- Email: [email protected]
Data protection legal loophole closed
April 1994
that failing to set up procedures could result in disaster. In some E-mail systems backup copies may still exist after the files are deleted and these can be accessed like an electronic trail. E-mail users should be made aware that their messages could be eavesdropped on and avoid using E-mail for sensitive purposes in the same way cellular phone users have done.
New computer audit guidelines launched A guide to help organizations implement effective control and security policies has been launched in the UK by the Chartered Institute of Public Finance and Accountancy.
Computer Audit Guidelines has been released in its fourth edition and is a fully revised update. The aim of the guide is to highlight standards that should be in place allowing a comparison to be made between best practice and existing procedures within the organization. The book is aimed at practising computer auditors and costs £77.50.
For more information contact Shelley Thornton or the CIPFA publications department, CIPFA, 3 Robert Street, London WC2N 6BH, UK; tel: +44 (0) 71 895 8823; fax: +44 (0) 71 895 8825. Copies are also available through HMSO.
Recombinant virus protects network A number of 'vaccines' have been developed to prevent virus attack. According to the Nikkei Weekly, a group from the Tokyo Institute has developed an attenuated virus that is useful rather than damaging. It is hoped that the new 'virus' will be able to travel through the computers on a network, collect information, spot glitches and report back to the network manager. The recombinant virus has already been injected into a campus network of 150 computers and the group hopes to test it in WIDE, a large network linking government, academic and
@1994 Elsevier Science Ltd
Computer Audit Update
private research laboratories in Japan. The virus is a type of worm which was stripped of its disruptive potential, given restricted movement and some beneficial program instructions. It can be programmed to perform a variety of tasks such as entering the nearest computer to warn it when a trouble spot has been found. It can also be told to monitor the flow of information on the network and to notify the network manager of any problems that arise. To protect the privacy of the information the virus can be constructed so that it can only monitor certain types of information. It is also possible to incorporate identification codes which restrict the routes the virus can take.
Data protection legal loophole closed The UK government is to take action against a loophole in data protection legislation, which makes it very difficult to prove that a criminal offence has been committed where a third-party obtains information by deception from an organization such as a bank or health authority. The Government announcement was made by Earl Ferrers in response to a question in Parliament by Baroness Nicol. Ferrers stated that the Government believes that it is beyond doubt that a person who obtains unauthorized access to personal data by deception is guilty of an offence. The decision to take action against the loophole has been welcomed by Eric Howe, the UK Data Protection registrar. "In 1993, after a number of complaints about the misuse of personal data were brought to the attention of my office, I wrote to the Home Secretary expressing my concern about the situation. I am glad that he has responded to the points which I made by taking this action. I welcome this move and look forward to the greater protection it will afford all individuals", said Howe.
17
that failing to set up procedures could result in disaster. In some E-mail systems backup copies may still exist after the files are deleted and these can be accessed like an electronic trail. E-mail users should be made aware that their messages could be eavesdropped on and avoid using E-mail for sensitive purposes in the same way cellular phone users have done.
New computer audit guidelines launched A guide to help organizations implement effective control and security policies has been launched in the UK by the Chartered Institute of Public Finance and Accountancy.
Computer Audit Guidelines has been released in its fourth edition and is a fully revised update. The aim of the guide is to highlight standards that should be in place allowing a comparison to be made between best practice and existing procedures within the organization. The book is aimed at practising computer auditors and costs £77.50.
For more information contact Shelley Thornton or the CIPFA publications department, CIPFA, 3 Robert Street, London WC2N 6BH, UK; tel: +44 (0) 71 895 8823; fax: +44 (0) 71 895 8825. Copies are also available through HMSO.
Recombinant virus protects network A number of 'vaccines' have been developed to prevent virus attack. According to the Nikkei Weekly, a group from the Tokyo Institute has developed an attenuated virus that is useful rather than damaging. It is hoped that the new 'virus' will be able to travel through the computers on a network, collect information, spot glitches and report back to the network manager. The recombinant virus has already been injected into a campus network of 150 computers and the group hopes to test it in WIDE, a large network linking government, academic and
@1994 Elsevier Science Ltd
Computer Audit Update
private research laboratories in Japan. The virus is a type of worm which was stripped of its disruptive potential, given restricted movement and some beneficial program instructions. It can be programmed to perform a variety of tasks such as entering the nearest computer to warn it when a trouble spot has been found. It can also be told to monitor the flow of information on the network and to notify the network manager of any problems that arise. To protect the privacy of the information the virus can be constructed so that it can only monitor certain types of information. It is also possible to incorporate identification codes which restrict the routes the virus can take.
Data protection legal loophole closed The UK government is to take action against a loophole in data protection legislation, which makes it very difficult to prove that a criminal offence has been committed where a third-party obtains information by deception from an organization such as a bank or health authority. The Government announcement was made by Earl Ferrers in response to a question in Parliament by Baroness Nicol. Ferrers stated that the Government believes that it is beyond doubt that a person who obtains unauthorized access to personal data by deception is guilty of an offence. The decision to take action against the loophole has been welcomed by Eric Howe, the UK Data Protection registrar. "In 1993, after a number of complaints about the misuse of personal data were brought to the attention of my office, I wrote to the Home Secretary expressing my concern about the situation. I am glad that he has responded to the points which I made by taking this action. I welcome this move and look forward to the greater protection it will afford all individuals", said Howe.
17