness sessions across the organisation. By educating all members of staff, including trusted partners and 3rd party suppliers, it will help reduce, although not eliminate completely, risks to a level that is acceptable for the organisation, which in the case of large organisations which deal with sensitive information, such as the Police or other public sector organisations, needs to be as low as possible.
The Author
David Cowan is Head of Infrastructure and Security at Plan-Net, and a respected IT professional with over 11 years experience in the industry. A hands-on project manager, Cowan has worked with some of Plan-Net’s biggest clients to deliver technically complex projects and manage change in major businesses and public sector organisations.
Possessing excellent all round technical knowledge and a lateral, common sense approach to providing IT solutions, David works across all aspects of the IT spectrum with a detailed understanding of ITIL, ISO/IEC 20000, ISO27001 and PRINCE2.
About Plan-Net
A specialist in transforming IT operations into high-performance, cost-efficient platforms for business success, Plan-Net works with clients of all sizes and needs to help them maintain high levels of service while still meeting demands for a reduction in IT spending.
Celebrating its twentieth anniversary in January 2010, Plan-Net has helped to enhance performance, flexibility, security, cost-efficiency and, ultimately, user productivity at clients large and small for the two prosperous decades of its existence.
www.plan-net.co.uk
|
NEED AN UP TO DATE DATABASE? 
|
Recent Comments