Even more lessons from laptop loss
August 11th, 2008
We’ve written before about laptops going missing containing confidential personal information. Then it was 31,000 Bank of Ireland customers who had to worry whether they could be the victims of fraud. This time it’s 380,000 social welfare recipients whose details might be compromised – with 106,000 of those also having had their bank account details lost. As before, and in breach of the most elementary principles of data security, it seems that this data was not encrypted.
The most worrying thing about this episode? Despite the laptop being lost in April 2007, it is only now that the victims are being told that their information has been compromised. In the 16 months between then and now they have been deprived of the right to protect themselves – for example, by taking steps to monitor their bank accounts or credit ratings. As we’ve said a few times now, it’s about time that Irish law recognised a right to be notified when your personal data is lost. Here’s how the law currently stands and what you can do about it:
At the moment, there is no general legal obligation on a body which loses your personal information to notify you. This means that individuals may be unaware that sensitive information such as medical histories or financial records has been lost. It may be, for example, that the first you learn about it is when you go to the ATM and find that your account has been emptied. We’ve said before that it’s time that this was changed. In the US, for example, many states have laws requiring that you be warned if your information is compromised. This has been successful in helping individuals to protect themselves and also in providing an incentive for companies to invest in security, knowing that they will no longer be able to sweep their failings under the carpet. In fact, the European Data Protection Supervisor has now recommended that it is time for such a law at a European level, and has suggested amendments to the forthcoming e-Privacy Directive.If you agree that you should have a right to be warned when your data is compromised, you should start by writing to the Minister for Justice (minister@justice.ie) and to your MEPs. (Contact details for MEPs.) Ask them to support the proposals of the European Data Protection Supervisor on security breach notification.
You can also write to your local TD. Most now use email, with the address: firstname.surname@oireachtas.ie. You can find full contact details for your local TDs here. Let them know that privacy is an important issue for you. And let them know that unless data retention is stopped, it is only a matter of time until telephone, internet and email records are similarly leaked.
If you think you may have been affected, you can contact the Department of Social and Family Affairs on a helpline at 1800 690 590 (9am – 6pm) or via e-mail at helpline@welfare.ie.
Entry Filed under: DRI
7 Comments Add your own
1. Lost Laptop Exposes 380,0&hellip | August 12th, 2008 at 12:04 am
[...] Rights Ireland have a post that covers some of the legal aspects regarding this breach. If you feel as strongly about breach [...]
2. Damien Mulley » Blo&hellip | August 12th, 2008 at 7:54 pm
[...] views: Brian, Digital Rights Ireland. Digg it! | Reddit | Del.icio.us | Stumble Upon | [...]
3. Digital Rights Ireland &r&hellip | October 2nd, 2008 at 11:25 am
[...] There’s some good news and some not-so-good news in the Irish Times today on how the government is responding to its ongoing problems with losing personal data. [...]
4. Recent Links Tagged With &hellip | October 23rd, 2008 at 10:34 am
[...] public links >> ireland Even more lessons from laptop loss Saved by IlyaNejiTen on Wed 22-10-2008 McConnells pledges to be Ireland's biggest digital ad [...]
5. Nokia E Series | March 14th, 2009 at 5:11 am
Nice post. It’s not only laptops. Mobile phones too. Most banks offer mobile banking via cell phones. Phones contain confidential information too. This is a matter that should be looked into very very soon. Thanks for sharing the information.
6. Digital Rights Ireland &r&hellip | June 17th, 2009 at 10:10 pm
[...] been banging on about this for a while, but it’s worth repeating that in light of these fiascos, a law to [...]
7. Konferenser | June 18th, 2009 at 9:18 pm
The first thing that occurred to me after I lost my laptop was that I had no capability to remotely destroy the data on my laptop. For most shops running Blackberry Enterprise Server, you may already be familiar with the ability to send a remote kill signal to a stolen Blackberry in the event of handheld loss.
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed