Information security analytics

If you want to gain access to the cell-phone records of virtually any American, all you need is their telephone number and a spare $100 dollars on your credit card. The rest you can leave up to a host of Internet sites that provide you with a list of calls made and received.

Some consumers may be dismayed to find their Social Security numbers printed on unsolicited packages from H&R Block, the result of a recent labeling blunder at the company. The packages, which H&R Block mailed in December, contained free copies of the company's tax preparation software, TaxCut. By mistake, some of the packages also displayed recipients' Social Security numbers, which were embedded in 47-digit tracking codes above mailing labels.

Fraudsters used the personal bank details of thousands of civil servants to make bogus claims for disability benefits worth tens of millions of pounds, the Sunday Telegraph has learned. Officials at HM Revenue & Customs yesterday confirmed that the Revenue had linked the massive rise in payments of a valuable disability benefit with the theft of the payroll data of 13,000 Department for Work & Pensions (DWP) employees last summer.

Thousands of documents containing the names, addresses, credit card details, telephone numbers and the signatures of guests at one of Britain's most famous hotels ended up in a rubbish skip in what has been dubbed "the biggest field day for identity fraudsters ever". The owner of the Grand Hotel in Brighton was forced to issue an apology after staff threw out huge quantities of registration forms and credit card slips that included the details of several politicians.

Small-Entity Compliance Guide is intended to aid compliance with previously issued interagency guidelines Federal banking agencies have issued guidelines to help small banks implement the Interagency Guidelines Establishing Information Security Standards. The Interagency Guidelines implement section 501(b) of Gramm-Leach-Bliley and section 216 of the Fair and Accurate Credit Transactions Act, and establish standards for the security of customer information. The guidelines, however, do not address any other state of federal laws that may concern customer information.

One of the oldest banks in the U.S. state of Connecticut became the latest U.S. financial firm to lose confidential data after a tape containing information for around 90,000 customers and employees went missing while in transit to a credit reporting bureau.

Described as one of the nation's toughest laws, the New Jersey Identity Theft Protection Act came into effect on Jan. 1, 2006 in the state of New Jersey. Commercial enterprises are now calculating the costs of bringing their businesses into line with the new law. The New Jersey law obliges commercial enterprises to safeguard customer information and to destroy it if it's no longer needed. As the name suggests, the New Jersey Identity Theft Protection Act is designed to make it a lot harder for criminals to hijack someone's identity.

The wave of legislative initiatives to protect private data has made its way to Canada. The country's Green Party has proposed a bill that would compel banks, credit agencies and other institutions to inform clients when their personal information had been compromised. The law, presented to parliament by Green Party leader Jim Harris on Jan. 12, 2006, would also regulate the outsourcing of credit card bill processing to the United States — currently a common practice among Canadian-based credit companies, which exposes Canadians to fraud and even identity theft.

British Petroleum has spent $100 million on compliance as a result of being listed on the NYSE The head of the largest company in England has stated that Sarbanes-Oxley has cost that company $100 million, or 60 million pounds. Lord Browne of Madingley, CEO of British Petroleum, which had revenue last year of $285 billion, told a Daily Telegraph interviewer that that amount involved “external costs” and did not count internal staff time.

Vote overwhelmingly favors idea of exempting small public companies from some or all of SOX Section 404 requirements. The SEC's Advisory Committee on Smaller Public Companies yesterday approved a plan under which smaller firms would be exempted from the external audit requirements of Sarbanes-Oxley Section 404. Only one of the 21 members voted against the plan, in which companies with capitalization less than $125 million would be exempt, although they would face stricter governance rules.