[Dataloss] UK: Police personal data found on discarded floppy

Brian Honan brian.honan at bhconsulting.ie
Thu Dec 27 10:09:41 UTC 2007 

Don't forget that under EU, and UK, Data Protection legislation businesses and organisations are obliged to protect the personal information they hold on their customers and in some cases their staff.

While the EU Data Protection legisation places obligations on companies to protect this personal data, there are no significant breach disclosure laws.  So in my opinion breaches of this nature within the EU are significant as they could be in breach of the Data Protection legislation and we need to publicly know what breaches are occuring so that we can better argue for the introduction of data breach disclosure laws.

Brian

On Thu, 27 Dec 2007 04:40:52 +0000 (UTC), lyger <lyger at attrition.org> wrote:
> 
> 
> On Wed, 26 Dec 2007, Michael Hill, CITRMS wrote:
> 
> ": " We get that question a lot in our business and here's how we answer
> it.
> ": "
> ": " "Mr. (Business Owner) if I call into your business and ask for your
> home address and phone number, will you or whomever answers the phone
> going to give it to me?"   I think not.  The home address and phone number
> is just the first step to getting your identity stolen.
> 
> Not to take things too far, but I guess that was my part of my point.  If
> someone cold-called my place of business and asked for that information, I
> wouldn't be willing to give it out.  However, what's to stop anyone from
> getting a copy of the White Pages or just getting online and hitting
> Google or a dozen other search engines for the same information (if the
> person in question is listed by such)?
> 
> By the way, Adam made a good point about wanting a broader realm of
> disclosure for tracking and analysis.  I wasn't trying to criticize the
> content of the original post; it was more about opening discussion as to
> what might be considered "personal", "private", "public", or "other".  Any
> other thoughts?
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> 
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml
-- 
Brian Honan
BH Consulting
Helping You Piece IT Together
Tel:         +353-1-4404065
Mob:       +353-86-8114066
Email:      brian.honan at bhconsulting.ie
www: http://www.bhconsulting.ie
Support Global Security Week http://www.globalsecurityweek.com

This message is for the named person's use only. If you received this message in error, please immediately delete it and all copies and notify the sender.
You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender and not of BH Consulting

More information about the Dataloss mailing list