CEI Compliance Consultancy » data protection

ICO says FSCS law firm could have breached data rules on Keydata

greg.mcveyhiteclabs.com — Thu, 17 May 2012 11:00:00 +0000

Another Article

The Information Commissioner’s Office says law firm Herbert Smith is likely to have breached data protection rules in disclosing the names of Keydata investors and the amount they have been paid in compensation.

Read the rest here:
ICO says FSCS law firm could have breached data rules on Keydata

Join Our Blog

TPR says providers won’t breach rules on auto-enrol data

georgina.warwickpetrusfinancial.co.uk — Thu, 22 Mar 2012 13:30:00 +0000

Another Article

The Pensions Regulator has moved to allay provider fears over data protection issues ahead of automatic enrolment.

Join Our Blog

Insurers use data loophole to cut medical record costs

cysprobus-sigma.eu — Fri, 09 Dec 2011 07:00:00 +0000

Another Article

Broker says insurers are using a data protection loophole to get full medical records at reduced prices.

Read the original:
Insurers use data loophole to cut medical record costs

Join Our Blog

EU rule on web ‘cookies’ bears £500,000 fine

greg.mcveyhiteclabs.com — Wed, 20 Apr 2011 20:42:14 +0000

Another Article

European requirements on data protection and internet trackers will be backed by tough auditing and investigatory powers for the Information Commissioner’s Office

See original here:
EU rule on web ‘cookies’ bears £500,000 fine

Join Our Blog

UK questions EU online privacy plan

morven.griersons4plc.co.uk — Tue, 29 Mar 2011 13:29:23 +0000

Another Article

Ed Vaizey, the UK’s communications minister, questions the practicality of planned additions to the European data protection directive

See the rest here:
UK questions EU online privacy plan

Join Our Blog

Improve Your Record Keeping – Warns Pensions Regulator

Speechless — Tue, 02 Feb 2010 11:20:30 +0000

Another Article

Trustees and those responsible for administering workplace pensions will need to improve standards of record keeping. Following research during 2009, the Pensions Regulator published a consultation today setting out standards for member records and requiring schemes that fall short of requirements.

The regulator will continue to ‘educate and enable’ schemes to improve their record keeping performance but is clear now that further measures are needed. Under these proposals, it will now be a requirement for all schemes to maintain high-quality standards of data.

The regulator proposes to set targets for the accuracy of the common data which schemes must hold. The regulator also proposes to review performance of schemes. Where schemes fail to have adequate plans in place to resolve data issues, the regulator will require them to improve.

Good record-keeping applies to all schemes, whether trust-based or contract-based. In respect of contact-based arrangements, the Pensions Regulator works closely with the Financial Services Authority to improve standards and take corrective action where necessary.

Full details can be found HERE

Join Our Blog

FSA Reveal IFA Email Addresses

Speechless — Thu, 28 Jan 2010 08:18:47 +0000

Another Article

The FSA has failed to protect the email addresses of hundreds of IFAs and apologised for the failing which were revealed in a mass email.

Earlier this month, keen to sound out the possible effects of the RDR proposals on their business, the FSA emailed an online questionnaire to firms requesting information. The regulator made the addresses of advisers receiving a carbon copy plainly visible in the email.

This is hardly on a par with losing thousands of private individuals’ personal financial details on a USB drive or laptop, but no doubt the FSA knockers will have their two pennyworth. IFA email addresses are available on the FSA register and undoubtedly on the websites for those that have them, not to mention the online business directories.

CEI’s View: Yes it was an error as the survey was presumably confidential and suitably random for statistical purposes: yes it could negate the results if someone were to influence any or all of the IFAs regarding their RDR views, however we seriously doubt any IFAs have that much influence over others. The FSA will undoubtedly review their procedures and smack someone’s wrists, but the front page can carry on rolling off the press. Its not a show stopper.

Join Our Blog

Looking For UK Compliance Consultants

Speechless — Fri, 09 Oct 2009 06:43:05 +0000

Another Article

CEI Compliance is looking for serious consultants with UK Financial Services Compliance experience from complaints to sales process and auditing to process redesign experience for work currently under negotiation.

Applicants should be qualified in compliance or a related subject or have 5 years or more business review, sales compliance or other related experience

Join Our Blog

PCIDSS Security Requirements

Speechless — Mon, 24 Aug 2009 18:50:28 +0000

Another Article

The standards covered by the PCI Council can be used to help build or augment the security policies and structure for the enterprise, data centres and your customers. This comprehensive set of requirements for security management, policies, procedures, network architecture, software design and other critical protective measures will be used by the wise as a best practices guide to implement and follow.

Although the PCI Council manages the underlying security standards, compliance is set independently by the individual brands. Each brand has its own set of financial penalties per incident, with additional penalties ranging from restrictions to outright loss of use.

A common misconception is that this is an IT issue and best left solely to the technical departments to resolve. In fact, most companies find that this is a multi-discipline exercise best co-ordinated by a risk and compliance function who can then co-ordinate any IT requirements and engagement; governance for policy writing or amendment; operations for current practices and training; HR for new hires security checks; as well as providing feedback to the audit function for reporting to senior management.

In the latest release of PCI DSS is the requirement that all Web-facing applications be protected against known attacks. Also, further consideration is paid to the vulnerability of the application if someone does get access: How much damage can they do? Historically hosting companies over the years have become very good at protecting the networks and the operating systems from attacks, while the applications themselves have been left vulnerable.

Join Our Blog

Positive Solutions Declare Negative Data Handling

Speechless — Mon, 24 Aug 2009 09:51:10 +0000

Another Article

An investigation is currently being carried out at Positive Solutions into an alleged fraud by one of its advisers.

A spokesperson for Aegon, which owns Positive Solutions, confirmed there was currently an internal investigation underway into the conduct of an adviser employed by the nationwide IFA firm.

She said: “There is an investigation underway into alleged fraud by an adviser. It is ongoing so we can’t give out any further details, but Positive Solutions are leading on the investigation.

“It is about funds that have gone astray from the company.”

Lee Werrell of CEI Compliance added; “Data protection and storage of third party details and authorities is vital to the efficient use of technology. Companies of all sizes do not realise that there are holes in the processes and procedures as they become snow-blind in dealing with the systems every day.

“Payment Card Industry Data Security Standards (PCIDSS) is becoming more and more of a requirement, especially for public data storage from cedit and debit payment cards. These standards can be mapped across and implemented in most systems commonly held within financial and non-financial organisations.

As Stellios Haji-Ioannou, Founder of Easyjet said; “If you think Risk Management is Expensive – try an accident”

Positive Solutions have now had their accident.”

Join Our Blog