Major update to the BBC story at
http://news.bbc.co.uk/1/hi/business/3984845.stm
But there are several things I hate here:
"We did not fail as an organisation because there was no risk of financial
loss, but we do need to learn lessons from this." (Cahoot)
Yes. They did fail as an organisation. The risk is not limited to
financial loss.
'''A spokesman for the Information Commissioner told BBC News that by
allowing customers to view other people's financial details, Cahoot had
breached the Data Protection Act,
It could not confirm if it had received complaints from any banking
customers, but said it would investigate if customers did complain.
"I'm sure people will get in touch and we would look into it to ensure it
did not happen again," a spokesman said.'''
Now let's just look at this. The UKIC has the power, since he is a
prosecuting authority in his own right, to decide that this breach is a
matter of public interest and concern and to go ahead without a complaint
being lodged. No matter that the breach has been corrected, he also has the
right to serve an enforcement notice on corporations to ensure this does not
happen again.
So why doesn't he do so? I asked for bets earlier!
Anyone from Abbey Bank on the list? Anyone bank at Cahoot?
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Roland Perry
Sent: Friday, November 05, 2004 10:57 AM
To: [log in to unmask]
Subject: Re: [data-protection] Cahoot and Data Protection
Tim Trent <[log in to unmask]> writes
>"I am a Cahoot customer and although I don't think this is a hugely
>serious security breach I am particularly aggrieved to have to find
>this out from the BBC rather than from Cahoot. I'd expect better than this
from them."
>
>Well, apart from being hugely serious it was also against the law!
And not just here. Depending on how much you believe in extra-territorial
jurisdiction, afaik it's a crime in California not to inform all your
[Californian] users when a security breach occurs. I'm sure Cahoot has at
least one ex-pat in California using their service.
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|