First successful prosecution for failure to register with Commissioner. Data Protection Commissioner notified of TCD data breach. Ethical positions in breach handling - Cyber security updates. By Stewart Room You can tell that a subject has matured when ethical considerations become part of 'business as usual activities'.
Where the 'human condition' is central to BAU, particularly in situations of heightened sensitivity, it is possible for ethical situations to rise to the very top of the agenda. Ask any doctor or surgeon and they will tell you the importance and impact of medical ethics; it is drummed into them from day one at med school. Not surprisingly, Codes of Ethics are paramount in other professions, like accountancy and law. In data and cyber security breach situations that I handle, I am seeing increasing consideration being given to the ethical issues within the situation. Asylum seekers’ personal details stolen in second immigration data breach. The personal details of hundreds of asylum seekers on Nauru have been stolen in a second major data breach within Australia’s immigration detention system.
At least two hard drives, not password-protected and containing the personal details of hundreds of asylum seekers, including children, have been stolen from detention camps this year. The sensitive information stolen includes detainees’ complete personal details and case files, medical histories, as well as their protection claims detailing why they felt forced to leave their home country to claim asylum in Australia. The stolen files also contain case worker notes on detainees, including mental health and behavioural issues, complaints about treatment and allegations of abuse, and the minutes of “vulnerable minors meetings” where the issues faced by children in detention were discussed. None of the information has been recovered after several months. UK: Essex County Council has 27,000 computer hacker attacks in a year. Just for perspective….
Ben Bland reports: More than 25,000 cyber attacks were carried out against Essex County Council in the past year, it has emerged.
BANK OF SCOTLAND HANDED £75,000 PENALTY DUE TO THREE YEAR FAX BL. FieldFisherW data breach UK 2012. Pupil records lost ipads among Stoke City Council data breaches. ICO fines Sony for Data Breach. Data breaches 10 times worse, say ICO figures. 30 August 2012Last updated at 11:35 ET.
Update: St. Louis-area women sue surgeon after she puts photos of their breasts on the Web. There’s more on a lawsuit previously mentioned on this blog, where patients sued a cosmetic surgeon, Dr.
Michele Koo, for uploading before/after pictures to the Internet that could be found by a Google search on the patients’ names. The problem, at least in some cases, occurred because the patients’ names were embedded in the photos’ filenames. Robert Patrick of the Post-Dispatch reports that the problem may be much more widespread than originally reported, involving numerous doctors and patients, and multiple third party providers: Using the name of the company that ran Koo’s website, the Post-Dispatch found the problem to be widespread.That company, Long Island, N.Y.
-based MedNet Technologies Inc., boasts that it manages sites for more than 2,500 health care providers worldwide, “from large hospital systems to individual medical, dental and veterinary practices.” Read more on the St. Your Nude Photobucket Photos Can Still Get Fusked. Photobucket, that almost-obsolete image hosting site almost no one talks about anymore, became news again last week with a nude-photo privacy-breach scandal related to a long-known-about security problem in how it links to photos.
Photobucket says a fix has been available to users for two years, but based on last week's news it's clear the problem is as bad as ever. Riding the increased interest in security flaws following Wired journalist Mat Honan’s “digital life destroying” hack (which wasn’t really a hack, just an exploitation of Apple and Amazon’s lax security measures), Buzzfeed’s Katie Notopoulis wrote about “fusking:” the practice of using guesswork - often aided by a simple script - to find links to photos that are not supposed to be available to the public.
ICO raps Durham University over online data breach. CEOP WEBSITE. Employment agency data breach. Financial company loses over 600 customers’ details – ICO news release. News release: 3 February 2012 A financial services company with operations in the UK, USA and Middle East breached the Data Protection Act by losing over 600 customers’ personal details, the Information Commissioner’s Office (ICO) said today.
E*Trade Securities Ltd discovered that a large number of customer files were missing in April 2010 when they were asked to retrieve archived documents held in a storage facility in the UK. Files containing 608 customers’ personal data remain missing, most of the files included identification documents, proof of address and account application forms. The company informed the ICO about the breach in December 2010 after all attempts to find the information had failed.
Initial enquiries found that E*Trade Securities Ltd did not have a formal agreement in place with the contractor responsible for securely storing their client data. The company has now agreed to take action to keep the personal information it holds secure. Notes to Editors 1. 2. Nouse.co.uk » University leaks private details of entire student body. The University of York website, through which the data search was made available The University of York may be facing serious repercussions after leaking private and personal details of the whole student body.
Nouse can exclusively reveal that a student enquiry screening function enabled on the website, and open to the general public, permitted the private details of any registered student to be freely accessible. This included all their personal details such as mobile numbers, home and term-time addresses, and date of birth.
UK lloyds data breach. Met police revealing data of victims of crime. UK Council data breach.