Barbarians at the Gate: The Fall of RJR Nabisco is a book that might have been written in present times instead – as it was – of the ’90s. The well documented (and very well written) account of the biggest leveraged buy out Wall Street had dreamed ever is a detailed explanation of how the financial system started ruining the “real economy” after 1987 black monday crisis. Although this book is slightly out-of-the-scope for this blog, I nevertheless suggest to give it a try. A lot of things that happens in the ICT world might all of a sudden make sense…
After the investigation started by the Milan Public Prosecutor Office, another case of alleged rogue corporate security and law enforcement officer case hits mainstream media. Former Corporate security head of the Internationally known luxury firm Gucci, together with private investigators and law enforcement officers have been involved into a criminal investigation ran by Florence Public Prosecutor, with charges of computer illegal trespass.
Last June 5, 2007 the Italian Camera dei deputati (roughly, a sort of US “lower house” equivalent) passed a law to excuse Small Medium Enterprises (SME) employing no more than 15 people from the enforcement of mandatory security measures to protect personal data. To enter in full force the law need to be approved by the Senate, whose decision is exepcted in the very next weeks.
This law has been proposed because – as matter of fact – from 1996 to present days Italian Data Protection Law has become just a bureaucratic issue, made of form to fill, with no actual attention to substantive issus. And – that is worse – the Italian Data Protection Authority did almost nothing in the last twelve years to stop this trend.
The proposed SME’s exemption arouse the furious reaction of ICT security lobbies who claimed that this law endagers the whole Italian communication network “safety”. This is a grossly misleading claim since data protection law only deals with a limited subset of data an the security measures related provisions basically provide “paper based security”.
True problem is that – on the contrary – Italian Data Protection Law has been drafted and enforced with a distinctive lack of “reality check”, whose result is that now the Parliament is stepping back on its foot.
Recently Intesa Sanpaolo (born after a merge between Banca Intesa e Istituto San Paolo) moved its Internet banking authentication system from a password-based to a one-time-password-based access.
They sell that “innovation” – ever happens in the ICT business – as a major increase in IT security and then as a benefit for the customer, but if you think for a while this is not entirely true. Or – better – this might be true from the perspective of a marketing manager. But it is not from the customer standpoint.
Continue reading “Intesa Sanpaolo: when marketing meets security”
Tomorrow I give a speech at Infosecurity, the most important ICT security exhibit in Italy.
The conference is (unfortunately) in Italian only, but who’s familiar with the language might like to have a look at the programme.
Continue reading “Privacy, corporate secret information and ICT. A speech at Infosecurity.”