Monday 21 May 2012

Confidentiality Charter - The NHTCU working with business

The National Hi-Tech Crime Unit (NHTCU) has a Confidentiality Charter, the main part of which is reproduced below

Introduction
This charter is designed to help business understand how it can interact with the National Hi-Tech Crime Unit (NHTCU) in a secure, efficient and confidential manner when it wishes to exchange information, report hi-tech crime, or simply seek advice.

Mission Statement
To combat national and transnational serious and organised hi-tech crime within, or which impacts upon, the United Kingdom.

The accurate and timely reporting of hi-tech crime and intelligence is of paramount importance.

Success against serious and organised hi-tech criminality can only be achieved through a strategy of collaboration and co-operation between the business community and the NHTCU.

Vision
Through sustained leadership and focus nationally and internationally, define, discharge and demonstrate world-class standards in the fight against organised hi-tech crime.

It is for this reason that the NHTCU has launched this Confidentiality Charter.

In doing so, we hope that it will provide reassurance that business can report suspicious hi-tech activity and attacks without fear of causing unwelcome interruption to their business continuity.

This Charter is underpinned by our Confidentiality Policy, which provides a framework within which business and the NHTCU can work together to meet a common goal - creating a safer digital environment for the benefit of all, who have the fundamental right to conduct their business and social activity in a lawful manner.

The full policy document is available by contacting the NHTCU at the address shown at the end of this document.

Values
The National Hi-Tech Crime Unit (NHTCU) values;

• The development of a cohesive and robust workforce, which is committed to the highest ethical and professional standards.
  
  
• The use of innovative methods to bring to justice or disrupt those responsible for serious and organised hi-tech crime.
  
  
• The opportunity to work in partnership with other law enforcement agencies, industry and the public in the prevention and detection of serious and organised hi-tech crime.
  
  
• The delivery of measured and coordinated services that demonstrate value for money and continuous improvement.

Working with the NHTCU
Interaction with business which promotes a cross-flow and exchange of information is vital if the NHTCU and the business community it serves are to create a safe and lawful digital world in which to engage in legitimate trade.

The business community will gain from closer involvement with the NHTCU. In a climate of trust and security, the exchange of intelligence will help industry and the Unit more effectively understand and combat hi-tech criminal activity.

For the purposes of this Charter, hi-tech crime means a range of criminal activity committed within the electronic and networked environment and includes:

• Attacks from viruses and trojans
  
• Denial of service
  
• Unauthorised access
  
• Web site and email spoofing
  
• Fraud
  
• Extortion
  
• Unlawful interference with company data

The NHTCU has through its Outreach Programme consulted widely with industry and commissioned an NOP survey focusing on the needs and concerns of business in relation to hi?tech crime.

The results of this process have shaped our Confidentiality Policy and this Charter.

Industry Helpline
+44 (0) 870 241 0549
Monday to Friday, 8am to 6.30pm or outside these hours speak to the NHTCU duty manager via the number above.

The Unit has also taken a number of steps to facilitate and encourage more effective joint working with business.

For example, we have established a dedicated point of contact through which industry representatives can talk to experienced and technically competent staff who will ensure that any reports or questions relating to hi-tech crime are handled directly and expeditiously.

The Early Consultation Process
We understand the need for an immediate and confidential consultation process. Initial contact can be by telephone, email or a face-to-face appointment.

It is essential to establish whether information is to be treated as intelligence or as evidence, as this will govern the way in which it is handled.

The early consultation process is designed to promote a mutual appreciation of the issues relating to intelligence management and investigation.

We will begin this consultation process by meeting with key staff who are authorised by the company to liaise with the Unit.

During this initial consultation, we will seek to discuss the following:

• The profile of the industry partner and its assessment of potential damage to reputation and brand name.
  
  
• The extent of any internal investigation to date.
  
  
• Desired and agreed control mechanisms for the on-going investigative process.
  
  
• The extent of the existing knowledge loop and reaching an agreement relating to the control of information for dissemination.
  
  
• The likely disruption and cost to core business from the investigative process and agreement on processes to minimise these effects.
  
  
• The financial implications associated with the revelation of intellectual property and other commercially sensitive information to third parties, which is held by the Industry partner; and which is likely to be vulnerable to disclosure by the investigative process.
  
  
• Measures agreed with the Industry partner to prevent disclosure of intellectual property and other commercially sensitive information.
  
  
• A statement of commitment and competence from the NHTCU to undertake operational, tactical or strategic activity as a result of the preliminary consultation.
  
  
• Any other matter raised by the industry partner.

The Business Community’s Contribution
The information that will contribute most effectively to combating hi-tech crime includes:

• Specific details of hi-tech crime that either require investigation or which can be analysed by the NHTCU for intelligence purposes.
  
  
• Information that might lead to the identification of hi-tech crime being committed.
  
  
• Information that might lead to the identification of hi-tech criminals.
  
  
• General details of attacks and vulnerabilities (in relation to technology, policy and procedures) including the criminal adaptation of technology.
  
  
• Information relating to the impact of hi-tech crime generally or a particular facet of it.

Reporting for Intelligence Purposes
The key aspects which will govern the way in which we work together on an ’intelligence only’ basis are:

• First and foremost, all exchanges of information will be treated confidentially.
  
  
• Subsequently, when appropriate, we will agree with the company concerned, what information must remain confidential between us and what, if any, may be sanitised and disseminated for the benefit of industry in general.
  
  
• We will protect the source of information in accordance with our well-tried and proven source handling processes.
  
  
• We will distribute regular and timely business intelligence bulletins to inform industry of the latest trends and threats from hi-tech crime.

Reporting for Investigative Purposes
The key aspects which will govern the way we work together on an investigation are:

• We will actively support business risk assessment processes so that we understand the commercial impact and business sensitivities of any hi-tech attack.
  
  
• We will engage with the industry source and any affected third party before acting upon and disseminating information which has been provided.
  
  
• We will be sympathetic to the needs and priorities of business and, wherever possible, carry out enquiries in a way which will minimise disruption to the company concerned.

Summary
Legislation places specific requirements on law enforcement agencies engaged in the investigative process.

Whilst the NHTCU must comply with these, it is able to adopt measures which will minimise the risk that commercially sensitive information might reach the public domain.

Furthermore, it will always uphold fundamental human rights in accordance with the Human Rights Act and the EU Convention on Human Rights, including, but not limited to:

• The right to life
  
• The right to respect for private life
  
• The right to a fair trial

In addition, the NHTCU will ensure that the information flow is a two way process.

In particular, it is the express aim of the NHTCU to:

• Support Industry with an authoritative, comprehensive and timely strategic intelligence assessment of hi-tech crime
  
  
• Provide commentary upon, aggregate and analyse business intelligence
  
  
• Provide the conduit for sharing good practice advice
  
  
• Lead or support investigation into hi-tech criminality with the cooperation and collaboration of Industry and its other strategic partners

To meet this objective, it is essential that commercial organisations in the UK and elsewhere who are targeted by hi-tech criminals, are given the assurance that they can report such attacks without fear of adversely affecting their business.

We hope that this Confidentiality Charter will help to foster a new era of closer working between law enforcement and the business community it serves.

Further information
Contacting the NHTCU:

NHTCU
PO Box 10101
London E14 9NF

Tel.: +44 (0) 870 241 0549
Fax: +44 (0) 870 241 5729
Email: admin@nhtcu.org

web site at www.nhtcu.org

---

To find a business you can trust, click on the related categories below:

IT Support by Trusted IT

• Buildings / Estates & Facilities / Housing
• Central Government
• Charities / World Events / Voluntary Sector
• E-Government
• Education
• Environment, Regeneration & Sustainability
• EU
• Financial
• General Life
• Health / Community Care
• Health & Safety / Risk Management
• HR / Recruitment / Unions
• Industry News
• IT / Communications / Internet
• Legal & Consumer Affairs
• Local Government
• Procurement
• Transport