Latest Legislation News

SIA will not be developing a non sector-specific licence
posted on 18/08/2010

The Security Industry Authority regulates the private security industry in the United Kingdom under the Private Security Industry Act 2001, reporting to the Home Secretary. At present, SIA licence cards are specific to each sector. Operatives working in more than one sector may need to be issued with multiple licences. 1.In September 2009, the SIA published an informal consultation paper seeking views on our proposal for a new SIA licence framework. This closed on 18 December 2009. Following the informal consultation on whether a single generic SIA licence should be introduced, the SIA will not be developing a non sector-specific licence. Overall, feedback from the industry showed that while there was some interest in a more integrated approach, the option for a single generic licence card did not receive widespread support. The two options set out in the consultation were: 1- to introduce a single generic licence card covering all of the licensable activities that the holder is q... [more]

10 percent of NHS trusts in England still do not have all of the processes in place to secure patient data
posted on 10/08/2010

Since 2007 the NHS has been responsible for almost a third (over 300 incidents) of all data security breaches reported to the ICO. In April, the ICO was granted the power to impose fines of up to £500,000 for organisations that fail to protect data. Yet despite this deterrent, some health trusts are still failing to achieve satisfactory IG SoC assessment ratings. Despite the Information Commissioner’s Office (ICO) imposing tougher fines on organisations that fail to protect patient data, Hytec estimates that around 10% of NHS trusts in England are on ‘amber alert’. This means that they have scored 40 - 69% when completing the Information Governance Statement of Compliance (IG SoC) approved assessment. IG SoC is the process that all organisations have to complete in order to access Connecting for Health (CfH) services, including the N3 network and Spine. The steps in the IG SoC process set out a range of security related requirements which must be satisfied in order for an organisation... [more]

Organisations must ensure compliance with Digital Economy Act 2010
posted on 28/06/2010

The Digital Economy Act 2010 received Royal Assent in April of this year creating an obligation on Internet Service Providers (ISPs) in certain circumstances to provide customer and user details to copyright holders if evidence is presented to the ISP that copyright material has been unlawfully downloaded. In addition, ISPs may be required to impose “technical measures” such as restriction of services, on their customers if users are found to be infringing copyright. Bloxx has highlighted the risks faced by UK organisations that may have inadequate security systems and procedures in place to prevent their staff or users from downloading copyright material from the Internet. “Organisations may have assumed that the Act only applies to residential customers, however the Act applies to any broadband subscriber including businesses, schools, colleges and universities,” said Stephen Clark, Solicitor and member of the Intellectual Property group at commercial law firm MBM Commercial LLP. ... [more]

How to pass your Payment Card Industry Audit
posted on 14/06/2010

For organisations that store, transmit or process credit card information, it is vital as they must be able to demonstrate compliance with the Payment Card Industry Data Security Standards (PCI DSS). The PCI DSS standard attempts to protect consumers while safeguarding the reputation of the industry itself and, while not a government mandate, this industry initiative has rapidly become compulsory for any merchant wishing to transact with the major credit card companies. With every company reliant on software to run its business, an alarming rise in data breach incidents across industries, but especially credit card processing, means application security is becoming an increasingly critical part of any organisation’s overall IT security strategy. The PCI Security Standards Council continues to enhance the PCI DSS as needed to ensure that it includes any new or modified requirements necessary to mitigate emerging payment security risks. Just as The PCI SSC doesn’t rest on its laurels... [more]

Changes to the door supervision specification reflects the changes to best practice
posted on 08/06/2010

The new licence-linked qualifications for door supervisors have been introduced by training providers across the UK from the 1st of June. The qualifications bring the training up to date and introduce a modular structure. Significant additions have been made to the training for door supervisors to reflect up to date working practices. This includes practical assessment of physical intervention skills so that the door supervisor is aware of non-pain techniques that can be used in escorting or disengaging from customers where this becomes necessary. Awareness of terrorist threats, awareness of first aid, and specific considerations when dealing with 14 to 18-year-olds are also included. The new structure, with core plus specialist modules, means less overlap and duplication in content across the sectors. This makes it easier to get qualified to obtain more than one licence, as just the relevant and required training needs to be taken for each additional qualification. The new requir... [more]

Other Security news and resources