Infosecurity

| Thursday, 23 March, 2006

As I told earlier on, I went to Infosecurity yesterday. The fair to find everything you need to fix the flaws in Windows.

It was bigger than previous years. Exhibitors seemed to have more money than before: bigger, noisyer, flashyer. Several of them even had budget for actors, clowns, and other people to convince you to let them scan your badge and win your next usb key. Well, the good news is, IT is definitely back in business since the last bubble.

Where in previous years, hot topics were consecutively firewalls, anti-virus, spam and spyware, this year we got treated with more storage and backup solutions on one hand, and on the other hand a focus on legal aspects of IT security with several talks organized. I also noticed this evolution elsewhere, in the last couple of weeks. Luc Beirens of FCCU fame (fccu.be I guess) gets a fair portion of interviews lately. Websites about intellectual property problems within companies get in the news.

Some points to remember:

    Do not underestimate you liability to take appropriate actions to preserve the privacy of people of whom you keep data.
    About employee monitoring: people have a general right to privacy, which is constitutional in Belgium en endorsed by the European Human Rights Act. On the other hand, an employer also has some form of authority over the employee. Between both, few is really regulated. Collective labour Agreement (CAO) 81 gives most benefits to the employee. As an employer, the best thing to do is to regulate things through Labour Agreements, and an e-policy.
    It doesn’t matter if servers are abroad. The place of the activity determines if Belgian laws apply.
    Don’t forget to check agreements you have with you suppliers. You have some programmer outsourced? Don’t be sure you get the copyright on what he writes just because you pay him. Also think non-disclosure agreements, ESCROW, SLA, … Ooops, Enterprisiness Alert. No, really.

I particularly enjoyed Jan Leysen‘s talk, who gave a good overview of Belgian IT laws. You can review one of them here (Dutch). IANAL, and I didn’t find the interpretation myself – but this laws says, amongst other things, that as a user of software, you have the right to reverse engineer the software you are entitled to use, if this is necessary to provide compatibility with other pieces of software you want to interact with. Even if the license agreement says you can’t. Eat that, USA 🙂