Yesterday it was a HSE laptop with sensitive financial information on the public. (Don’t forget the HSE has form – with multiple data losses just last year – and has now shown that it has broken its promise to encrypt all laptops containing sensitive personal information.)
Today it’s the turn of Bord Gáis to lose another unencrypted laptop containing bank account and credit card details of 75,000 customers.
We’ve been banging on about this for a while, but it’s worth repeating that in light of these fiascos, a law to warn you that your data has been stolen is long overdue:
At the moment, there is no legal obligation on a body which loses your personal information to notify you. This means that individuals may be unaware that sensitive information such as medical histories or financial records has been lost. It may be, for example, that the first you learn about it is when you go to the ATM and find that your account has been emptied.
What’s being done on this front at the moment? The Minister for Justice has kicked this issue to touch for the time being, setting up a working group to consider whether mandatory reporting should be introduced – and we’ve made submissions to that group. But if you want to see action taken sooner rather than later, now would be a good time to let your TDs (firstname.surname@oireachtas.ie) and MEPs (contact details here) know that you support a right to be warned when your data has been stolen.
Perhaps most importantly, you might want to ask yourself this question – if this is what happens to your financial information, what can you expect to happen to your email and web information if the government is allowed to continue with its plans for data retention?
Pingback: Verbo.se » Bord Gáis Muppets
They really should find better ways of carrying their data. What they are doing is not safe for their customers and I just hope they have made backup copies of that. Still, they’ve put their clients in jeopardy.
Do we really need yet another law ? Does the DP regulator not have power that he can use to achive the same result ?
If a customer actually suffers loss, the failure to tell him or her as soon as possible would certainly weaken any defence to a claim in negligence.
@Fergus – Unless there’s a reporting obligation, how does a potential plaintiff know which of the many organisations which hold his/her credit card details is responsible for the loss of data and subsequent damages? And is it realistic to expect the average aggrieved customer to start proceedings? After all, we’re not all barristers.
Yes, I have, in the interim, been persuaded by such arguments.
to be honest if its government, its a lost cause…
… the British lost 15 million social security records last year. It’s endemic, its like the Ogilvy qoute “If pay peanuts, you get monkeys”, except its reversed to “if you hire monkeys you get peanuts”
Generally most of the civil service have degrees in bs which they spin to us all.
Everything data protection wise in state agencies and semi state should be outsourced, i gaureentee thrice as many people could be employed, for the same money, with a large profit
Another day, another invasion of privacy.
I would like to bring everybody’s attention to a document that has been published on the web by Irisoifigiuil which contains a list of persons who were naturalised in 2009. The list includes the persons’ full name, home address, date of naturalisation and whether they were of full age when naturalised. I only came accross it because I googled “a friend’s” name and this popped up as a result. Below is the link, the list I refer to can be seen in pages 153-193 of the document. My “friend” was never asked whether this was ok, or informed at all.
As i think that those people’s details would have been safe had they not been naturalized, I cannot help remembering Orwell’s warning: ALL ANIMALS ARE EQUAL, BUT SOME ANIMALS ARE MORE EQUAL THAN OTHERS.
I understand that my comment might not be quite relevant to the topic, but I just feel it is right to share this news (ok, I admit, I am upset too). Since i did not know how to create a seperate entry, i am just writing here.
Best wishes coming your way,
i.
Here is the link to the document i referred to above: http://www.irisoifigiuil.ie/currentissues/Ir040211.pdf