[Dataloss] UK: Police personal data found on discarded floppy
Marjorie Simmons
lawyer at carpereslegalis.com
Wed Jan 2 21:57:47 UTC 2008
One often overlooked problem with the release of just name,
address and phone is that it can and often does uncover a
relationship between the data loser and the exposed persons.
While it might be inconsequential in some instances, it
definitely is a major concern in other instances. For example,
Widget Business XYZ loses its customer mailing list and a
defense agency is a customer, and the widgets can only be
used as part of a certain technology, where the timing of the
widget deployment is sensitive. Or, consider the law firm
whose client mailing list is compromised. There are many
such instances when simple name, address and telephone
data losses can show a relationship between people that the
parties would neither expect nor want to have disclosed.
While raw data may be available in a publicly available
directory, the relationship between parties is often not,
and it is the exposure of the relationship, confidential or
simply hidden, that is the problem.
###
-----Original Message-----
On Wed, 26 Dec 2007, lyger wrote
On Wed, 26 Dec 2007, Dan O'Donnell wrote:
": " <http://news.bbc.co.uk/1/hi/england/devon/7160490.stm>
": "
": " Police data details found at dump
": " A senior police officer has apologised after confidential details of
": " staff were found on a dump in Devon.
": "
": " The details, on a floppy disk, included names, addresses, telephone
": " numbers and ranks of employees of Devon and Cornwall Police.
": "
": " The disk was in an obsolete computer that had been used by the force
": " and had been sent for recycling.
While losing the personal information of police officers is certainly a
concern due to the nature of their jobs, I've noticed other recent reports
of general "data loss" involving not much more than names, addresses, and
sometimes phone numbers. Should this generally be considered "personal
information" if such data can usually be found in a phone book or
Google (for most people anyway)? Just a thought and something we consider
when including (or not including) breach data on attrition's data loss web
page and database...
More information about the Dataloss
mailing list