A Big Day for Identity Theft

Wednesday, November 21 was a day to remember in the inglorious history of identity theft.

First, British Prime Minister Gordon Brown expressed his profound regret that tax records of 7.25 million families, constituting almost one-half of Britain’s population, went mysteriously missing in transit from one government department to another. This information (on two discs) was password protected but not encrypted, and contained names, addresses, birth dates, national insurance numbers and, in some cases, bank account numbers. The Prime Minister assured us that the government’s security policies and procedures would be reviewed. Good idea, but a little late…

Meanwhile, in Canada, the Minister of Justice and Attorney General, the Honourable Rob Nicholson, introduced legislation that makes it an offence to obtain, possess or traffic in other people’s identity information if it is to be used to commit a crime. This will fill a loophole in the Criminal Code, which treats identity fraud—the misuse of another person’s identity information—as a crime, but is generally silent on the preparatory steps of collecting, possessing and trafficking in identity information.

For more information on the proposed legislation see the Gowlings Government Briefing Bulletin produced by the Gowlings National Government Services Industry Group.

With chapters on Physical and Systems Security, Data Security, and Network Security, Information Technology PolicyPro (ITPP) has the expert analysis and ready-to-use policies you need to ensure that confidential information is safe and secure. For more information about ITPP, click here.

<< Top of Page

Starting this fall, Interac and the major credit card companies will launch new "smart" cards that feature an embedded EMV chip that interacts with an EMV-compliant credit card payment terminal. These cards promise a higher level of security against identity theft and counterfeit card use.

EMV stands for Europay, Mastercard and Visa, the chip's developers. Although EMV cards are considerably more secure than the magnetic-strip cards currently in use, transaction processing may be slower, because of the increased cryptographic overhead.

EMV cards have just finished their field trials in Canada, but are already in use in more than 45 countries. As a result of their enhanced security, it is expected that banks and credit card companies will eventually move to make merchants liable for any fraud that results from transactions on systems that are not EMV-capable.

For more information, click here.

<< Top of Page

In the last issue of the PolicyPro Bulletin (Vol. 2, No. 10), we discussed the Canadian Accounting Standards Board’s invitation to comment on the future of financial reporting by private companies in Canada.

As part of that invitation, the AcSB proposed three different scenarios:

1. A “top-down” approach based on public company GAAP, eliminating and modifying some IFRS requirements.
2. IFRS-SME—the International Accounting Standards Board’s proposed standards for small and medium-sized enterprises; and
3. An independently developed set of Canadian accounting standards for private enterprises that shares the same conceptual framework as IFRS

In this issue, we present KPMG’s perspective on these scenarios in a paper entitled Financial Reporting by Private Companies: Evaluating the Options. This paper explores the three scenarios, presents the advantages and disadvantages of each, and ends with a discussion of the practical challenges inherent in any change in an accounting model, and other important accounting changes in the pipeline.

For a link to this paper, click here.

<< Top of Page

Every year, CA Magazine publishes the result of the CICA’s Information Technology Advisory Committee’s annual survey of the biggest technology concerns of Canadian chartered accountants.

In 2006, CAs were concerned with the regulatory requirements contained in the U.S. Sarbanes-Oxley Act and its Canadian counterpart, issued by the Canadian Securities Administrators. In addition, they were worried about the new audit risk standards, as outlined in the CICA Professional Engagement Manual.

This year, ITAC established a framework for administering the survey, in which they identified 10 major areas of interest and asked respondents to indicate the most significant issue for each.

But many of the key issues identified in this year’s results—wireless connectivity, attestation of IT controls, privacy, offshoring, effective IT management, and data integrity—touch on the fundamentals of identifying IT risks and building effective, robust IT controls.

For the full article in CA magazine, click here.

Information Technology PolicyPro (ITPP) contains expert advice and ready-to-use policies dealing with a wide spectrum of IT risks and controls. For more information about ITPP, click here.

<< Top of Page

New Policies Added to ITPP

We’re pleased to announce that we’ve added two new policies to Chapter 11 – Backup and Disaster Planning in the latest update release of Information Technology PolicyPro, Release 2007-04.

The new policies are as follows:

• IT 11.08 – Disaster Recovery Plan Testing: A disaster recovery plan (DRP) must be tested regularly to validate the plan and ensure that no critical processes or dependencies have been overlooked
• IT 11.09 – Disaster Recovery Plan Review: The DRP needs to be reviewed regularly to ensure that it is current and has been modified as required from time to time to deal with changes to IT systems and procedures

For more information about ITPP, and to take a 30-day no-obligation trial, click here.

<< Top of Page

About the PolicyPro Bulletin

Editor: Colin Braithwaite, Managing Editor – PolicyPro.

Please do not reply to this Email.

PolicyPro Bulletin is a complimentary service published by First Reference Inc. and is sent to you monthly. Each issue of the PolicyPro Bulletin provides headlines and summaries of news that affects internal controls and policies in Canada.

Please forward this Bulletin to your colleagues.

Please send any comments or suggestions about the PolicyPro Bulletin to editor@policypro.ca. For information about the PolicyPro Library, visit www.PolicyPro.ca. For information about First Reference and our HR-related products, visit www.firstreference.com. To read our Terms of Use, Disclaimer, Privacy Policy and other legal matters, visit PolicyPro.ca.

This publication is written for informational purposes only and should NOT be relied upon as legal advice or opinions. The reader should always obtain legal advice from a qualified lawyer or other qualified professional, which will be responsive to the case or circumstance of the individual. Please note that the content provided in this Bulletin or any content contained in or made available through any third party website linked to from this Bulletin, is provided "as is" without representations or warranties of any kind. All representations and warranties in respect of Content or Third Party Content, express or implied, including, without limitation any representations to warranties or conditions regarding accuracy, timeliness, completeness, non-infringement, merchantability or fitness for any particular purpose are hereby disclaimed.

PolicyPro Bulletin ISSN: 1718-5866 Copyright ©2007, First Reference Inc., All Rights Reserved.