Enforcement Of “Cookie Law” Requires Action By All Businesses With A Website

UK businesses could face fines of up to £500,000 if they fail to meet tough new website privacy laws which come into force this month, according to EMW, the commercial law firm.

EMW warns that there are no exceptions to the law for smaller businesses.

The regulation will come into effect on 25 May 2012 and will mean that visitors to the website will have to give permission for the website to download ‘cookies’.

A cookie is a temporary computer file which gathers information about the user’s online activity. It is activated by a user when they access particular pages on a site.  The cookie is sent from the website to the user’s computer and remains once they leave the site. When the user returns to the site the cookie allows the website to remember their preferences and settings.

“The effect of this change in the law will be far-reaching; any business that has a website will almost certainly use cookies at some point or other. The upcoming deadline is a wake-up call for those businesses that have not yet updated their website to gain consent from users,” Matthew Holman, Solicitor, EMW, said.

EMW explains that the old law only required businesses to give users the opportunity to ‘opt out’ and was often done by referring to the cookies in a privacy policy.

“This law marks a major shift in responsibility for the use of personal data: previously the user had to opt-out, now the user has to opt-in from the beginning,” Holman continues.

EMW says that businesses need to take three practical steps to prepare for the new rules:

  • review what cookies are used by their website
  • decide on the appropriate course of action to ensure that consent is obtained for the use of cookies (i.e. using pop-ups or banners on the website to obtain consent)
  • ensure that these measures are implemented on or before the 25 May 2012

“The risk of a £500,000 fine for extreme infringements of the rules should send a strong message to businesses that they must be ready in time,” said Holman.

EMW says that those businesses that have already taken action to deal with the new law should make sure that the websites cookie message is clear, user friendly and understandable.

“For most businesses it is very important that web users enjoy using their websites, so strict compliance with the law is not enough,” adds Matthew Holman.

“To be successful, businesses need to make sure that their website also remains user friendly.  That can be quite difficult to do when asking users for permission to use their personal data. To this end, collaboration between web designers and lawyers is important to ensure that the website meets the legal requirements whilst remaining pleasing to the eye and user friendly.”

By Matthew Holman, Solicitor, EMW

Preventing Data Loss In Small To Medium Sized Businesses

Small to medium sized businesses (SMEs) need to be more proactive and preventative in their approach to data loss. With the ever-improving advances in technology combined with a ‘relaxed’ office environment, employees are increasingly taking personal devices such as USB memory sticks, iPads, iPods and even smart phones into the workplace. These same devices can be used to remove or copy sensitive information whether it is to work remotely or more sinisterly for malicious intent and financial gain.

There are multiple outlets for data on the modern PC through USB and other peripheral ports. These ports can be used in many ways for extracting data at high speed, including removable hard drives and devices and is one of the most vulnerable ways for sensitive data to leave an organisation.

Establish policies to keep private data secure

It is evident, that the solution needs to be a compromise; strict policies need to be implemented by IT administrators for USB port usage, but on a more granular level.

Firstly, USB storage devices are actually a convenient and efficient way to legitimately transfer and transport data. Travelling workers, tech support staff, IT consultants, students, and many other users have valid reasons for carrying data on removable storage devices and therefore this becomes a major challenge for IT administrators to control without crippling productivity.

Secondly, organisations also need to put policies in place to prevent potential security breaches and data theft as a preventive method rather than waiting until the violation has occurred. A recent report in March this year on data breaches in the UK, showed that negligence, in which employees lose vital data on laptops, phones or USB sticks, accounted for 31% of cases. The report also highlighted that the average data breach costs UK firms about £1.9m annually.

The lockdown of USB devices, other removable storage devices, and communication mediums (such as Bluetooth, WiFi, and even Serial and Parallel ports) protects networks against malicious software attacks and prevents sensitive data from getting into the wrong hands. Microsoft Window’s built-in Group Policy provides an all-or-nothing lockout on USB storage. However, this method is not sufficient enough for many organisations that need more of a fine-grained approach over which devices and ports can be used, how they can be used, and who can use them.

Through third-party software, IT administrators have the power to be more granular when setting these security policies. Having granular control over each device type (for USB devices this includes serial numbers, product IDs and vendor IDs), organisations can limit access to specific device classes, and can also restrict “read” but not “write” for users of CDs and DVDs. When selecting a third-party solution, the ability to determine who on the network has permission to use certain devices based on their group, computer class, type of device or any other established factor should be easily achieved. Organisations should look for software solutions that can lock all possible avenues of data leakage, and put permissions and policies in place to control who has access to which files, where and when.

Despite best efforts, breaches still happen. Now what?

If appropriate security measures were in place, they could find out how an individual may have taken the data and whether it was by mistake or intentional. Centralised reporting will also allow administrators to see all attempts at restricted activities, including who attempted them, what type of activity, when and where.

In order to create a balance between employees and SME businesses, strong but flexible security practices surrounding removable media devices need to be put into place. Employee satisfaction is an important factor in running any successful company, but securing company assets is equally if not more vital. Having a high quality software solution that monitors and prohibits the use of removable storage devices is the only way to ensure that data is protected and the network is always secure.

By Nick Cavalancia, Vice President, Windows Management at ScriptLogic

The Importance Of Data Management In Organisations

We live in an information age, where the volume of data processed by organisations increases exponentially.

According to IDC, the total amount of information worldwide will reach 35,000 exabytes in 2020. Businesses currently use approximately 1,200 exabytes, which means information processing will increase at least 29-fold over the next decade.

Managing this plethora of information is a complex task for businesses and it also leaves large corporations highly vulnerable. Only last year, electronics giant Sony was prey to computer attacks which led to the theft of over 77 million PlayStation users’ bank details. Online retailer Amazon suffered a drop in sales after it unintentionally deleted its own customers’ details. After unsuccessfully trying to recover the information, Amazon announced the data had been lost forever.

Data loss is a risk that is frequently overlooked by businesses. It is important for companies to know what processes to follow should data loss occur. It is a risk that is both external, as demonstrated by the Sony hacking incident, and internal, as Amazon’s experience shows. Studies show that potential threats lie within every company. Human error, employee negligence and theft are all likely risk factors.

Every organisation, whether public or private, needs to review its systems and data management processes regularly. As volume and value of information grows, an up-to-date data protection and recovery plan becomes increasingly important.

The difficulty is that IT infrastructures are increasingly complex. There are multiple outlets used by companies: data centers, storage areas, servers, applications, computers, mobile devices, and thousands of files. In the case of public organisations, interoperability issues between various administrations can further increase the risk of data loss.

Designing appropriate security procedures, while crucial, is not sufficient to safeguard a business. Each procedure should be checked regularly to confirm they are fit for purpose. It is crucial to make backups and store data correctly, but there are certain practices that may hinder data recovery. It is often these unnoticed flaws in a data protection system where data loss actually occurs.

Here are some recommendations to help reduce the risk of data loss, protect confidential information and ensure business continuity:

1) Document and maintain procedures for backing up the organisation’s data

2) Test procedures and backups regularly to ensure they work

3) Include the details of a trusted data recovery provider in a contingency plan, who can provide advice and help should data loss occur

4) Create a map showing the location of the data, file names, where it is stored, and the individual that is responsible for the information

5) Establish a mindset that promotes information security within the organisation. Human error is the leading cause of data loss

6) Know when to delete. Keeping unnecessary data is poor management of the IT department’s budget, so make sure the data in storage is there for good reason

No matter what the cause of data loss, all organisations would benefit from the creation of a thorough and up-to-date data management plan.

By Robert Winter, Chief Engineer, Data Recovery, Kroll Ontrack

Enterprise Efficiency: The Benefits Of The Virtual Data Centre

Staying ahead of the competition in IT terms is a constant source of concern for any business. In today’s Virtual Era, technology and business go hand in hand. With growing pressure on IT managers caused by ever-expanding quantities of data and increased threats to data security, the winners in this Virtual Era will be those who can simplify, standardize and automate their infrastructure to spend more time managing the business rather than the technology.

Traditional data centres are struggling to store the vast amounts of data that businesses are generating, and the growth of this data shows no signs of slowing down. Expanding datacentres to support additional content can be costly, inefficient and complex to manage, holding businesses back. This is particularly the case with Small and Medium Enterprises (SMBs), which can undergo unexpected growth, often rendering their IT infrastructures unable to cope with increased demands. This was the problem faced by Catalyst2, a UK hosted service provider for SMBs. Founded in 2000, the company has been expanding ever since.

Due to business demands, its datacentre grew rapidly, and as a result, consumed a great deal of energy. Managing its network of servers became complicated, which had a negative impact on the company’s efficiency and expenditure. By deploying a virtualized infrastructure based on Dell PowerEdge servers and Dell EqualLogic storage, Catalyst2 confronted these problems head on.

By consolidating physical hosts and switching to more powerful yet energy efficient servers, the company reduced its energy consumption by 50% and cut management time by 35%, which slashed operating and hardware costs while increasing productivity. In addition, as a hosted services provider, it is essential that Catalyst2 can assure its customers that their data is safe, and with a reliable storage solution offering high availability, any downtime would not affect their clients’ business.

Another example of a company that has reaped the benefits of deploying a more efficient infrastructure is Pole Star, a provider of maritime security and satellite-enabled tracking technology. The company anticipated a massive increase in sales volumes as a result of new shipping industry regulations, which stated that every ship at sea was required to report its position four times a day, so it needed a reliable and powerful data centre to support this spike in activity. In addition, as seafarers reach out to Pole Star in emergencies, it is vital that its technology is resilient, flexible and scalable.

Pole Star worked with Dell to design a flexible, virtualised infrastructure incorporating PowerEdge servers and Dell EqualLogic storage. Previously, it took up to six weeks to order and configure a server, but now Pole Star can deploy a virtual server and launch it within an hour. By implementing this new environment, the company has also reduced its carbon footprint by more than 80%. On the storage side, Pole Star has bolstered its business continuity capabilities; for example Pole Star recently lost the function of one machine but the Auto-Snapshot manager enabled the company to restore it in minutes. As a result of this deployment, Pole Star’s IT environment can now support up to 50% year-on-year growth and assure that it is “always available” to anyone at sea requiring assistance.

In the case of both of these growing businesses, a more efficient IT infrastructure allowed for savings with regard to energy and cost while increasing productivity. Its improvements in these vital areas that enable SMBs to direct all their focus towards their own business, and to welcome unpredictable growth, rather than worrying that it will disrupt their IT infrastructure. Ultimately, companies who prepare for growth by deploying innovative technology will be able to boast greater efficiency, therefore positioning themselves over the competition.

By Kevin Peesker, General Manager, UK and Ireland Dell Consumer and Small, Medium Business