18-03-2008, 00:18
|
#1346
|
|
Inactive
Join Date: Jan 2006
Posts: 3,270
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by SMHarman
So, I read the EY report properly this morning. Some thoughts... - it is performed by EY, LLP 5 Times Sq, in NY, not EY, LLP the UK entity, why? Both have sufficient expertise
- it is performed to AICPA standards, not ICAEW standards
- it is addressed to Phorm inc, 264 W 40th NY, NY. Not Phorm plc 222 Regent St.
- the process as described talks about opt out mechanisms. If this becomes an opt in process as TT are discussing then one of the key aspects has significantly changed (for the better IMHO) but how does that change the security process as auditited.
- the wording of the management control descriptions is interesting. Phorms systems do not use or store. Rather than phorms systems cannot use and store.
- it goes on to say this specific data cannot be accessed by our ISP partners. So our ISP partners are allowing hardware to be injected into their networks on their premises that scans data packets and they cannot see what this hardware is doing!
- Page 4 we have created a privacy policy - well it is easy to create a policy, less easy to stick to it.
- Page 6 Para 6 is it not an inconsistency that the doc says 'for example phorm may tell a merchant that our network contains 50,000 users who have visited a travel website URL in the past six months, but cannot disclose which randomly generated IDs have visited that URL because the information is not stored' yet they say on Page 5 Para 3 (end of) Phorm Service will retain only information about general categories of interest associated with an ID such as IDnnn is interested in travel [to paraphrase]'
- Again Page 5 Para 5 the bullet points Phorm does not collect, not cannot collect or will not collect.
- Page 7 Para 2 For a US report issued by a US firm to a US recipent why is the data protection officer located in the UK?
- Page 7 Para 7 nice clause about export of data to other countries there. 'if you use your computer and usual browser in a country other than your home country to log on to the internet via one of our partner ISPs in that other country, the data Phorm holds in its systems that is associated with that cookie may be automatically transferred to Phorm's systems in that other country.'
- Pages 8 - 13 is a nice piece of padding, basically the AICPA template for creation of a privacy policy. So if you get the Phorm privacy policy it should map nicely to this template.
Page 7 Para 7 nice clause about export of data to other countries there. 'if you use your computer and usual browser in a country other than your home country to log on to the internet via one of our partner ISPs in that other country, the data Phorm holds in its systems that is associated with that cookie may be automatically transferred to Phorm's systems in that other country.'
Gives another scenareo, you take your laptop usually connected to TTs firewalled implementation of Phorm around to your mates for some gaming or whatever and log on to his internet connection which is with VM, now your cookie from Phorm and your data will pass to the phorm harvester. Great.
I don't know where I read it, but someone wrote a great thing about giving data and the benefits of giving. Well I don't need anti-phishing I use IE7 and that has it built in and enabled by default, though the install clearly asks if you want to switch it off as you will be passing data to Microsoft.
I don't mind giving google my data as they give me fantastic search results in return. If they were mediocre results like MS Live then I woudl not be using them. There is a reason Google is the No.1 search engine. |
time to remind people about your Page 7 Para 7 part of the post 
|
|
|