[Dataloss] NY laptop theft breaches no data protection rules

[lyger]

http://www.siliconrepublic.com/news/news.nv?storyid=single10391

The loss of a laptop containing the files of up to 175,000 Irish blood 
donors, which was stolen earlier this month in New York, does not 
constitute a breach of the Data Protection Acts and the encryption on the 
laptop is sufficient to protect the files, Ireland.s Data Protection 
Commissioner said today.

Following an investigation into the theft of the laptop from an employee 
of the New York Blood Centre (NYBC), the Data Protection Commissioner.s 
office said the NYBC had a proven track record in developing query tools 
for blood organisations like the Irish Blood Transfusion Service (IBTS).

[.]

The data contained patient names, addresses, email addresses and/or mobile 
phone numbers. The log files also contain numeric codes for other kinds of 
information such as attendance at the IBTS or blood-test results performed 
by the IBTS.

"Importantly, the key for these codes was not on the stolen laptop or on 
the disks given to the NYBC for the performance of its functions," the 
Commission said.

"It is not possible to isolate individual fields in the log files, so it 
would have been difficult, if not impossible, to have anonymised the files 
prior to their supply to the NYBC. Accordingly, the amount of personal 
data supplied to the NYBC for the performance of the contract entered into 
is not considered excessive in the circumstances," the Commission said.

[...]