The final frontier of IT security defence though is Integrity. Information integrity requires an accurate representation of the state of the business and the audit records as to how it got there. Modern systems need to record both; it’s not enough that the system is provably accurate, records are required to ensure that transactions and changes are appropriately authorised. The key questions are “does the system tell the truth?” and “can we prove that the accurate state of the business has been authorised?”
The competing timetables between Brexit and the General Data Protection Regulation (GDPR), and current intent by the UK Government to repatriate the EU’s Laws en-bloc mean that the EU’s GDPR will become law in the UK irrespective of the route that Brexit takes.
Last October, the Court of Justice of the European Union ruled that the EU/US safe harbour treaty doesn’t offer the protections required of Europe’s Data Protection laws. The EU’s Acquis Communitaire (its body of law) stems from the various treaties that bound its members in which they agree to abide by the European Convention of Human Rights and its EU instantiation the EU Charter of Fundamental Rights. Article 8 of the ECHR defines a European Citizen’s […]
There has long been a realisation that the location of data and its storage has a cost and performance implication. But the location of data, particularly data deemed private and confidential, can also be constrained by its legal jurisdiction. Most international organisations are accustomed to managing the legal and regulatory requirements of both their jurisdiction of […]