Latest Legislation News

UK security industry backs Government plans to introduce compulsory ID cards
posted on 25/01/2008

68% of the UK security industry has backed the Government’s plans to introduce compulsory ID cards for UK citizens, according to a poll carried out by IFSEC. This result comes just a week after Gordon Brown vowed to "move ahead" with ID cards, subject to a vote in Parliament. The Government says ID cards will help protect people from identity fraud, tackle illegal immigration, stop people who are not eligible from using public services and disrupt criminal and terrorist activities. The plan has faced strong opposition from rival political parties, the media and human rights activists. James Blue, Event Director IFSEC, said “With the threat of terrorism still high, instances of ID theft rising and the vast extent of illegal immigration in the UK at the moment, it seems more and more people are coming round to the idea of ID cards. Many other European countries already have official ID cards, and it seems the security industry here are behind the scheme.” Brian Sims commented “There ... [more]

Protect critical information: think beyond the hacker
posted on 07/01/2008

This year’s Gartner report states that IT security over-protects the wrong assets, over-reacts to the unexpected and over-spends. Security 3.0 is here; a clearer eyed approach to risk management that applies resources appropriately and moves away from the ‘bolting on’ that’s ruled our approach to security for too long. Businesses and the UK Government really need to start asking themselves where the real IT security threats lie. Repeatedly we hear of threats relating to people hacking into networks and Hollywood reinforces this fear - just look at the latest Die Hard movie. Of course, it is important to focus our attention on the issue of network hacking, but this is not the complete picture in the security world. The reality is that hacking is a complex process and requires intricate timing. After all, how great is the chance of a hacker intercepting information at the very time you are sending it over the internet? And how likely is it he or she will know what network and location ... [more]

Who is responsible for preventing careless data breaches?
posted on 13/12/2007

Security breaches resulting from lost or stolen laptops can result in serious penalties, including heavy fines or permanent bans from obtaining and holding customer details in the future. This demonstrates the severity of such laxity in the eyes of regulatory bodies. Ineffective security policy enforcement can have a detrimental impact not only on the organisation but also on public confidence in personal data protection and the individuals’ rights to privacy. Stories of ‘yet another IT security lapse by company X’ are hitting the headlines far too often, each time raising the alarm about how little is being done to protect commercially sensitive data on mobile devices and the hidden costs associated with this negligence. Some recent victims of laptop security breaches include organisations in the retail, banking, public sector and local government markets. One local council had an employee laptop, containing the personal details of staff and former personnel, stolen during a street... [more]

Despite increased threat of sanctions, CEOS are not enforcing appropriate electronic information policy within their organisation
posted on 13/12/2007

According to a new independent study commissioned by Kroll Ontrack, CEOs are most likely to bear personal and professional risk from their organisations’ lack of action on how electronic evidence is managed - despite the fact that they are rarely involved in developing or enforcing that policy. The report finds that less than half of organisations (48% in the UK, 43% US) have a strategy or policy in place on how to deal with electronically stored information (ESI). In the UK, a quarter of organisations (25%) said that their legal department has primary responsibility for developing policy, yet 39% said that their CEOs would face the consequences resulting from a breach of that policy. In the US, 41% of respondents said that their organisations give responsibility for developing that policy to the in-house legal department. However a fifth of organisations (19%) said that the CEO would be held accountable if that policy resulted in government fines, court-imposed sanctions or dam... [more]

Majority of security operatives checked in Scotland found to be working without an SIA licence
posted on 12/12/2007

It is an offence to work as a door supervisor (in house and contract) in Great Britain without an SIA licence. A Door Supervisor licence is required if manned guarding activities are undertaken in relation to licensed premises. The maximum penalty for committing an offence such as working without a licence or employing unlicensed staff is six months’ imprisonment and/or fine up to £5,000 (or trial on indictment to crown court, whereby an unlimited find and/or five years’ imprisonment could be imposed. A team of Investigators from the Security Industry Authority (SIA) recently visited door staff and security guards working at licensed premises and security sites in Inverness to check compliance under the Private Security Industry Act 2001. On 29th and 30th November, officers from the Northern Constabulary supported SIA Investigators checking 13 sites around Inverness. The visits were part of the nationwide multi-agency campaign Festive Spice, which sees SIA investigators working along... [more]

Other Security news and resources