[Dataloss] UK: Police personal data found on discarded floppy
Adam Shostack
adam at homeport.org
Thu Dec 27 03:07:05 UTC 2007
On Thu, Dec 27, 2007 at 02:56:04AM +0000, lyger wrote:
| On Wed, 26 Dec 2007, Dan O'Donnell wrote:
| ": " <http://news.bbc.co.uk/1/hi/england/devon/7160490.stm>
| ": "
| ": " Police data details found at dump
| ": " A senior police officer has apologised after confidential details of
| ": " staff were found on a dump in Devon.
| ": "
| ": " The details, on a floppy disk, included names, addresses, telephone
| ": " numbers and ranks of employees of Devon and Cornwall Police.
| ": "
| ": " The disk was in an obsolete computer that had been used by the force
| ": " and had been sent for recycling.
|
| While losing the personal information of police officers is certainly a
| concern due to the nature of their jobs, I've noticed other recent reports
| of general "data loss" involving not much more than names, addresses, and
| sometimes phone numbers. Should this generally be considered "personal
| information" if such data can usually be found in a phone book or
| Google (for most people anyway)? Just a thought and something we consider
| when including (or not including) breach data on attrition's data loss web
| page and database...
I suspect this one is inclusion-worthy.
The addresses and personal phone numbers of police officers are
usually protected for reasons of personal security. Similarly, many
women chose to protect their home addresses. When Ameritrade lost
control of email, it may have been a broader breach.
To turn it around, I want as much disclosure as I can get, so we can
better analyze what's happening in computer security. Why not include
broadly?
Adam
More information about the Dataloss
mailing list