Wednesday, October 11, 2006
Friday, August 11, 2006
Tuesday, July 11, 2006
The Ryerson study follows a large workplace survey in the United States and Britain, which suggested 40 per cent of employers regularly read employees' e-mails.
The results of the aforesaid study will most probably be exactly the same if such a study would be conducted in South Africa.
It is imperative for organisations in South Africa, when dealing with monitoring of communications, to ensure they comply not only with the Regulation of Interception of Communications and Provision of Communication-Related Information Act 2002, but also the Labour Relations Act and other Privacy related legislation.
For more information on:
- eCommunication Policy
- Record Management Policy
- IT Security Policy
- Interception and Monitoring Policy
- Awareness programs for employees
- In-house training to address the above issue
- Correct implementation of a procedure / process to deal with the Interception of Communications
- Software to assist with the implementation of Policies,
Tel: 011 782 9511
Tuesday, June 06, 2006
According to a new study, about a third of big companies in the United States and Britain hire employees to read and analyze outbound e-mail as they seek to guard against legal, financial or regulatory risk.
Friday, May 26, 2006
© Copyright 2006 Steptoe & Johnson LLP
GET YOUR ECOMMUNICATIONS GUIDE NOW
If you want your organisation to be compliant with South African eCommunication legislation then email us (email@example.com ) your details (Fulle Name, name of your organisation, website address, email address and tel. no.) and we will forward you our eCommunications Guide. The eCommunication Guide will include the topic as mentioned above - "how to reflect an 'unsubscribe' opt-out function in accordance with sec. 45 of the Electronic Communications and Transactions Act 25 of 2002"
Thursday, May 18, 2006
Friday, May 12, 2006
Published by ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission), ISO/IEC 19770-1:2006, Information technology - Software asset management - Part 1: Processes will enable organizations to benchmark their capability in delivering managed services, measuring service levels and assessing performance.
Software asset management (SAM) principles apply to the media, installations, licenses, proof of license, and intellectual property associated with the software. Until now the application of these business processes has been arbitrary and relatively few organizations have been able to implement a comprehensive strategy. The implementation of ISO/IEC 19770-1:2006 will standardize the framework making it possible for companies to integrate SAM into their other compliance and best practice models.
ISO/IEC 19770:2006, which is issued in two parts under the general title, Software asset management, will enable service providers to understand how to enhance the quality of service delivered to their customers, both internal and external.
Part 1: describes the processes involved in SAM.
Part 2: defines a product identification that will simplify the software inventory process*.
The standard is intended to align closely to, and to support, ISO/IEC 20000:2005, issued in two parts under the general title, Information technology - Service management.
If you think it is time to audit your existing Software Assest Management ("SAW") process / practise and amend same to reflect the latest standard, then contact van Gaalen Attorneys who will be able to:-
- Execute a SAW audit;
- Provide a GAP analysis (incl. recommendations);
- Deliver and assist with the implementation of the required process flows, policies, notices etc.to ensure that your organisation is compliant with the ISO/IEC standard
Contact van Gaalen Attorneys for more information: firstname.lastname@example.org or tel: 011 782 9511/2 or fax: 0866318898
Friday, April 28, 2006
© Copyright 2006 Steptoe & Johnson LLP
Wednesday, April 26, 2006
What's the Inside Attacker Profile?
The United States Secret Service and the Carnegie Mellon University Software Engineering Institute's CERT Coordination Center published an insider threats study report in 2005 which offered critical insights into the mind and motivation of the "inside attacker." According to the statistics gathered, the inside attacker is usually:
- 17-60 years old
- Holds a technical position (86 percent chance)
- May or may not be married (50/50 chance)
- Racially and ethnic diverse
Sufficiently broad pool? Absolutely. Here are some additional statistics, again from the same CERT study:
- In 92 percent of the incidents investigated, revenge was the primary motivator.
- Sixty-two percent of the attacks were planned in advance.
- Fifty-seven percent of the attackers surveyed would consider themselves "disgruntled."
- Eighty percent exhibited suspicious or disruptive behavior to their colleagues or supervisors before the attack.
- Only 43 percent had authorized access (by policy, not necessarily via system control).
- Sixty-four percent used remote access to carry out the attack.
- Most incidents required little technical sophistication.
Tuesday, April 25, 2006
Tuesday, April 18, 2006
But now there are home, cell and work phone numbers from which to choose, and sometimes work extensions to remember. There are also e-mail addresses -- at home and at work -- and instant messaging handles, perhaps separate ones for the various services, some of which now do voice and video besides text.
Some people even have Web pages -- through their employer or Internet service provider, or perhaps a profile or two on MySpace.
To help people manage all their contact information online, the Internet's key oversight agency is considering a ``.tel'' domain name. If approved, the domain could be available this year.
See what was said in Canada:
Cellphone TV services started with hockey clips and news but now the broadcasting regulator has given wireless carriers carte blanche to move beyond traditional television.
Mobile TV services from Telus Corp., Bell Mobility Inc. and Rogers Wireless Communications Inc. are delivered over the Internet and aren't subject to the same rules as those provided by cable operators and broadcasters, the Canadian Radio-television and Telecommunications Commission said Wednesday....
See Canadian Radio-television and Telecommunications Commission's Public Notice on Regulatory framework for mobile television broadcasting services - click here
Thursday, April 13, 2006
Monday, April 10, 2006
© Copyright 2006 Steptoe & Johnson LLP. Steptoe & Johnson LLP
Friday, March 31, 2006
In early March, the District Court of Amsterdam ruled that Dutch gossip magazine Weekend infringed the copyright in four photos which were posted on photography website flickr. Adam Curry, who, among other things, is a former MTV "video jockey," had posted the photos under the Creative Commons Attribution-NonCommercial-ShareAlike license, which allows photos to be used freely (with attribution) for non-commercial purposes, but not for commercial purposes (such as the use by Weekend). Weekend defended Curry's action by arguing that it was misled by the notice "This photo is public" that was posted with the photos, and therefore did not click on the Creative Commons "CC" symbol accompanying a "some rights reserved" notice (also posted with the photos), which led to a summary of the terms of the license. The court rejected this argument, stating that "it may be expected from a professional party like [the publisher of Weekend] that it conduct a thorough and precise examination before publishing in Weekend photos originating from the internet." The Curry decision thus holds (at least under Dutch law) that not only are Creative Commons licenses valid, but more suprisingly that publishers are under a duty to understand and investigate such licenses even in the face of a confusing statement like "This photo is public."
Source: Steptoe & Johnson LLP. Steptoe & Johnson LLP
A guide published earlier this month about how to commission accessible websites will transform web accessibility in the UK, according to Chris Rourke of User Vision. The firm is also seeking your views in a short online survey.
The Federation Against Software Theft is about to take action against a number of companies in the UK that have been caught making illegal copies of software available for download from their networks – which may come as a complete surprise to the companies.
Thursday, March 16, 2006
It is important to know that failure to register could lead to fine or up to two years imprisonment.
If you are unclear whether you are a cryptography service / product provider - here are the definitions as per the Electronic Communications and Transactions Act 2002:
This is according to the cryptography regulations published in the government gazette on 10 March in terms of the Electronic Communications and Transactions Act of 2002 (ECT Act):
"cryptography provider" means any person who provides or who proposes to provide cryptography services or products in the Republic.
"cryptography service" means any service which is provided to a sender or a recipient of a data message or to anyone storing a data message, and which is designed to facilitate the use of cryptographic techniques for the purpose of ensuring
a) that such data or data message can be accessed or can be put into an intelligible form only by certain persons;
b) that the authenticity or integrity of such data or data message is capable of being ascertained;
c) the integrity of the data or data message; or
d) that the source of the data or data message can be correctly ascertained.
"cryptography product" means any product that makes use of cryptographic techniques and is used by a sender or recipient of data messages for the purposes of ensuring-
a) that such data can be accessed only by relevant persons;
b) the authenticity of the data;
c) the integrity of the data; or
d) that the source of the data can be correctly ascertained;
Contact van Gaalen Attorneys today to find out about their special offer to register you / your organisation as a Cryptography Service- / Product provider
Tel: 011 782 9511/2
Fax: 086 631 8898
email: email@example.com (heading - cryptography special offer)
Monday, February 27, 2006
Friday, February 24, 2006
Wednesday, February 15, 2006
Open source has long held an imprtant place in fulfilling
Wednesday, January 18, 2006
Monday, January 16, 2006
Employers' monitoring of their employees' online activity is nothing new. And neither is reprimanding an employee for visiting pornography websites at the office. But thanks to a recent court decision, employers may now have a legal obligation to halt such activity by employees, or they could be liable if that activity "result[s] in harm to innocent third parties." On December 27, in Doe v. XYC Corp., the Superior Court of New Jersey, Appellate Division, ruled that "an employer who is on notice that one of its employees is using a workplace computer to access pornography, possibly child pornography, has a duty to investigate the employee's activities and to take prompt and effective action to stop the unauthorized activity." The court held that no privacy interest of the employee stood in the way of this duty. Although the ruling has serious implications for any company that offers Internet service in the workplace, it may be of special interest to Internet service providers -- who already have their own child pornography notification obligations under 42 U.S.C. § 13032, and who may come across illegal activity not only on the part of their employees but also on the part of their subscribers. And the court's reasoning could extend beyond pornography to any illegal or harmful conduct engaged in by employees from their work computers.
Friday, January 13, 2006
Proportion of IT budgets to be allocated toward compliance projects in 2006, up from less than 5 percent in 2004, according to Gartner projections.Source: CRN
Number of companies restating their earnings in 2005 as of October, as compared to 650 for all of 2004 and 270 for all of 2001.Source: International Herald Tribune
Proportion of companies that go under within two years of losing data, according to research firm Baroudi Bloor International.Source: Sarbanes-Oxley Compliance Journal