Data Broker Exploits Weak Policies and Procedures

An investigation by the Office of the Privacy Commissioner of Canada recently found that human error and weaknesses in the policies and procedures of three telecommunications companies allowed a data broker to gain unauthorized access to personal phone records.

The investigation was prompted by a magazine article alleging the magazine had been able to purchase the telephone records of the Privacy Commissioner Jennifer Stoddart and one its senior editors from a U.S.-based data broker.

The investigation found that Locatecell.com used “social engineering” to trick phone company customer service representatives into divulging confidential information by “pretexting,” or pretending to be someone authorized to obtain the information.

For more information on the investigation, click here.

Expert advice and ready-to-use Customer Service Management and Sales and Technical Support policies can be found in Chapter 7 of Operations and Marketing PolicyPro (OMPP). For more information about OMPP, click here.

<< Top of Page

We first discussed At Risk magazine last year, in Volume 1, Issue 3. At Risk is published by KPMG Forensic, part of KPMG’s Advisory Services.

Now there’s a new issue, Spring 2007, which contains several very interesting articles, including:

1. Contract Compliance: You Can’t Judge a Contract by Its Cheque
2. Administering Class-Action Settlements: More Than Just Sending Out the Cheques
3. Sarbanes-Oxley: Has the Act Improved Fraud Prevention and Detection? (Part II)

For a copy of the Spring 2007 issue, click here.

<< Top of Page

It’s time to upgrade your mental list of abbreviations and acronyms (again). A year or two ago, PII stood for the Pentium II processor. Now it means Personally Identifiable Information, any information that may be used to identify an individual.

When you walk out the door with PII on your electronic devices, you leave the protection of any IT security infrastructure provided by your employer. Because thousands of mobile devices – including laptops, PDAs and USB keys – go missing every year, and because identity thieves are on the lookout for PII or business data, you need to establish policies and procedures that manage the risks to your employees and your organization.

The Office of the Privacy Commissioner of Ontario has recently published a very handy, 8-page brochure Safeguarding Privacy in a Mobile Workplace that provides practical advice about the steps you should take before you leave the office and when working at another location. For a link to the brochure download page, click here.

Information Technology PolicyPro is the easy way to create ready-to-use IT policies and procedures. For more information, click here.

<< Top of Page

We last reported on the progress of the national do not call list in Volume 1, Issue 3 of the PolicyPro Bulletin.

At that time, Bill C-37, the Act that created the list, came into force. This time around, the story is that the CRTC – which has the authority under the Act to establish the list, establish procedures to administer it, and levy penalties for contraventions – has (as of July 3rd) announced that it will issue a Request for Proposals to interested suppliers.

The length of time taken to get this far, and the number of exceptions in the legislation have led some pundits to refer to the project as the “Do Not Hesitate to Call List.” For a succinct history of the list, and links to related government and industry sites, as well as other articles, check Wikipedia at www.wikipedia.org/wiki/Canadian_Do_Not_Call_List.

Chapter 6 – Sales and Marketing in Operations and Marketing PolicyPro contains policies and procedures that cover sales training, marketing execution and follow up. For more information about OMPP, click here.

<< Top of Page

Following Fundamentals Detects Fraud

In this article from KnowledgeLeader.com, authors Kyle Furtis and Eileen Galager of Protiviti use a case study of an equipment leasing company that was defrauded by its senior executives to discuss the basic audit steps that could – and should – have been taken to detect the scam.

For a link to the article, click here.

<< Top of Page

Are you thinking of doing business in another country? Before you decide, you might want to take a look at the Worldwide Governance Indicators project. The project, under the aegis of the World Bank, reports aggregate and individual governance indicators for 212 countries over the period 1996-2006 for six dimensions of governance:

• Voice and Accountability
• Political Stability and Absence of Violence
• Government Effectiveness
• Regulatory Quality
• Rule of Law
• Control of Corruption

It’s easy to use the project's online reporting tool. Simply click here and follow the instructions on the page.

<< Top of Page

About the PolicyPro Bulletin

Editor: Colin Braithwaite, Managing Editor – PolicyPro.

Please do not reply to this Email.

PolicyPro Bulletin is a complimentary service published by First Reference Inc. and is sent to you monthly. Each issue of the PolicyPro Bulletin provides headlines and summaries of news that affects internal controls and policies in Canada.

Please forward this Bulletin to your colleagues.

Please send any comments or suggestions about the PolicyPro Bulletin to editor@policypro.ca. For information about the PolicyPro Library, visit www.PolicyPro.ca. For information about First Reference and our HR-related products, visit www.firstreference.com. To read our Terms of Use, Disclaimer, Privacy Policy and other legal matters, visit PolicyPro.ca.

This publication is written for informational purposes only and should NOT be relied upon as legal advice or opinions. The reader should always obtain legal advice from a qualified lawyer or other qualified professional, which will be responsive to the case or circumstance of the individual. Please note that the content provided in this Bulletin or any content contained in or made available through any third party website linked to from this Bulletin, is provided "as is" without representations or warranties of any kind. All representations and warranties in respect of Content or Third Party Content, express or implied, including, without limitation any representations to warranties or conditions regarding accuracy, timeliness, completeness, non-infringement, merchantability or fitness for any particular purpose are hereby disclaimed.

PolicyPro Bulletin ISSN: 1718-5866 Copyright ©2007, First Reference Inc., All Rights Reserved.