Feed aggregator

CW Nordics August 2019: Copenhagen woos tech startups

Security News White Papers - Thu, 08/29/2019 - 12:00am
Copenhagen offers all the advantages startups need to get off the ground and many are setting up with the intention of staying there for the long haul. Also read how Nordic shipping giant Maersk is changing its approach to IT as nimble competitors strip complexity from the business of logistics. Published by: ComputerWeekly.com

Why use Robotic Process Automation?

Security News White Papers - Tue, 08/27/2019 - 12:00am
In this e-guide, read more about the state of RPA adoption in Asia-Pacific, how different RPA players are addressing the needs of the market and what it takes for RPA projects to deliver on the technology's promises. Published by: ComputerWeekly.com

Security analytics: Enabling organisations to get ahead of attackers

Security News White Papers - Mon, 08/26/2019 - 12:00am
In the face of an ever-increasing number of cyber-attacks, many organisations are turning to security analytics, which is the use of data to measure and detect potential breaches. In this e-guide we provide 6 case studies on when and when not to use security analytics. Published by: ComputerWeekly.com

Infographic: 5 ways to achieve a risk-based security strategy

Security News White Papers - Fri, 08/23/2019 - 12:00am
In this infographic, learn five steps to implement a risk-based security strategy that naturally delivers compliance as a consequence of an improved security posture. Published by: ComputerWeekly.com

Conversational Designers. We need your feedback

Hacker News - 30 min 48 sec ago

We are a startup building the easiest to use chatbot platform. Please share your feedback. Tell us how we are doing.

https://flow.ai Flow.ai is the best platform to create and manage chatbots for customer service and marketing, from initial ideas to full-fledged solutions.

Comments URL: https://news.ycombinator.com/item?id=20747533

Points: 1

# Comments: 0

Categories: Hacker News

IPANDETEC Rates Panama’s ISPs in its First ¿Quién Defiende Tus Datos? Report

EFF - 35 min 7 sec ago

It's Panama’s turn to take a closer look at the practices of its most prominent Internet Service Providers, and how their policies support their users’ privacy. IPANDETEC, the leading digital rights NGO in Panama, has launched its first "Who Defends Your Data" (¿Quién Defiende Tus Datos?) report. The survey shines a light on the privacy practices of the main ISPs of the country: Claro (America Movil), Movistar (Telefonica), Digicel, and Más Móvil (A joint operation between Cable & Wireless Communications and the Panamanian State, who owns 49% of the shares).

This year, while all companies surveyed received a low score,  Movistar (Telefonica) led the pack in protecting their customers -- with Digicel right behind.

Movistar is the only company that published both a transparency report and law enforcement guidelines, but unfortunately, it did so only on its parent company’s site. Digicel is the only ISP to publish its privacy policy on its Panamanian website; Claro came close, but its policy was limited to the company’s website, not its wider privacy practices. Más Móvil and Movistar direct visitors to their parent company’s privacy policy.

Movistar and Claro, through their parent companies, both assured their users that they require judicial authorization before authorities can access consumer data. Más Móvil and Digicel do not.

Movistar and Claro were the only ISPs that proactively responded to IPANDETEC’s survey. Más Móvil and Digicel, on the other hand, did not respond when contacted. This is a missed opportunity. At their heart ¿Quién Defiende Tus Datos? reports are a chance for civil society groups and ISPs to understand each other's work. The report will be published each year, and plans to capture ISPs’ progress as they improve.

The final results of the study are below.  For more information on each company and Panama’s ICT sector, you can find the full report in Spanish on IPANDETEC’s website.

Evaluation Criteria

  • Data Protection: Does the company post a document detailing its collection, use, disclosure, and management of personal customer data?   
    • The data protection policy is published on its website
    • The policy is written in clear and easily accessible language
    • The policy details what data is collected
    • The policy establishes the retention period for user data
  • Transparency: Does the company post an annual transparency report listing the number of government requests for customer data they’ve received, and how many were accepted and rejected?    
    • The company publishes a transparency report on its website
    • The report is written in clear and easily accessible language
    • The reports contain data related to the number and type of requests received, and how many were accepted
  • User Notification: Does the company promise to notify users when the government requests their data?    
    • The company states it will notify users when the government accesses their information as soon as the law allows
    • The company supports public policy that gives users the right to prior notification, allowing them to contest the government request 
  • Judicial Authorization: Does the company explicitly state it will only comply with authorities’ request for user data if they have a warrant?
    • The company states in its policies that it requires a warrant before law enforcement can access the content of users' communications
    • The company rejects requests by law enforcement that violate legal requirements
  • Defense of Human Rights: Does the company publicly promote and defend the human rights of their users, specifically the privacy of their communications and protection of their personal data?
    • The company promotes user privacy and data security through campaigns or initiatives
    • The company supports legislation, impact litigation, or programs favoring user privacy and data security
    • The company participates in cross-sector agreements promoting Human Rights as a core tenant of their business
  • Digital Security: Are the company’s website and online payment service secure?
    • The company uses HTTPS on its website 
    • The company uses HTTPS when processing payments online
  • Law Enforcement Guidelines: Does the company outline procedures, guidelines, and legal requirements required for law enforcement requesting customer data?
    • The company publishes guidelines for law enforcement data requests

Main Findings

 

Conclusions

While all four companies received relatively low scores, Movistar is comfortably in the lead in protecting their customers, with Digicel not far behind. 

We hope to see all four ISPs engage in a conversation with IPANDETEC to improve their privacy practices in preparation for next year’s report. 

This project is only one piece of a much larger initiative across Latin America and Spain. EFF’s Who Has Your Back? has held U.S. internet companies accountable for their privacy policies and processes. Now EFF’s partners around the world are doing the same. Click here to learn more.

Pages