ICO issues new guidance and organises Q&A session on online IT security

The Information Commissioner’s data protection IT security report looks at frequently occurring information security threats in an online environment, and advises DP managers on how to avoid these problems.

The report, published on 12 May, concentrates on eight key IT security problems that lie behind many of the current data breaches investigated by the ICO:

• Software updates
• SQL injection
• Unnecessary services
• Decommissioning of software or services
• Password storage
• Configuration of SSL and TLS
• Inappropriate locations for processing data
• Default credentials.

Simon Rice, ICO’s Group Manager for the Technology team, invites the DP community to send in their questions on the report by:

• commenting on his blog at http://iconewsblog.wordpress.com/2014/05/12/it-security-report/,
• on Twitter @ICONews, or
• by email: pressoffice@ico.org.uk.

The ICO will host a Q&A session on Friday 16 May. Questions to be received by 10.30am Thursday 15 May 2014.

Privacy Laws & Business 27th Annual International Conference in Cambridge, New Horizons – New Risks, 30 June to 2 July 2014 will include a session entitled ‘Security risks – Assessing your vulnerabilities’ by Peter Wood, Chief Executive Officer, First Base Technologies LLP, and ‘High profile breaches of the Data Protection Act – Tips for Survival’ by James Derby, Corporate Solicitor, London Borough of Croydon.