The Information Commissioner's Office has found that five local authorities have breached the Data Protection Act by failing to protect personal information about citizens. Basingstoke and Deane Borough Council breached the Data Protection Act four times over two months in 2011. In one incident, which occurred in May, an …
Data breaches are so common there seems there's no simple way to stop this.
It ought to be obvious, but one day we'll finally wake up that storing data digitally is very different to storing it on paper in locked filing cabinets.
The digital data paradigm is very different to paper and we've still thinking in a 'paper' mentality.
A signed undertaking ...
... to obey the law that they are supposed to work under, then it's a fine next time.
Why is it that I got fined for my first speeding offense instead of having to sign an undertaking not to do it again?
Where's your trust?
Surely it's obvious that once the council has signed a bit of paper we can all trust that this will never happen again. I mean it's not like this happens all the time is it?
After the hefty punitive signing they'll never play fast and loose with our data again. Hurrah!
I currently work for an ex-council housing authority and security doesn't seem to be the greatest here, considiring the amount of sensitive tenant data we hold. I'd suggest the problem is far greater than those few councils.
Anon, obviously ;)
BCC, CC and email lists
These stories, other than the laptop theft, just scream people not checking email address headers as well as those forever not understanding the difference between CC and BCC (some of those 'personal details' were email addresses. As well as shortcuts like hitting reply in a message when making a new message instead of using the address book and failing to notice you are replying to a group or that there is an attachment that will be included.
It only takes one moment of inattention and council staff are increasingly harassed as their numbers get cut. We will see more of this.
One of my hats is basic training and I can state the differences between CC and BCC until I'm blue in the face and it still doesn't sink in. I really don't get what is so hard to understand.
Also agree fully with the last paragraph.
Do people have any feelings on the potential for tecnhology vendors to assist in ANY sort of damage control here...i.e use of tecnhology to implement "policy" or to restrict ability to mass mail....by forcing "bcc" or other sensible controls.
Until the higher ups responsible lose their jobs, nothing will happen. The higher ups earn the big bucks; let them shoulder big responsibilities, even if they themselves didn't make the key mistake.
@ Dave the Cat:
Just say to your students "Now pay attention because if you don't, you WILL lost your job when you mess this up." Make sure all employees have been put on notice that certain types of email mistakes WILL result in immediate firing.