Open Digital cites a report dated 16 January which suggests that corporate use of Google cloud services under standard terms violates Norwegian data protection laws. In what it calls a ‘Notice of Decision’ the Inspectorate states that the EU-US Safe Harbor agreement does not adequately guarantee data protection in the face of the US Patriot Act. The Patriot Act gives the US government the right and ability to demand personal data on any person anywhere in the world if that data is held anywhere in the world by a US company – such as Google.

The Decision apparently follows a complaint from an inhabitant of Narvik. Narvik is using Google’s cloud services (specifically its email services), and the inhabitant demanded to know what data protection safeguards were in place. The Inspectorate’s conclusion is that there are insufficient safeguards to comply with Norway’s Personal Data Act 2000.

The Inspectorate’s report points out that the US Patriot Act was enacted after the Safe Harbor agreement was established, and that it “must be considered to be a challenge with regard to protection of privacy, even within the Safe Harbor scheme.” It further concludes that it cannot see “how any data processor outside the [European] Community that does not specify which country the data will be processed can comply with the requirements for adequate protection under § 29 of the Personal Data Act.”

Open Digital points out that Norway is not a full member of the EU, “but as a member of the European Economic Area, complies to all relevant EC directives.” Since the EC tends to fall in line with US wishes, it is unclear whether this ‘Notice of Decision’ will have any serious effect either within Norway or Europe generally. Open Digital “assumes some complex international diplomacy is in play with respect to US-Norway relations, with the US making a fuss about a perceived or actual problem with copyright infringement and Norway making a stand against a perceived or actual problem with overarching anti-terrorist legislation.”

“Effective immediately, we will be bringing our technology, tools, and team to the revenue engineering team at Twitter”, Dasient wrote Monday on its blog.

“By joining Twitter, Dasient will be able to apply its technology and team to the world’s largest real-time information network. As part of this merger, Dasient is winding down its business and is no longer able to accept new customers”, the company wrote.

Dasient will be integrated into Twitter’s “revenue engineering team because they have a deep understanding of advertising-platform security issues,” Rachael Horwitz, a spokesperson for Twitter, told Mashable.com.

In addition to providing security services, Dasient also provides research on malware. At the 2011 Black Hat conference, the firm released research showing that privacy and security threats in mobile applications are on the rise, especially for the Android platform.

After analyzing around 10,000 apps downloaded from the Android Market, Dasient researchers found that 842 of them were leaking personal information. The research also highlighted the fact that drive-by downloads are a major issue for Android users to contend with.

This marks the second information security acquisition by Twitter in three months. In November last year, Twitter acquired Whisper Systems, a provider of encryption technology and the brainchild of hacker and security researcher Moxie Marlinspike.

As a result, it appears that several other cloud locker companies have curbed their sharing ways to avoid similar DOJ entanglements. FileSonic and Fileserve have eliminated file sharing from their service menus, and Uploaded.to is no longer available to those in the US.

Naturally, none of these companies have said that Megaupload’s legal problems are the reason for the changes, but the timing suggests it’s more than mere coincidence.

Disagree? Feel free to speculate about the possibilities in the comments below, and let us know if any other online storage services have made similar moves while you’re at it.

The report is a mine of statistics on the extent and breakdown of online fraud. One of the key and unsurprising conclusions that can be drawn from these statistics is that fraud is too high, and that fraud screening technologies should be better employed. For example, 61% of merchants have a manual review element to their transaction process. Where this exists, even with the existence of the automated fraud screening system, more than one in five transactions are taken out of the system for that manual review.

This transaction element, the payment of physical staff to check individual transactions, is the most expensive part of the whole process. But 75% of the transactions they inspect are subsequently accepted. “To me,” commented Dr. Akif Khan, director of products and services at CyberSource, “that says that merchants should be tuning and optimizing their automated screening. You’re paying for heads to sit there and accept good orders when really the screening rules should be picking them up and passing them straight through anyway.” Improving the screening process would directly and effectively translate to higher profits for the business and better relations with the customer.

Another argument for improved screening is that despite the automated system, and despite the manual review, 1% of all accepted transactions still turns out to be bad. “This is an unacceptably high volume of bad transactions,” said Dr Khan, who, from his own experience believes that most of the bad transactions come from the automated part of the process. “Most merchants would want to see that 1% reduced to less than 0.5%.” He points to the television merchant who might have a 10% margin on each television sold. “If one of those is ‘stolen’, he needs to sell nine more simply to recover his own costs.” And for every 100 televisions sold, he is statistically certain to have at least one stolen.

The solution, says Dr Khan, is to employ an effective but optimised fraud screening technology.

Entitled `The UK Cyber Security Strategy: Protecting and Promoting the UK in a Digital World’ the paper outlines the four main pillars of action it wants the private and public sector to adopt in the run-up to 2015.

Announcing the strategy plan, Francis Maude, the Minister for the Cabinet Office, said the growth of the internet has transformed our everyday lives.

“But with greater openness, interconnection and dependency comes greater vulnerability. The threat to our national security from cyber attacks is real and growing. Organized criminals, terrorists, hostile states, and hacktivists are all seeking to exploit cyber space to their own ends”, he said.

Maude added that, in order to support the implementation of the government’s objectives it has committed new funding of £650m over four years for a transformative National Cyber Security Programme (NCSP) to strengthen the UK’s cyber capabilities.

“One of our key aims is to make the UK one of the most secure places in the world to do business. Currently, around 6 per cent of the UK’s GDP is enabled by the internet and this is set to grow”, he said.

“But with this opportunity comes greater threats. Online crime including intellectual property theft costs the UK economy billions each year. So we must take steps to preserve this growth, by tackling cyber crime and bolstering our defenses, to ensure that confidence in the internet as a way of communicating and transacting remains”, he added.

The four main pillars of the government’s gameplan for cyberspace are:

For the UK to tackle cybercrime and be one of the most secure places in the world to do business in cyberspace.

For the UK to be more resilient to cyber attacks and better able to protect our interests in cyberspace.

For the UK to have helped shape an open, stable and vibrant cyberspace, which the UK public can use safely, and that supports open societies.

And for UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives.

Whilst the strategy plan has 2015 as a target date, the government says it will review various facets of the plan – and amend as appropriate – each year.

Reaction to the strategy plan has been a little critical, with Ash Patel, country manager for UK & Ireland at Stonesoft describing it as encouraging, although he said he is disappointed to see they are not committing to any research to better understand today’s threats in order to help combat them.

“Today’s hackers have more sophisticated attack methods than ever before, and in order to generate the outlook that the UK PLC in cyberspace is secure, which is obviously something the government is trying to achieve, they need to be working to either slow hackers down or working to build solutions which can protect companies against these advanced threats”, he said.

“If we don’t spend any time researching cybercrime, the cybercriminals will always be one step ahead”, he added.

Over at FireEye, Paul Davis, the firm’s director for Europe, said that the announcement that government wants to reach out to the private sector and cooperate on addressing cyber security issues is welcome.

“The exchange of information, leading to greater visibility, is the first step in seriously tackling this growing threat to the UK. Yet it is the lack of real understanding of the threat landscape, how quickly it’s evolving and the growing threat to UK PLC, coupled with actionable data, which is the biggest hurdle in progressing this initiative”, he said.

“There are a number of security professionals and companies both here in the UK and abroad that could make a significant contribution to this initiative. I trust the recognition of this `new’ threat brings with it a new approach in engaging with the industry. A cyber security hub centred on government but encompassing critical national infrastructure and potentially extending across key industries should be, and can be with the right political support, developed quickly”, he added.

David Harley, senior research fellow with ESET, was also mildly critical, noting that the initiative seems to show a real and justified concern about the level of attacks both the public and private sectors are now experiencing.

“However, my gut feeling is that the proportion of targeted attacks to run-of-the-mill untargeted attacks is probably overestimated. I welcome the fact that the government seems to be aware that the nation’s security is not restricted to those organizations formally recognised as part of the Critical National Infrastructure”, he said.

“It’s a good thing, on the whole, that more generalised cybercrime will be getting some attention as well as the more glamorous but very fluffy topic of cyberwarfare, as in practice it’s not always easy to separate the two”, he added.

Now we do have a function in PHP already which is called rmdir() so lets just take a minute and take a look at what this function would look like.

<?php
rmdir('directory_name');
?>

Inside the rmdir brackets between the quotes you would place your directory name of the folder you want to delete. Now this can be very useful if you are storing say images inside a directory for a particular user or some type of product line.

There are a variety of reasons why you would use the rmdir() function, however if a directory has file contents then PHP will not be able to delete the directory and you will get an error message appear.

If you want to know more about ‘functions’ and using them before you carry on then check out my previous articles on PHP Coding Made Easier – Using Functions, PHP Coding Made Easier – Using Variables in Functions otherwise lets carry on.

So we need a way to solve this and today we are going to be creating our own function and this is going to be a ‘recursive function’ which is going to reference itself. I suggest you read up more on recursion so you are familiar with the concept but its not necessary in-order to complete this PHP Snippet.

A good place to start is this site: Fundamentals of Recursion in PHP.

Basically, recursion is something that references itself so hopefully that has saved you about 30mins research time. In this case it will essentially be calling itself to loop through or scan through the directory or a file structure of a particular directory and delete everything within.

If you need to know more about using ‘loops’ in PHP then check out my previous articles by clicking:

PHP Coding Made Easier – Using Loops – A PHP Guide

So this will not just delete a folder with contents it will delete folders with perhaps folders within folders with folders having contents within folders. So the best way explain this is to show you en example. So as it stands this function rmdir() is part of the default PHP Function set.

So first of all on your localhost or remote server you will need to create a directory called ‘vose’ which needs to be in the same place as the file we are going to be working on today. To show you how simple it is to remove a directory create a PHP file called ‘index.php’ and copy the following code into it then upload the file to the same location as your ‘vose’ folder you have created. (Do not put the ‘index.php’ file inside your ‘vose’ folder otherwise it wont work.

<?php
rmdir('vose');
?>

You should see that your newly created ‘vose’ directory has now been removed from your localhost or your remote server. Its that simple to remove a directory but remember that if your directory has any contents within it your PHP rmdir() function will return an error.

Now, lets go ahead and create that directory again on your localhost or remote server called ‘vose’ but this time we are going to create a file inside of it.

So create a ‘text_1.txt’ document inside the folder. You do not need to type anything within the file because we are just going to see what PHP has to say about that file we have now created in our directory.

Now go back to your browser and refresh your ‘index.php’ page and you will see a warning appear on your screen stating that your directory is not empty. You can see that this is a warning message which means it has not actually errored so it will execute the rest of our code if we had some but it will not delete the directory because it does not know what to do with the directories contents.

As you can see this is a bit of a pain when trying to delete directories but we can solve this by creating our own function. This function can be included within say a global function file that you access accross your whole website from each page.

So before we get started in creating our function you will need to create another text file called ‘text_2.txt’ within your ‘vose’ directory, then you can create a sub directory within your ‘vose’ folder called ‘sub_vose’. Now within your sub directory you can create another text file and call this ‘text_3.txt’. You should now have your original directory (vose) with 2 text files inside (1 & 2) then a sub directory (sub_vose) and within that sub directory you should have 1 text file (3). If you want to you can create another sub directory within your ‘sub_vose’ called ‘sub_vose_2′ and create another text file called ‘text_4.txt’ so that we have multiple sub directories and files which will really show our script works.

Essentially we are asking our function to not just delete files within our directory but actually look inside sub directories and delete files within that and also delete the sub directory folder and also the folder we originally accessed. So lets get back toour code and we will start to write this function out.

I am going to call this function ‘vose_remove_directory’ and we start our code like this:

<?php
function vose_remove_directory() {

}
?>

We need to set a parameter which we will call the ‘directory’ and we code this by adding the string variable between the brackets like so:

<?php
function vose_remove_directory($directory) {

}
?>

The first thing we will want to do with our function is to check to see if this is actually a directory and we can do this by creating an if statement inside our function. Which would look like this:

<?php
function vose_remove_directory($directory) {
    if () {

	}
}
?>

Between the if statement brackets we can use the is_dir() function that PHP provides for us and we need to set the parameter to our string variable $directory like so:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory)) {

	}
}
?>

Now outside our function we are going to call this function to use and test it like so:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory)) {

	}
}

vose_remove_directory('vose'); // notice the name of our directory between the brackets
?>

We already have the directory called ‘vose’ so what will happen is our call script we just added will pass our ‘vose’ text (name of directory) in to our string variable $directory and then it will say: is $directory an actual directory. So to see an example of this we need to create the equals statement to check if this is true and if true we can echo the text ‘Directory Exists’ on our screen like so:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   echo 'Directory Exists';
	}
}

vose_remove_directory('vose'); // notice the name of our directory between the brackets
?>

Now if you go back to your browser and fresh your page you should see that the page displays the text ‘Directory Exists’. If it does not then you have not named the directory correctly or you have mistyped your directory name within your PHP code above. Make sure also that your ‘index.php’ file is in the same location as your ‘vose’ directory with all those files and sub directories you created earlier.

If your page does display ‘Directory Exists’ then well done. To test this code you can change the call script at the end to something other than ‘vose’ and you will see that the page does not display ‘Directory Exists’ because it does not. Do it like so:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   echo 'Directory Exists';
	}
}

vose_remove_directory('something_else_here'); // notice name of directory between brackets has changed
?>

Now we no longer need to really echo that text because within our function we can now create the code that will grab the entire contents of our directory for us. So lets go ahead and create a variable called $contents and we are going to use the scandir() function that PHP provides for us; then we set the parameter to $directory again.

For now I am going to return this statement so it will return an array with the contents of our directory. Then I can use the print_r() function which will provide me with the array data that our is_dir() has provided. We do this like so:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   return $contents = scandir($directory);
	}
}

print_r(vose_remove_directory('vose')); // notice name directory has changed back!
?>

Ok, now fire up your browser and click refresh to see what we have. You should see an array lke so:

Array ( [0]=>.[1]=>..[2]=>text_1.txt[3]=>text_2.txt[4]=>sub_vose )

Great, we now have our array. The first (0) is a dot and then a double dot (1) which is just basically part of the directory structure. Then we have ‘text_1.txt’, ‘text_2.txt’ and ‘sub_vose’ and this is now where we need to start thinking about recursion because if we come across a folder we would want to go and delete this folder as well and therefor we are going to have to go inside that folder and do the same process over again. If this does not seem clear at the moment to you then do not worry as it will start to become clear the further on into the code we get.

Remember this is not a particularly long function so it is not a difficult thing to code. So lets get back to our code and unset the first two results in our variable called ‘.’ and ‘..’ because they are just part of the directory structure. First, get rid of the return function at the beginning of our $contents variable. Next we want to use the unset for our $contents variable to say $contents[0] which is the first result in our array and $contents[1] which is our second result in our array. This tells PHP to ignore those first two results of our array as we do not want to do anything with those. Unset can have multiple parameters as you can see because we have used two in our current code.

Now we need to go ahead and return our $contents variable and we do this like so:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   $contents = scandir($directory);
	   unset($contents[0], $contents[1]);
	   return $contents;
	}
}

print_r(vose_remove_directory('vose'));
?>

If you now go back to your browser and refresh you will see that the first two results have been removed from the array as printed on your screen using our print_r() function. So now we are only working with our files and folders.

Ok, so now what we want to do is loop through the contents if the directory and base a decision on whether we want to first of all delete something, whether its a file or not because if its just a file we want to delete it and we can use the unlink() function to just do that. If the current object is however a directory(sub) we would need to apply the entire process over again to delete everything within it and the sub directory itself.

In order to accomplish this I am going to use a ‘foreach loop’ like so:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   $contents = scandir($directory);
	   unset($contents[0], $contents[1]);

	   foreach() {

	   }

	}
}

print_r(vose_remove_directory('vose'));
?>

We now set the parameters of this foreach loop to $content as $object which will basically make each file and folder within our directory an $object. Then we will want to create a variable inside of this to represent the current object. We want to do that by taking the current directory we are in followed by forward slash followed by the object itself. Take a look:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   $contents = scandir($directory);
	   unset($contents[0], $contents[1]);

	   foreach($contents as $object) {
	      $current_object = $directory.'/'.$object;
	   }

	}
}

print_r(vose_remove_directory('vose'));
?>

Now what I am going to do is just echo that line out and then append on a break at the end and this is going to just give me and idea as I am going along how everything is looking. So we do not need the print_r() function anymore because we are already going to output something using the echo statement like so:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   $contents = scandir($directory);
	   unset($contents[0], $contents[1]);

	   foreach($contents as $object) {
	      echo $current_object = $directory.'/'.$object, '<br />';
	   }

	}
}

vose_remove_directory('vose');
?>

When you refresh your page you will see a list of your files and sub directories with the original directory name at the beginning like so:

vose/text_1.txt
vose/text_2.txt
vose/sub_vose

So now we have actually got the real location of this we can go ahead and start to either delete or apply some recursion and apply this function again. Ok, what we want to do is check the current file type of this $object is a directory. Again we are going to use an if statement to process this and we want to say ‘if the filetype of the $current_object is equal to our $directory‘ then delete the directory we are currently in.

Just as a sidestep I can going to code in something here so you can see the file types in your list because its always best to do these things so you know what I am referring to so take a look at this:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   $contents = scandir($directory);
	   unset($contents[0], $contents[1]);

	   foreach($contents as $object) {
	      $current_object = $directory.'/'.$object; // notice change in code
		  echo filetype($current_object), '<br />';
	   }

	}
}

vose_remove_directory('vose');
?>

Notice the echo statement line which is going to print on screen the file types for example of the contents of our directory like so:

file
file
dir

As you can see we have our two files and our sub directory within our folder. Now we need to create our if statement and we say ‘if filetype of the $current_object is equal to $directory‘ we will need to call the function again and apply that to the current $object. So if its a file we can delete it using our else statement using our unlink() function for our $current_object.

So if the filetype is actually a directory at this stage then we need to apply this entire process again and delete the files within that sub directory and then delete the sub directory itself. Otherwise we would just need to delete unlink() the $current_object like we have done with our else statement. All we need to do is call our function again here for our $current_object and its as simple as that. Take a look:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   $contents = scandir($directory);
	   unset($contents[0], $contents[1]);

	   foreach($contents as $object) {
	      $current_object = $directory.'/'.$object;
		  if (filetype($current_object) === $directory) {
		     vose_remove_directory($current_object); // called function again here
		  } else {
		     unlink($current_object);
			 }
	   }

	}
}

vose_remove_directory('vose');
?>

We do have one more line to add which is extremely important but for now as long as you understand how looping through an array of files and creating a recursive function the thats great. So now what we need to do once we have finished with the last sub directory we want to remove the original directory we first accessed like so:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   $contents = scandir($directory);
	   unset($contents[0], $contents[1]);

	   foreach($contents as $object) {
	      $current_object = $directory.'/'.$object;
		  if (filetype($current_object) === 'dir') {
		     vose_remove_directory($current_object); // called function again here
		  } else {
		     unlink($current_object);
			 }
	   }
	   rmdir($directory);
	}
}

vose_remove_directory('vose');
?>

So now we can actually go ahead and test this. I want you to create a folder (directory) called ‘vose_empty’ where you have placed your ‘vose’ directory and your ‘index.php’ file. Change the bottom line of the code to this:

vose_remove_directory('vose_empty');
?>

Then scoot back to your browser and refresh the page. You will see that your newly created ‘vose_empty’ directory has now been removed. Now you can change it back to your ‘vose’ folder name like so:

vose_remove_directory('vose');
?>

Now the code should erase everything in your ‘vose’ folder including our files and sub directories with files and sub directories within them. So when you have changed the code back like above you can go ahead and hit refresh in your browser and you will see by checking your file structure that your ‘vose’ folder has been removed with everything that was inside it.

As you can see this is a very useful function to be able to write although I know understanding the recursion can be quite tricky at times but as long as you can get your head around the fact that we are just basically going down the structure (or the tree) of our files and directories then we are applying the same function to remove sub directories and all its contents.

So my advise would be to just go ahead and place this whole function within a global file that all your website pages can call upon and use this fantastic function anytime you want. So the function at the end looks like this:

<?php
function vose_remove_directory($directory) {
    if (is_dir($directory) === true) {
	   $contents = scandir($directory);
	   unset($contents[0], $contents[1]);

	   foreach($contents as $object) {
	      $current_object = $directory.'/'.$object;
		  if (filetype($current_object) === 'dir') {
		     vose_remove_directory($current_object); // called function again here
		  } else {
		     unlink($current_object);
			 }
	   }
	   rmdir($directory);
	}
}
?>

And we call our function into play using the following code:

<?php
vose_remove_directory('vose');
?>

You can always set your ‘vose’ directory name as a variable don’t forget so you can have your code run dynamically on say such things as folders named after users which no longer exist or products which you no longer sell.

I hope you have enjoyed my ‘Remove Directory Function PHP Snippet’ and if you have any comments please feel free to leave them below.

These are the findings of accountancy firm BDO’s annual FraudTrack report. It highlights the five primary types of fraud that account for more than 85% of the total: tax fraud (rising to 36%), supplier/customer fraud (rising to 30%), employee fraud (down to 10%), corruption (rising to 4%), and management fraud (down to 5.5%).

Simon Bevan, head of fraud at BDO LLP, believes that a number of factors are at work. The dramatic overall increase might be partly explained by greater focus on the bottom line during a time of economic difficulty. Quite simply, more fraud is being discovered because it is being looked for. Conversely, reported management fraud has dropped because “whistleblowers tend to keep their heads down at times of high unemployment.”

Less easy to explain is the rise in corruption given the UK’s new Bribery Act.

However, fraud will continue to rise thinks Imam Hoque, the managing director of financial crime detection company Detica NetReveal, because it “is becoming the crime of choice for many organized criminals.” It can be conducted from outside of the country (making prosecution difficult), it involves less risk than other crimes (such as drug trafficking), and avoids the challenges of large scale money laundering.

Hoque is seeing a growing interest in products like NetReveal that provide sophisticated network analytics able to identify suspicious behavior and any evidence of organized criminality. “One of the key reasons for this demand,” he says, “is that with relatively small expenditure, firms can cut down the amount of money lost through fraud.”

“Defendant failed to adopt and maintain adequate procedures to protect [personal] information and limit its dissemination only for permissible purposes set forth in the FCRA [Fair Credit Reporting Act]. Defendant’s wrongful actions and/or inaction also constitute common law invasion of privacy by the public disclosure of private facts and common law negligence”, the complaint alleged.

The complaint argued that Stevens and other Zappos’ customers should be compensated for the expenses related to the breach, including “actual damages, economic damages, mental anguish damages, statutory damages and/or nominal damages, exemplary damages, injunctive relief, and attorneys’ fees, litigation expenses and costs.”

In an interview with Infosecurity, Joe Magee, chief technology officer (CTO) with security threat intelligence firm Vigilant, noted that while the hackers did not gain access to the full credit card numbers of Zappos’ customers, they stole enough information to launch phishing attacks that could lead to further compromises. “The biggest risk – if we are talking about addresses, email addresses, phone numbers – is general spam-oriented malware, such as phishing, drive-by downloads, that sort of thing”, he said.

Magee explained that the Zappos’ breach highlights security issues that many companies face. First of all, checking data security compliance boxes does not always ensure security. “Compliance isn’t security….Usual the compliance bar is pretty low compared to mitigating risk, such as securing the data layer, application layer, and network layer”, he said.

In addition, the Vigilant CTO recommended that companies use better encryption across the board. “That would have prevented this information from going out into the wild”, he said.

Magee also recommended that companies encourage customers and employees to use different passwords for their various accounts, such as Facebook, Gmail, or bank accounts.

“Many people use the same username and password for a large majority of their personal information. When a breach like this occurs, fraudsters, will launch access campaigns to try their username or email address and password against a number of popular sites to see if that have a cross referenced match”, he said.

According to Reuters, offending firms could be fined at rates of up to two percent of their yearly turnover. The laws, designed to overhaul the 1995 Data Protection Directive, will also make it easier for users to access their data, giving them the power to demand that their personal information be deleted, as long as there are no “legitimate reasons” for a company to store it. Companies, meanwhile, will be required to inform authorities of a data breach as soon as possible, “if feasible, within 24 hours.”

Though the rules have raised some concerns among web companies, EC privacy commissioner Viviane Reding wasted no time in heralding them as the foundation of a safer and more prosperous digital environment. “The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data,” Reding explained. “A strong, clear and uniform legal framework at EU level will help to unleash the potential of the digital single market and foster economic growth, innovation and job creation.” If approved by the European Parliament and all EU member states, the laws would probably go into effect toward the end of 2013.

“Security is our top most priority, we’re investigating this at the moment & will come back with more info as soon as we can.”

The Next Web confirmed that Orange, T-Mobile and Vodafone numbers are unaffected by the issue, but GiffGaff and Tesco Mobile (both MVNOs that operate on the same network) do. TNW’s sources say it’s most likely an internal testing setup, while Mr. Peckover suggests it’s because the network transparently proxies HTTP traffic, using the number as a UID.

Update: Most information technology companies received confirmation from O2, who said that it was “investigating with internal teams and it’s our top priority.” Slashgear and Think Broadband were unable to replicate the problem, but in my tests (pictured) it was sharing my data with the site. To test your own device visit Lewis Peckover via your mobile.