NIST: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (2010) resource Agency Guidances OCEG Reviewed
NIST Special Publication 800-37, Revision 1 (February 2010)
United Kingdom, Guide to data protection – definitions, principles and practical examples resource Agency Guidances OCEG Reviewed
The principles of the Data Protection Act in detail: this Guide explains the purpose and effect of each principle, and gives practical examples to illustrate how the principles apply in practice.
From the Information Commissioner's Office (ICO).
Making compliance real for those in the trenches (2010) resource Articles OCEG Reviewed
Introduction: Until fairly recently, information security people were buried away in server rooms configuring firewalls and patching servers. With the sudden surge of compliance and regulatory requirements being placed onto a business, IT security people are now required to understand and help implement compliance solutions.
Secure Collaborative Supply Chain Planning and Inverse Optimization – The JELS Model (2010) resource White Papers OCEG Reviewed
Abstract: It is a well-acknowledged fact that collaboration between different members of a supply chain yields a significant potential to increase overall supply chain performance. Sharing private information has been identified as prerequisite for collaboration and, at the same time, as one of its major obstacles.
A New Era of Compliance: Raising the Bar for Organizations Worldwide (RSA, October 2010) resource Research / Studies OCEG Reviewed
October 11, 2010 - RSA released a new report produced in concert with its Security for Business Council (SBIC).
United Kingdom, The Information Commissioner’s response to the Ministry of Justice’s call for evidence on the current data protection legislative framework (October 2010) resource Agency Guidances OCEG Reviewed
Introduction: "The Information Commissioner has responsibility in the UK for promoting and enforcing the Data Protection Act 1998 (DPA) and the Freedom of Information Act 2000. The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Data Privacy and Cross-Border Data Flows resource Agency Web Sites OCEG Reviewed
Posted on the Office of Technology and Electronic Commerce's web site on Electronic Commerce. The Office of Technology and Electronic Commerce (OTEC) is a division of the International Trade Administration, U.S. Department of Commerce.
France: Data Protection Act (CNIL) resource Agency Web Sites OCEG Reviewed
The Principles: 1) Loyalty in the collection of data 2) Purpose of the files 3) Information of individuals 4) Reinforced protection of sensitive data 5) No decision concerning an individual may be taken based only on a processing
European Data Protection Law: Corporate Compliance and Regulation (Oxford University Press, April 2008) resource Research / Studies OCEG Reviewed
Author: Christopher Kuner
An overview of laws, treaties and action updates of the EU Member States and Non-Members on data privacy protection.
FTC, Twitter Settles Charges that it Failed to Protect Consumers’ Personal Information; Company Will Establish Independently Audited Information Security Program (June 2010) resource Agency Guidances
June 24, 2010 - Social networking service Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information, marking the agency’s first such case against a social networking service.