Society Generale, Goldman Sachs and UBS have all been hit by software theft. In the case of Societe Generale, they noted that the bank’s security cameras showed an employee printing out hundreds of pages of code. I would guess that the printing was an attempt to evade the electronic security measures likely in place on the employees computer system which would have prevented them from copying the code to a flash drive. It’s notable that “old school” detection technology was what caught the perpetrator.

The Stockwatch article stated that Reuters stated that in the Goldman Sachs case a new employer offered a Goldman computer programmer $1.2 million a year whereas Goldman was only paying him $400,000. The article does not name the new employer, nor does it state whether the new employer enticed the individual to steal the code, or if they did so of their own accord.

Stockwatch is an excellent resource for news and information on companies and individuals, especially for Canadian publicly traded companies. If you spend a lot of time trying to identify corporate affiliations then I would recommend it.

Among my favourites are:

- Follow the Golden Rule. Assume that the personal information and photos you display are available to everyone and anyone, not just to your friends.
-To protect children from online predators, do not post a child’s name in a photo tag or caption. If someone else does, delete it if you can, or ask the member who owns the photo to remove the name.
-Do not mention being away from home. Doing so is like putting a “Nobody’s Home” sign on your front door. Be vague about the dates of your travel plans and vacations.

For more please visit the SANS site.

My view is that the first thing you have to do is verify that they are who they say they are. Verifying that they have a certain degree or job experience is secondary to the basic verification of identity.

The OPC identified nine key areas relating to privacy and cloud computing, including: Jurisdiction; Creation Of New Datastreams; Security; Data Intrusion; Lawful Access; Processing; Misuse Of Processing Data; Permanence Of Data; and Ownership Of Data.

The reorganization and repackaging of consumer data is addressed in “Creation of New Datastreams” but the issue of meta-data is also addressed in “Ownership of Data” where the report specifically states “Finally, there is also the secondary data that is generated by interactions with a cloud-based infrastructure – although it may well be “personally identifiable information” for the purposes of PIPEDA, users may not be aware of the creation/existence of this data.”

It is also worth reviewing the jurisprudence that is provided in the report. The OPC has provided some useful case law on its own ability to investigate cases internationally as well as enforcement of orders in Canada that were adjudicated in foreign jurisdictions.

Organizations that are selling or using cloud computing services should consider the Privacy Commissioner’s report in their security posture as it will likely be the basis for any privacy impact assessment or review conducted by that office.

According to that post eBay in the United Kingdom may now be implementing a location based authentication scheme which aims to protect its users from being hacked. This is an interesting step towards account protection, provided of course that you never access your eBay account on business trips or vacations.

Perhaps the best way to implement this would be on an opt-in basis?

I think these are a very useful read for anyone interested in protecting online accounts, including individuals, game companies and policy makers.

Are these tools the complete solution to crisis management? Probably not, but having multiple sources providing information on a given incident can only can only lead to better decision making in real time. Furthermore, although the article doesn’t address this, having multiple witness accounts of a given incident can help with post crisis investigation as well.

The first is the International Chamber of Commerce BASCAP Initiative. This is essentially a portal for research on anti-counterfeiting activities around the world. You can research by geographical location, items of interest or enforcement agency which allows you to get some very good, very specific information.

The second source is the Knockoff Report, produced by Rob Holmes of IP Cybercrime in California. His blog focuses on brand protection activities and articles from both a policing and a private sector perspective (note the referral to the Gamasutra article on Sony PSP piracy).

Both of the above sites have e-news letters that you can subscribe to.

Honourable mention goes to the World Health Organizations IMPACT site and to the Interpol Site. The WHO IMPACT site provides some great information on counterfeit drugs and it also provides a mechanism to report incidences of counterfeit medicine, unfortunately it does not appear to be updated very often.

The Interpol site describes some of the initiatives that this organization has been involved with to help stop the spread of counterfeit goods, including medicines.

Finally, and I can’t believe I almost forgot, there is the Linked In Group on Anti-Counterfeiting.

The Canadian Office of the Privacy Commissioner has recently posted a research paper on their website. The paper, which was written in April 2008, describes privacy concerns relating to virtual worlds, specifically Second Life.

It is titled “Second Life: Privacy in Virtual Worlds” and it provides a general background on these environments, some of the marquis cases that have affected user’s privacy and finally analyzes some of these concerns against the principles set forth in the Privacy Act.

It is a good read for researchers, but will also give virtual world/mmorpg businesses a sense of the direction that Canadian privacy authorities are heading in with respect to these environments.