Member Since: 8th Aug 2003
Stewart Twynham is an experienced information security expert and AccountingWEB contributor. He recently founded the independent cyber-security consultancy Brandfire (https://brnd.fr/) to help businesses in Scotland tackle these issues.
27th Mar 2018
Here is an example of the ICO's code of practice for CCTV - this is written with the DPA in mind but the principles all hold true for the GDPR. Because CCTV relies on legitimate interest, it will need to pass certain tests to be valid, but this document looks at many different scenarios to help you through that process.
The main changes you will need to consider for the GDPR:
- Greater transparency - making sure you provide sufficient information
- A potential increase in the records you keep - depending on how much data you are recording
- Handling additional data subject rights including Subject Access Requests
- Keeping your recordings secure and handling mandatory breach notifications
Expect the ICO to update the guidelines soon. I hope that helps!
27th Mar 2018
Most small businesses process personal data - supplier records, customer records, online payments, employee data - and GDPR is about making sure that all of this is processed lawfully, fairly and transparently.
CCTV can present serious privacy issues even under the old Data Protection Act - if anything it's one of the easier areas to look at under the GDPR because so much relevant guidance has already been produced.
2nd Feb 2018
If it's an innocuous e-mail, then it would probably not require notification - although I would make an effort to discuss the matter with the unintended recipient on the phone, and if necessary you and they may wish to log it.
If the e-mail contained personal data and thus was a risk to rights and freedoms of a natural person - then you would have to notify the ICO, but you wouldn't have to notify the individual if it was not a high risk to their rights and freedoms. You would also be required to document everything (Article 33 clause 5).
If, on the other hand, you discover that the e-mail was sent as part of a batch e-mail merge gone wrong and 1,000 people have been sent the incorrect e-mail, then that would in itself represent a high risk which would require notification to the individuals affected as well.
If it was an e-mail to invite people to a meeting of your local alcoholics anonymous / mental health support / religious meeting / political rally / trade union group / etc and you've added everyone to the To: or Cc: list and not the Bcc: list - then yes, it's notifiable to both as this would be a high risk, falling under Article 9 - special categories of personal data. Notification may not be necessary if no sensitive data is revealed or implied and if only a minor number of email addresses are revealed.
10th Aug 2007
Just worth noting that iWork '08 isn't bundled with the iMac - only a 30 day trial as with other Macs, plus the iMac starts at £680 + VAT in the UK not £590, and £977.87 + VAT for the 24 inch.
12th Jul 2007
Here are the specs for the examples given:
Notebook: HP nx7300 T5500 Core2Duo, 80GB 5,400 rpm HDD, 2GB RAM. Total cost was £412 including VAT and delivery - one month ago. Price compared with equivalent Dell Inspiron - same T5500 C2D, 80GB, LCD panel, Intel GPU at that time, including a free delivery offer.
Mac Pro: 8GB RAM, Apple online store price for 8GB = £1349.01, (4x2GB PC5300 FB DIMM), at other stores for £493.48. Apple online store price for 2 off Seagate 500GB 7,200 SATA 2 HDD = £418, available at other stores for £130. Total saving £1143.
Macbook Pro: Mid range 15.4" model, Santa Rosa spec 2.4GHz Core2Duo, 4GB upgrade at Apple online store = £480, 4GB (2x2GB PC5300 667 SODIMMs) from Crucial (today) is £164.49.
Dell have in the last few days shifted their models around a bit, but will still charge (for example) £95 + VAT to uplift a 1GB notebook to 2GB, when plenty of stores online charge around £50 for the whole 2GB of branded RAM, including VAT and shipping.
This price differential has another interesting side effect - of making models further up the chain look "cheaper" - as you "spec up" your lesser model, you end up with a price which is closer to the higher model's price - so end up buying that one.
I hope that helps!
15th Mar 2007
Over the odds?
I hope to be covering the hosted route (and there are many providers out there) as part of an upcoming market summary.
Although many are reluctant to even consider hosted solutions - hosted telephony isn't new (it's been around for over a hundred years - and you probably already use such a setup in your own home) - it's the VoIP bit that makes them exciting because of the flexibility to work from almost anywhere. But they aren't the panacea that they are sometimes made out to be.
In this particular case, the lack of CTI (Computer Telephony Integration) is where hosted solutions fall down. So where your telephone system and CRM system / computer network need to be talking the same language, hosted may not be the way forward. But give it time, and I'm sure that will change.
2nd Mar 2007
Re: Paying over the Odds?
Actually, I think it's pretty spot on. First of all it's 30 users + several remote staff as well (including myself!) This doesn't include additional phones for offices (e.g. training / board rooms, reception, etc) - and apart from the server room, the spec of the phone hardware is high (all Cisco). In fact, comparing with the voxhub site we're actually paying quite a lot less than is quoted there for the phone hardware!
It's an important point, though. What I'm quoting is an "on the road" price including all phones, outboard power supplies for non PoE handsets, DECT headsets, wired headsets, software, additional UPS, two additional PoE / QoS switches, configuration, weekend installation, sysadmin training, user training, Asterisk integration training for myself, PRI conversion, PRI cards and 12 months of priority support. No extras. Just add VAT.
Moving to Asterisk has allowed my client to afford to "spec up" many areas (e..g. 10 DECT headsets for sales staff rather than wired ones). But clearly you don't have to do that - a VoIP phone with display can be had for comfortably under £40 these days, compared to a top of the range Cisco at around £250. This can make a big difference to price when you need 30 of them!
Does that help to clarify the situation?
21st Jan 2007
In many ways you're right... but this is due in part to the "self fulfilling prophecy" effect.
Client A has a web site. They don't spend any money on it. Therefore they don't get any business from it. They cannot justify spending money on it because they won't get any business from it. Therefore they don't. Therefore they won't.
Client B has a web site. They invest a reasonable amount (not just money but time) into it. It gives fantastic returns. They wouldn't dream of spending less on it, and in fact want to spend more. They know the benefits they'll get. Therefore they do. Therefore they will.
6th Jan 2007
One further thing to add - there is NO lack of XHTML1.0 (and 1.1) support out there - most decent Content Management Systems (CMS) have been supporting XHTML for *years* (as we have).
Agreed, it may be beyond the capabilties of a home-grown site if you're not a full-time web designer, but the excuses we hear all the time that standards compliance "isn't important" or is "too dificult", from "Professional" Web Design companies is simply the height of laziness!
I'm sure you wouldn't send out invoices with 17.3% VAT on them, or put the wrong National Insurance number on a tax return, and say "oh well, it's near enough, if no-one notices it'll be OK!"?
5th Jan 2007
Re: Do what you can do
Dennis, one thing worth adding is the common American phrase "your mileage may vary". Clearly, someone offering professional services in Galashiels will have an easier job than someone offering the same services in London!
I agree with the "differentiated content" comment - and would go further to argue that this impacts Google as much as the person browsing. One particular example is that many businesses resell products and services - the same products and services that are also resold on 10,000 other sites. It's easy to be lazy and simply copy and paste the same descriptions - and to Google this looks like 10,000 sites with very similar content. Differentiation and unique content is good.
Finally, the point about size wasn't to infer that small size sites *can't* compete - on the contrary - it's that very large sites (eBay, BBC News, etc) may not play by the same rules because of their sheer size. Small sites have a different advantage - something called keyword density - i.e. the small amount of content they have is more focussed.