Another day, another laptop loss
June 17th, 2009
Yesterday it was a HSE laptop with sensitive financial information on the public. (Don’t forget the HSE has form – with multiple data losses just last year – and has now shown that it has broken its promise to encrypt all laptops containing sensitive personal information.)
Today it’s the turn of Bord Gáis to lose another unencrypted laptop containing bank account and credit card details of 75,000 customers.
We’ve been banging on about this for a while, but it’s worth repeating that in light of these fiascos, a law to warn you that your data has been stolen is long overdue:
At the moment, there is no legal obligation on a body which loses your personal information to notify you. This means that individuals may be unaware that sensitive information such as medical histories or financial records has been lost. It may be, for example, that the first you learn about it is when you go to the ATM and find that your account has been emptied.
What’s being done on this front at the moment? The Minister for Justice has kicked this issue to touch for the time being, setting up a working group to consider whether mandatory reporting should be introduced – and we’ve made submissions to that group. But if you want to see action taken sooner rather than later, now would be a good time to let your TDs (firstname.surname@oireachtas.ie) and MEPs (contact details here) know that you support a right to be warned when your data has been stolen.
Perhaps most importantly, you might want to ask yourself this question – if this is what happens to your financial information, what can you expect to happen to your email and web information if the government is allowed to continue with its plans for data retention?
Entry Filed under: Privacy - General
6 Comments Add your own
1. Verbo.se » Bord Gá&hellip | June 17th, 2009 at 11:42 pm
[...] Since nobody else has asked yet: What in fuck’s name was that data doing on a laptop? Some 75,000 Bord Gais customers have been warned to monitor their bank accounts for suspicious transactions after a laptop computer containing their account details was stolen. [...]
2. David Stock | June 18th, 2009 at 9:58 am
They really should find better ways of carrying their data. What they are doing is not safe for their customers and I just hope they have made backup copies of that. Still, they’ve put their clients in jeopardy.
3. Fergus O'Rourke | June 20th, 2009 at 7:47 pm
Do we really need yet another law ? Does the DP regulator not have power that he can use to achive the same result ?
If a customer actually suffers loss, the failure to tell him or her as soon as possible would certainly weaken any defence to a claim in negligence.
4. Administrator | July 14th, 2009 at 1:36 pm
@Fergus – Unless there’s a reporting obligation, how does a potential plaintiff know which of the many organisations which hold his/her credit card details is responsible for the loss of data and subsequent damages? And is it realistic to expect the average aggrieved customer to start proceedings? After all, we’re not all barristers.
5. Fergus O'Rourke | July 18th, 2009 at 12:05 pm
Yes, I have, in the interim, been persuaded by such arguments.
6. Baz | August 18th, 2009 at 1:23 pm
to be honest if its government, its a lost cause…
… the British lost 15 million social security records last year. It’s endemic, its like the Ogilvy qoute “If pay peanuts, you get monkeys”, except its reversed to “if you hire monkeys you get peanuts”
Generally most of the civil service have degrees in bs which they spin to us all.
Everything data protection wise in state agencies and semi state should be outsourced, i gaureentee thrice as many people could be employed, for the same money, with a large profit
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed