There has been some informal conversation about the issue of stolen
identities from a few weeks ago, and after talking with a colleague I
thought it would be interesting to start some discussion on the subject.
I have been unable to find much in the way of how data were stolen from
Network Rail and then used for benefit fraud, but from a Data Protection
point of view it would be interesting to understand how these identities
were stolen.
I do work for a number of clients who hold enormous amounts of data on
individuals that could be used for this sort of thing, and leaving aside
that Network Rail appears to have broken the 7th DP Principle, what
actually happened and how might other organisations protect themselves
against a similar attack?
I am not trying to point a finger and say Network Rail were negligent,
but an open response on how systems "broke down" and how they are being
fixed may help other organisations and enable us all to learn lessons
from this unfortunate event.
Anyone have any views or information they would like to share?
Simon Howarth.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|