Latest Legislation News

G4S signs new International Code of Conduct for Private Security Providers
posted on 10/11/2010

The International Code of Conduct for Private Security Providers sets out principles for security operations in so-called “complex environments” – areas experiencing or recovering from disaster or unrest and where governments and the rule of law are weak. It covers recruitment, vetting and training of staff, the use of force by security company staff, including the handling of firearms, health and safety and reporting and complaints handling. Companies signing the Code will now work with civil society and interested governments to develop operational standards and an oversight mechanism to assess companies’ compliance with the Code, which has been developed to address the need for accountability for private security providers operating in unstable areas where local institutions may be weak. It covers protective security services delivered by staff whether armed or unarmed, and any other activities for which staff are required to carry a weapon (for instance mine-clearance in a potenti... [more]

Smart security teams can use PCI as a springboard to transform how they protect consumer data
posted on 05/11/2010

The PCI Security Standards Council has released the PCI DSS 2.0 standard, the security rules under which all organisations processing credit card transactions - and this includes almost all businesses accepting debit, credit and charge cards - must achieve minimum standards of security and best practice. Reflecting input from the Council’s global stakeholders, this latest version is designed to provide greater clarity and flexibility to facilitate improved understanding of the requirements and eased implementation for merchants. Version 2.0 becomes effective on January 1, 2011. Version 2.0 does not introduce any new major requirements. The majority of changes are modifications to the language, which clarify the meaning of the requirements and make understanding and adoption easier for merchants. Key revisions serve to reinforce the need for a thorough scoping exercise prior to assessment in order to understand where cardholder data resides; promote more effective log management ... [more]

Commidea ensures PCI DSS compliance with LogRhythm
posted on 11/10/2010

LogRhythm has helped Commidea, a market leading card payment solutions provider, to enhance its operations thanks to a swift integration of LogRhythm technology into its new data centre. As part of its ongoing auditing and compliance programme Commidea reassessed how it was meeting the centralised logging and file integrity requirements of Payment Card Industry Data Security Standard (PCI DSS) regulations. Commidea recognised the benefits of replacing the two separate Security Information Event Management (SIEM) and File Integrity Monitoring tools which Commidea previously had in place for five years. Instead, an automated log management solution which holds logs in a central repository would allow fast, easy access to data in order to quickly view and rectify any irregular events. LogRhythm delivered such a solution, offering the company unprecedented network visibility and control. LogRhythm had to address the fact that Commidea is a level one processor of credit card transa... [more]

Security Industry Authority clamps down on rogue door staff working in London pubs and clubs
posted on 09/09/2010

Last week, 12 venues in Hackney were visited by Security Industry Authority investigators and 41 individuals inspected. Of those, 39 held valid SIA licences. The operation across the borough of Hackney was the last stage in a three month police-led pilot campaign targeting rogue door staff working in pubs and clubs in three London boroughs, Camden, Lambeth and Hackney. A door supervisor was arrested and charged with fraud after being found working illegally with a fake SIA licence at a club in Old Street at the weekend. As well as the individual working with the fake licence, a security director was identified who did not hold the non front-line SIA licence required if deploying security staff. This is now being investigated by the SIA. A further five door staff were issued with warnings for failing to notify the SIA of a change of address, and one was given a warning for failing to display an SIA licence whilst on duty. The police also closed a Shoreditch bar due to poor managemen... [more]

Data protection laws are too relaxed and require revision
posted on 31/08/2010

In April this year, the ICO was empowered to impose fines of up to £500,000 on companies found to have breached the data protection principles, while the Ministry of Justice (MoJ) issued a Call for Evidence to learn whether the European Data Protection Directive 95/46/EC and the Data Protection Act 1998 is working and how it is impacting on individuals and organisations. However, according to a new survey conducted by Sophos has revealed deep concern about the robustness of the UK's current data protection legislation. The survey discovered that nearly 50% of respondents feel that the laws are too relaxed and require revision, while a staggering 87% feel that organisations should be forced to disclose when sensitive data about the public is exposed. The survey, which was designed to gauge respondents' views on current legislation, showed that 36% were concerned about the additional complexity and 16% were concerned about the associated costs of complying with the legislation. "Data... [more]

Other Security news and resources