|
DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
July 09th, 2009
Data protection laws vital for outsourcing hubs
KUALA LUMPUR--Asian countries seeking to become outsourcing hubs will greatly benefit from formulating data protection laws, according to Symantec.
Tan Wei Ming, the security firm's Asia-Pacific senior manager of government relations, noted that because information flows between countries to be processed for outsourcing operations, it is vital countries involved in these activities implement strong data protection laws.
"I think that is why some countries are talking about having strong data protection laws, because if you are positioning yourself as an outsourcing hub...then you have to demonstrate [you adopt stringent] security standards," Tan told ZDNet Asia.
Singapore-based Tan cited the Data Security Council of India, which was established to protect businesses, raise awareness and spread best practices on data security and data privacy. This has helped India become the world's top IT outsourcing destination, he said.
However, Tan noted, only a handful of countries in the region--Japan, Korea, Hong Kong, Australia and New Zealand--have passed data protection or data privacy legislation. Countries currently in the process of introducing similar legislation are Malaysia and the Philippines, both of which have ambitions to become major outsourcing hubs.
He commended Malaysia's decision to establish the Personal Data Protection Bill, which media reports indicate is due to be tabled in parliament this October. The legislation aims to monitor the processing of private data by users, safeguard individuals' data and rights, and prevent abuse, according to the Information, Communication and Culture Ministry.
Tan noted that companies operating in countries that have not passed data protection laws would instead need to rely on their internal security policies and relevant ISO certifications to reassure potential client.
Tiffany O. Jones, Symantec's Americas director of government relations, said in an interview: "Having data protection laws in place will create more innovation within the country because if you are adhering to international [security] standards, it is more likely you are going to get more business flowing into your country."
Jones and Tan spoke with ZDNet Asia on the sidelines of a security conference held here this week.
A public-private partnership
US-based Jones noted a trend among governments to formulate more formalized security strategies, policies and legislation to combat cybercrime, and protect their countries' critical infrastructure.
Given that the majority of such infrastructure is owned by the private sector, she said the "big question" many governments wrestle with today is establishing the right partnership with market players to protect the infrastructure.
Symantec currently is in talks with governments around the world and provides input to proposed drafting of security-related legislation. "In the United States, there are now 46 states with data security legislation in place," Jones added. "There are plans to codify a national bill that would cover all states and the federal government."
She outlined three key principles Symantec recommends to governments that are looking to pass data protection legislation.
First, the legislation should have a preventative component. "Don't just be worried about what happens when there's a security breach. Try also to prevent it from happening by making sure there are reasonable security measures in place," said Jones.
Second, ensure there is a standard notification if a breach occurs, and that everyone should comply with, to notify consumers of the breach.
"Third, have a safe harbor provision stating that if you follow reasonable security measures, and also go above and beyond that, for example encrypting data, then you don't have to notify [consumers] if you can render the data unusable," said Jones.
However, the drafting of such legislation on a global scale presents certain problems such as differing definitions on what constitutes private information, as well as inconsistencies in the laws themselves. For example, countries have varying terminology for legislation such as data privacy, data security, data protection or data breach, said Jones.
"We want to make sure that legislation, whenever it is formulated, is consistent so that consumers can expect consistency in how data is protected and that companies can better comply," she said. "It's more difficult for a company like Symantec, which has global operations, to comport with a hundred different country laws...[without] having a kind of a baseline standard."
Source: ZDNet Asia
All news for September, 2009
All news for 2009 year
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: www.Anti-Keylogger.Org and www.Keylogger.Org is an independent research projects supported by a team of enthusiasts. If you find this project useful and would like to help foster its continued development, please consider making a donation.  Thanks in advance for your support! |
