CRACKS IN DIGITAL DEFENSE: A STUDY ON PASSWORD SECURITY AWARENESS AND BEHAVIOR IN COLLEGE STUDENTS

Problem setting. In order to build an innovative society, it is necessary to develop legal norms and regulators aimed at protecting privacy and controlling personal data. In addition, the need to ensure effective and reliable protection of personal data in the conditions of rapid technological development, globalization and the growing threat of cybercrime is becoming more urgent. The need for the development of legal norms, the introduction of innovative technologies and the raising of public awareness become important tasks for ensuring privacy and protection of personal data. The study also aims to identify and analyze the main challenges facing the field of personal data protection, such as cybercrime, hacker attacks, globalization and cross borders. Legal norms and regulations aimed at protecting privacy are also analyzed, as well as the potential opportunities of new technologies that can increase the level of protection of personal data. Аnalysis of recent researches and publications. The problems of legal protection of personal data have recently become the subject of research by an increasing number of scientists, both lawyers and representatives of other fields of knowledge. In particular, such scientists as: S. Hlibko, T. Egorova-Lutchenko, K. Yefremova, O. Korvat, V. Kokhan, M. Haustova devote their attention to the study of these issues. etc. Purpose of the research is to develop possible ways of legal protection of personal data in view of today’s challenges related to this issue. The article aims to consider the development of technologies and the growth of the volume of personal data as the main factors affecting the need for effective protection of privacy and security of this data. The article is aimed at expanding the understanding of the problem and providing recommendations for improving the protection of privacy and security of personal data in the future. article’s main body. According to the preamble to the Agreement between Ukraine and the European Union on the participation of Ukraine in the European Union program “Digital Europe” (2021-2027), the important supporting role of digital infrastructure, including in the field of cyber security, is recognized to ensure inextricably linked transformation processes and digital leadership of the European Union. The purpose of concluding the Agreement is to establish mutually beneficial cooperation in order to strengthen and support the deployment of reliable and secure digital capabilities in the Union in the field, including cyber security. It is recognized that mutual participation in each other’s programs for the implementation of digital technologies should ensure mutual benefits for the Parties, while observing a high level of data protection, digital rights, etc. In accordance with paragraph 12 of Article 2 of Annex III to the Agreement, the exchange of information between the European Commission or OLAF and the competent state authorities of Ukraine must take place with due consideration of confidentiality requirements. Personal data included in the exchange of information must be transferred in accordance with the current legal norms on data protection of the Party making the transfer. According to paragraph 49 of the preamble of Regulation (EU) 2021/694 of the European Parliament and of the Council of April 29, 2021 on the establishment of the Digital Europe Program, digital transformation should allow citizens to access, use and securely manage their personal data across borders, regardless of their location or data location. According to point 60 of the preamble, by providing a single set of rules that are directly applicable in the legal systems of the Member States, Regulation (EU) 2016/679 guarantees the free flow of personal data between Member States and strengthens the trust and security of individuals, two indispensable elements of a true Digital Single Market . All actions taken within the framework of the Program, which involve the processing of personal data, must contribute to the smooth implementation of this Regulation, for example, in the field of artificial intelligence and distributed ledger technologies (for example, blockchain). These actions should support the development of digital technologies that meet data protection obligations both by design and by default. In addition, according to paragraph 69 of the preamble, this Regulation respects fundamental rights and adheres to the principles recognized in the Charter of Fundamental Rights of the European Union, in particular regarding the protection of personal data, etc. In the Charter of Fundamental Rights of the European Union (2016/C 202/02) dated June 7, 2016, Chapter II “Freedoms” contains Article 8, which is entitled “Protection of personal data”, according to which it is assumed that everyone has the right to the protection of personal data data concerning him. Such data must be processed fairly for specific purposes and on the basis of the consent of the person concerned or on another legal basis established by law. Everyone has the right to access the data that has been collected about him and the right to correct it. Compliance with these rules is subject to control by an independent body. In addition, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data establishes rules relating to the protection of natural persons with regard to the processing of personal data, as well as rules, relating to the free movement of personal data, and protects the fundamental rights and freedoms of natural persons and, in particular, their right to protection of personal data. Today in Ukraine, the main legislative act in this area is the Law of June 1, 2010 No. 2997-VI “On the Protection of Personal Data”. Article 11 of the Law of Ukraine “On Information” specifies what information about a natural person (personal data) is. In turn, the legal and organizational bases for ensuring the protection of the vital interests of a person and citizen, society and the state, national interests of Ukraine in cyberspace, the main goals, directions and principles of state policy in the field of cyber security, the powers of state bodies, enterprises, institutions, organizations, individuals and citizens in this area, the basic principles of coordination of their cyber security activities are defined in the Law of Ukraine “On Basic Principles of Cyber Security of Ukraine”. In addition, relations in the field of information protection in information, electronic communication and information and communication systems are regulated by the Law of Ukraine “On the Protection of Information in Information and Communication Systems”. In turn, the Concept of the development of e-governance in Ukraine, as well as the Law of Ukraine “On the National Informatization Program” defines e-governance. In addition, in 2021, the Law of Ukraine “On Public Electronic Registers” was adopted, which defines the State electronic platform for maintaining public electronic registers. On April 18, 2023, by a resolution of the Cabinet of Ministers of Ukraine, the Regulation on the information system “Software platform for the deployment and support of state electronic registers” was approved, as well as the Procedure for using the software “Software platform for the deployment and support of state electronic registers”. conclusions and prospects for the development. The protection of digital personal data requires the development of appropriate technical and regulatory tools, as well as judicial practice of prosecution for violations of the order of their use. It is possible to create a database or registry for private electronic/digital platforms, with the help of which or which would control their activities, including regarding the protection of personal data. At the same time, at the regulatory and legal level, it is necessary to provide that a mandatory condition for the creation and functioning of an Internet platform is its registration in such a database / such a register, and a mandatory condition for registration is confirmation of technical capabilities to ensure the protection of personal data of platform users. It is necessary to define at the regulatory level the list and mechanisms of acquisition of digital rights, their implementation, protection, compensation and responsibility for their violation. The protection of personal data should be considered one of the digital rights of a person and a citizen. The development of digitalization in a legal state must inevitably be accompanied by the development of the legal framework, in particular, the emergence, consolidation, definition and protection of digital rights of individuals and legal entities. Digital rights are a multifaceted category, they become connected and interwoven with other rights defined and established in the norms of different branches of law. The multifaceted nature of the “digital rights” category implies the separation and delimitation of various categories of digital rights, their distribution into appropriate types, for example, “personal digital rights”, “financial digital rights”, etc. It should be quite natural to form a separate element in the general system of law, such as digital law, as a set of legal norms regulating social relations related to the circulation of (including personal) data in digital networks.

The purpose of the study is to examine how cybersecurity knowledge, password security, and self-perception of skill affect cybersecurity awareness issues via the mediating lens of cybersecurity attitude among university students in Bangladesh. A sample of 430 university students from two public and three private universities provided the data in Dhaka, Bangladesh. An approach known as stratified random sampling was used in this cross-sectional study. The positivist approach was used, and a hypothetical statistical induction technique was used. The research constructs, which were adopted from earlier studies, were measured using scales that had undergone validation. Smart PLS-SEM 3.3.9 was used to quantitatively analyze the data. The results indicated a positive and significant association between cybersecurity knowledge and password security with cybersecurity awareness. No conventional association was found between self-perception of skills and cybersecurity awareness. Moreover, the data analysis confirmed that cybersecurity attitudemediates the relationship between cybersecurity knowledge, password security and self-perception of skills with cybersecurity awareness. This study implies that more effort needs to be put into informing the general people likely students about cybersecurity and ethical internet use. Furthermore, the main contribution of this study is to emphasize the need of raising cybersecurity awareness among students.

One of the essential stages in increasing cyber security is implementing an effective security awareness program. This work studies the present level of security knowledge among Imam Abdulrahman Bin Faisal University college students. A module was created to assist the students in becoming more informed. The main contribution of this work is an assessment of cybersecurity awareness among the university students based on three essential aspects: password security, browser security, and social media. Numerous questions were designed and sent to them to evaluate their awareness. The current survey received as many as 450 responses with their answers. Various statistical analyses were applied to the responses, including the validity and reliability test, feasibility test of a variable, correlation test, multicollinearity test, multiple regression, and heteroskedasticity test, carried out using SPSS. Furthermore, a multiple linear regression model and coefficient of determination, a hypothesis test, ANOVA test, and a partial test using ANOVA were also carried out. The hypothesis investigated here concerns password security, browser security, and social media. The results of partial hypothesis testing using a t-test showed that the password security variable significantly affects cybersecurity awareness (p-value = 0.0001). The regression coefficient of the password security variable in the multiple linear regression model was found to have a beta value of 0.147. In addition, the browser security variable significantly affects awareness, with a p-value = 0.0001. The regression coefficient of the password security variable had a beta value of 0.188. The social media activities variable significantly affects cybersecurity awareness (p-value = 0.0001). The regression coefficient of the social media activities variable had a beta value of 0.241. Based on the research conducted, it is concluded that knowledge of password security, browser security, and social media activities significantly influences cybersecurity awareness in students. Overall, students have realized the importance of cybersecurity awareness.

In the development of China’s Internet industry and digital economy, great importance is attached to the protection of personal data and seriously protects the legitimate rights and interests of citizens’ personal data. Generally speaking, with the development of technology and industry, China’s personal data protection has gone from “indirect protection” to “direct protection” and then to “comprehensive protection”. In the early years of China’s Internet industry, the indirect protection of personal data was mainly achieved through the protection of the “rights to privacy” of citizens. Since the Internet industry of the People’s Republic of China has entered a stage of rapid development, the state began to directly protect personal data in accordance with the provisions of the Chapter “Network Information Security” established in the “Cyber Security Law” of 2016, establishes several principles for the collection and use of personal data, protection requirements information security. Until November 1, 2021, the “Personal Data Protection Law of the People’s Republic of China” (PPD) was adopted to comprehensively protect personal data, reflecting the ideology of development focused on bringing the people to the center, meeting the new needs and aspirations of the people in the new era, and also proposing the creation international digital legal order “Chinese version”. The PPD further expands the scope of the object of personal data protection, comprehensively establishes the rights of individuals to process data, strengthens the obligations to protect personal data processors, creates strict rules for the protection of sensitive personal data and regulates the processing of personal data by public authorities, as well as improving the means of legal protection of personal data, all of which are important points in the legislation. The law incorporates advanced foreign experience, while emphasizing Chinese wisdom, the spirit of the times, and practicality in accordance with the reality of China.

The issue of personal data protection has been one of the focal points of attention in recent decades. This is because the protection of personal data is a form of realizing the right to privacy as a fundamental human right. Personal data refers to information about a specific individual’s characteristics that serves as a means of their identification. Personal data protection in Bosnia and Herzegovina is regulated by the Law on Personal Data Protection. This law governs the principles of personal data processing, the obligations of data controllers and processors, the rights of data subjects, as well as sanctions for violations of the law. Since 2016, the protection of personal data in the European Union has been regulated by the General Data Protection Regulation (GDPR), which has significantly improved the system for protecting personal data. A particularly significant category of personal data is personal health data, which includes identification and identifying information about an individual’s health and medical condition, their medical diagnosis, prognosis, and treatment, as well as information about substances that can identify that individual. Data related to an individual’s health is a crucial and potentially vulnerable aspect of their life. These are the most intimate data about an individual, the unauthorized and unjustified disclosure of which can subject them to shame, ridicule, and stigmatization, causing them significant, primarily non-material, harm. Misuse of patient information not only violates their privacy but also undermines their dignity. Therefore, personal health data can only be processed for health-related purposes, i.e., for the benefit of the individual and society as a whole. Laws regulating patients’ rights in the Federation of Bosnia and Herzegovina (the Law on Healthcare and the Law on the Rights, Obligations, and Responsibilities of Patients) guarantee patients the right to confidentiality of information and privacy, the right to data secrecy, and the right to access their medical records. The provisions of these laws significantly meet the standards for the protection of personal health data. However, in order to improve the situation in this area, there is a need to harmonize the provisions of the general data protection law, which is subsidiarily applied in the protection of personal health data, with the provisions of the General Data Protection Regulation.

Privacy as a legal concept is an unavoidable part of a modern democratic society and is recognized as one of the fundamental human rights of every citizen. The right to privacy and the protection of personal data are guaranteed by international human rights documents. In librarianship, the right to privacy and protection of personal data is also guaranteed in the documents of international library associations, which clearly emphasize that librarians are obliged in their work to protect the privacy and personal data of their users. Privacy and personal data are increasingly difficult to protect today, as access to data is simpler and easier due to the use of different and new information technologies, electronic communication, social networks, electronic databases, etc. Personal rights are guaranteed by international documents on protection of personal data and protected by national personal data protection laws. The main objectives of the paper are: to problematize the definition of the concept of privacy from several perspectives; problematize the importance of the right to privacy and protection of personal data in the context of the library profession; provide an overview of significant international documents in the field of human rights which also guarantee the right to privacy and protection of personal data; make a review of important international documents guaranteeing the right to protection and confidentiality of personal data; and finally, the paper will provide an overview of documents of international library associations that in their texts indicate the importance of privacy and protection of personal data in the library business.

La actividad cotidiana de cualquier persona deja hoy “rastro digital”. Esto obliga a plantear: ?Que ocurre con nuestro “rastro digital” cuando morimos? ?Puede la persona prever algo al respecto? El hecho de que en el “rastro digital” puedan verse involucrados tanto aspectos de caracter neta­mente personal como patrimonial, determina que la aproximacion al “rastro digital” dejado por la per­sona al fallecer pueda hacerse: o bien desde una perspectiva eminentemente patrimonial-sucesoria, de la gestion y/o el destino del patrimonio digital; o bien desde una perspectiva eminentemente personal, de la proteccion post mortem de la intimidad/privacidad y/o de los datos personales tanto del fallecido como de terceros. Este doble enfoque se refleja en la practica y tambien en la legislacion comparada, europea y norteamericana. Mas concretamente, es esta una materia en la que confluyen cuestiones de Derecho de sucesiones, de Derecho contractual y de Derecho de la persona –en particular, relativas a la proteccion de datos personales y a la proteccion de la intimidad/privacidad postuma y de terceros–. Asi, por lo que respecta al punto de vista patrimonial, si bien en principio no es posible hablar de la “heren­cia digital” como algo distinto de la “herencia analogica”, ello no obsta a que deban tenerse en cuenta ciertas especificidades que rodean y/o afectan a ciertos “bienes digitales”, en algun caso tributarias del Derecho de contratos. En este contexto, la persona puede ordenar sus “voluntades digitales”, previendo disposiciones sucesorias (nombrando “sucesores digitales”) y/o no sucesorias (ya sea designando “albacea/s digital/ es” o bien quien va a poder actuar en relacion a la proteccion de sus datos personales y/o al ejercicio de las acciones de proteccion civil del honor, la intimidad o la imagen). Por lo que respecta a la legislacion espanola, la Ley catalana 10/2017, de 27 de junio, de las volun­tades digitales, adopta una perspectiva esencialmente patrimonial, previendo la posibilidad de designar un “albacea digital” para que actue ante los prestadores de servicios digitales con los que el causante tenga cuentas activas. El hecho de que la norma catalana se muestre plenamente respetuosa con el con­tenido del contrato suscrito entre el usuario fallecido y el prestador de servicios contrasta con las solu­ciones adoptadas al respecto en otros ordenamientos. Por otra parte, la regla por defecto de no acceso al “contenido” de las cuentas y archivos digitales, salvo que el causante lo haya establecido o se obtenga autorizacion judicial, aproxima la Ley catalana a lo previsto en otros sistemas. En la Ley Organica 3/2018, de 5 de diciembre, de Proteccion de Datos Personales y garantia de los derechos digitales, confluyen tanto el enfoque personal –de la proteccion de datos de las personas fallecidas–, como el patrimonial –relativo a los “contenidos digitales”– (en el mal llamado “testamento digital”). Esta ley parte de la regla de acceso por defecto a los contenidos digitales o a los datos perso­nales del fallecido, y establece una legitimacion muy amplia en cuanto a facultades y demasiado extensa en cuanto a personas legitimadas, sin establecer prelacion alguna entre ellas. Esto, que puede generar problemas en la practica, contrasta con lo previsto en la Ley catalana y en otras legislaciones de nuestro entorno. La Ley Organica 3/2018 se revela, asi, mas como una ley de desproteccion de datos y de con­tenidos digitales, que no de proteccion de los mismos.

The article is devoted to the study of the organizational and legal mechanism of personal data protection. The concept of "personal data protection" is developed in detail in domestic jurisprudence. The law regulates legal relations related to the protection and processing of personal data, with the aim of protecting the fundamental rights and freedoms of a person and a citizen, and, first of all, the right to non-interference in personal life, in connection with the processing of personal data. However, the rapid development of information technologies, the digitization of society forces us to improve the organizational and legal mechanism of personal data protection every time, to search for more effective and reliable methods and means of their protection. The actual legal basis for the protection of personal data can be found in the Constitution of Ukraine, the Criminal Code of Ukraine, the Civil Code of Ukraine, the Law of Ukraine "On the Protection of Personal Data", decisions of the Constitutional Court of Ukraine, international legal acts, consent to the mandatory use of which was given by the Verkhovna Rada of Ukraine. It is substantiated that it is the state that acts as the guarantor of the protection of a person's personal data - its task is to create an organizational and legal mechanism that would effectively protect human rights related to personal data, etc. The organizational component of the personal data protection mechanism covers the vertical of state bodies and services, which, in accordance with the powers assigned to them, carry out personal data protection activities. On the basis of the conducted research, we came to the conclusion that the organizational and legal mechanism for the protection of personal data is a set of legal norms and a complex of preventive measures carried out by relevant state bodies and services aimed at protecting personal data, stopping offenses, applying coercion to offenders and restoring violated human rights related to personal data.

<span>This study aimed to assess the level of cyber security awareness among graduate and undergraduate students in five universities in Mogadishu. The study used a one-way analysis of variance (ANOVA) to examine the difference in cyber security awareness levels between graduate and undergraduate students across five reputable universities. The questionnaire method was used to collect data from 250 graduate and undergraduate students from SIMAD, SIU, UNISO, Jamhuriya, and Mogadishu universities. The cross-tabulation result showed that there was a significant difference in cyber security awareness levels between the universities. Specifically, the results showed that students from SIMAD and Jamhuriya universities suffered from virus attacks, while SIU students struggled with password strength and social network misuse. Mogadishu students faced phishing and virus attacks, and UNISO students dealt with both virus attacks and password strength issues. The study recommended that universities educate their students and parents on safe internet usage and cybersecurity and monitor and secure their internet and computer services. Additionally, the authors recommended the development of cybersecurity software to help students use their data confidently and securely.</span>

The digital era has massively transformed the public transportation system with the use of technology, but it also poses challenges in terms of cyber security. This study focuses on analyzing how cybersecurity management affects people's views on the safety and service quality of public transportation apps. The method used in this study is a quantitative approach, where data is collected through an online survey and then analyzed descriptively. The findings of this study show that cybersecurity management is highly influential on service quality in public transportation apps. Overall, users have a positive view of app security, even in the “Very Good” category. However, there are still some aspects that need to be improved, especially regarding the protection of personal data and awareness of cyber security. The results of this study will serve as a basis for formulating better security policies and strategies to increase public trust in public transportation services.

The subject of this analysis is the role that regional trade agreements (RTAs) play in balancing between personal data commodification and protection of privacy and personal data, approached from the perspective of Karl Polanyi’s theory of double movement. We analyse provisions on cross-border information transfers and data protection in order to establish the models for balancing between the ideas of personal data commodification and social protection, understood as allowing for the use of measures that ensure privacy and personal data protection. Our analysis indicates that there are two general models concerning the liberalization of cross-border information transfers: one model restricts states’ ability to restrict data flows while the other is more open to such measures. Next, we identify three primary models governing how data protection is treated in the agreements that liberalize data flows: one that is based on the inclusion of substantive standards of protection in the content of the given agreement; one that uses international standards as a proxy for establishing certain level of protection; and one that is based on national data protection laws. Combining identified models of liberalizing data flows with identified models of ensuring data protection allows us to show that the inclusion of seemingly similar provisions on cross-border data transfers in various RTAs has resulted in developing several different models for balancing between commodification of personal data and data protection.

Authentication is an important measure for protecting personal and sensitive information from unauthorised access. Password authentication still is the most widely used form of authentication despite its well-established downsides, including the cognitive load it poses for users and coping strategies resulting thereof. These include the creation of weak passwords or the reuse of passwords across accounts. Alternatives to the knowledge-based password scheme include biometric schemes, such as fingerprint authentication and token-based schemes like chip card authentication. However, attempts to replace the password on a large scale have not yet been successful. Commencing this research with an extensive rating and comparison of objective features of existing authentication schemes confirmed that the password indeed is not easily replaceable. To shine light on this seemingly intractable issue, a laboratory and an online study were conducted to explore the user perceptions of authentication schemes. Although studied less frequently than technical aspects, user perceptions are highly relevant. First, they can influence acceptance of authentication schemes, and second, mismatches between technical security and security perceptions can ultimately impact security. The two studies revealed a user preference for password authentication across different contexts of use, despite its downsides. While the initial comparison acknowledged the password’s persistence with regard to objective features, the studies confirm the relevance of password authentication from a user perspective. Because the security of password authentication largely depends on the password creation and handling of the user, further research was needed to explore measures that support secure and usable password authentication. A promising approach for encouraging secure choices without constraining the user is provided by the concept of ”nudging”, as proposed by Thaler and Sunstein. Nudges are small tweaks of the choice architecture that target automatic cognitive processes and that do not limit or significantly influence the cost of the available choices. To support secure password creation, three consecutive field studies analysed the impact of various password nudges on password creation. The first two studies used visual nudges intended to simply encourage stronger passwords and produced insignificant results. Based on the lessons learned, the resulting intervention in the third study combined a nudge with password strength information and compensation for stronger passwords in the form of later password expiry. This intervention indeed encouraged the creation of stronger passwords. The finding led to the assumption that the combination of a nudge and information provision, a hybrid nudge, may be more effective in encouraging secure choices than either intervention on its own. An online study analysed the single and joint effects of nudges and information provision across different securityrelated decisions including password creation. The findings revealed that the hybrid nudge proved to be most effective across decisions. Furthermore, the combination of transparent nudges with information provision educating users about the reasons for encouraging a particular choice appeared most favourable with regard to ethical considerations. A final online study compared the effects of different hybrid password nudges on password creation, password memorability, and the users’ perceptions. It confirmed the effectiveness of the hybrid nudge as compared to exclusive information or nudge interventions on all three counts. Yet, nearly no significant differences between hybrid password nudges emerged, indicating that the type of nudge included plays a minor role compared to the combination as such. It is concluded that the combination of nudging and information provision constitutes a promising strategy for supporting users in creating secure passwords and in making security-related decisions without enforcing a particular choice. This may further open the path towards a more human-centred approach in cybersecurity as envisioned in a mindset labelled ”Cybersecurity, Differently”. The findings are discussed regarding the transferability of the results to real-life settings and their scalability to the large number of accounts users have to manage. Suggestions for future work include field studies on hybrid password nudges, the integration into suitable tools such as password managers to ease the cognitive load, or the development of concepts that especially consider aspects such as account sensitivity or password reuse.

The Quest for Information Privacy in Africa: A Review Essay

This study investigated awareness and perception of cybersecurity among librarians in federal universities in South-West, Nigeria with the aid of descriptive survey research approach. Questionnaire was used to elicit information from 179 librarians and system librarians, out of which 167 (93.3%) copies of the questionnaire were duly completed and returned. The data collected were analyzed using frequency count, percentages and Pearson Product Moment Correlation analysis to test for the significant relationship between awareness and perception of cybersecurity among librarians tested at 0.05 level of significance with the aid of SPSS Version 21. The study revealed that the level of awareness of cybersecurity among librarians in Federal Universities in South-West, Nigeria is moderate. The findings also revealed that to a high extent are librarians in federal universities in South-West, Nigeria are aware of the potential cyber threats and attacks to library resources. The study showed that librarians perceived that deliberate attack to destroy sensitive data in the library database is unjust (mean=1.62), the use of the computer in committing crimes is unjust (mean=1.61) and that having an unauthorized access to data and other computerized systems (hacking) is considered unjust (mean=1.56). The study revealed that hardware skill (mean= 3.21), software skill (mean=3.10), operating system skills and programming language skills (mean=3.01) were the main librarians’ information technology skills to secure library resources. The study further showed that librarians make use of technical security measures in the libraries through access control and password security (mean=3.26), through video surveillance (CCTV system) (mean=3.25) and through installation of updated software (mean=3.11); and the use of non-technical security measures in libraries are through burglary protection and fire extinguishers (mean=3.16) and architectural considerations (mean=3.07). The study also showed that crashing of a computer due to virus, malware, hackers etc (mean=2.99), lack of fund (mean=2.94) and lack of trained information technology (IT) manpower (mean=2.91) were the main challenges encountered in securing information resources against cyberattacks by librarians. There is no significant relationship between awareness and perception of cybersecurity among librarians in Federal Universities in South-West Nigeria. The study recommended that Government should provide adequate fund for universities to run their library effectively. Many universities experiences lack of fund to improve their library. Meanwhile, to provide appropriate security measures in libraries, there is a need of availability of funds.

The European Council has established the first legal framework for the fundamental right to the protection of personal data, namely the Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data (Convention 108). The right to the protection of personal data is closely linked - but not identical - to the right of private life established by Article 8 of the European Convention for the Protection of Human Rights (hereinafter, the ECHR). Article 8 of the Charter of Fundamental Rights of the European Union (hereinafter, the Charter) expressly recognized the right of private life as an autonomous fundamental right. The importance awarded by the EU to the protection of personal data is also highlighted at Article 16 of the TFEU. The protection of personal data arises out of the question of the protection of individual rights by the State and has evolved into the question of how the the State treats and uses its citizens' personal data. On the contrary, in private commercial relationships, the right to the protection of personal data has a horizontal dimension. Does the Charter's fundamental right of personal data protection have direct effect in domestic legal orders? The CJEU has not yet pronounced on the enforceability of this right, however the legal scholar has already considered that Article 16 of the TFEU can be directly invoked. To be directly enforceable in front of domestic jurisdiction, the right to the protection of personal data should be specified by a specific legislation in the EU. To have a full picture it is thus paramount to consider the details of legislation in combination with primary law.Thus, in the next European legislature, a general reform of the data protection framework is envisaged to account for the challenges posed by new technologies of information, globalisation and the increasingly common practice of using personal data to prevent criminal and terrorist actions. The legislative package for the protection of personal data concerns two proposals: a Regulation that generally covers the treatment of personal data within the EU, both in the private and public sectors, and a Directive on Data Retention that aims to prevent, detect or to pursue criminal acts. This contribution not only clarifies the specific content of companies' obligations to respect the European standard for the protection of personal data but also discusses the proposal to revise the general framework to respect the Charter's acknowledgment of the fundamental right of personal data protection. The forthcoming legislative reform will represent an important reference point for countries - such as Switzerland - that are not members of the European Union. This paper assesses whether the European legislative reform on the protection of personal data, in conjunction with national law, responds in a satisfactory manner to the challenges posed by technological evolution and widespread use of the Internet. In recent years, the question of State regulation of the processing of personal data by private companies has become urgent as allegations of unauthorized access to personal data have been hotly debated in the European press. Thus, the paper shall first analyse, the appropriateness of European and States' legislation to properly regulate the effective protection of personal data, in particular of obligations applicable to companies storing and processing personal data on European soil. Does the proposed European legislation in the context of the EU's international agreements with the US provide sufficient legal safeguards to ensure the effective protection of personal data in the post-Snowden era? Specific subparts are devoted to the European reform of companies' criminal liability in cases of cyber-attack (a) and of specific obligations imposed on providers of cloud computing services (b). In the second part, I comment on the interpretation of the European data-protection legislation, provided by the Court of Justice, regarding the obligations imposed upon 'intermediaries' that process personal data, such as the Internet service providers (a) and Internet search engines (b). The Court of Justice has interpreted the European legislation in a manner that allows courts and national authorities to impose on companies a set of safeguards to protect individuals against the infringement of copyright and privacy rights.