See
http://www.cbronline.com/article_news.asp?guid=F3020E93-098D-462F-92C6-FFAFECE6F5CF
and http://news.bbc.co.uk/1/hi/programmes/moneybox/6371089.stm
The Moneybox site says:
"The Information Commissioner, the body which protects our data, let the FSA
take the lead in the investigation of what was almost certainly a breach of
the Data Protection rules.
Assistant Commissioner Phil Jones told Money Box: "It sends a very important
wake-up call particularly to banks and others in the financial sector and to
all organisations that hold personal information."
But he warned that customers could not use the Data Protection Act to find
out what data of theirs was on the laptop.
"The obligation is to tell you what information they hold," he said, "but
you and I don't have rights to require someone to tell us what data is held
in what particular kit in what particular place.
"The Data Protection Act does not require them to go into that sort of
details."
However, he confirmed the decision was up to Nationwide: "There is nothing
in the Data Protection Act that would stop them passing that information on
to customers who asked them."
Listeners contacted the programme because the company, and therefore the
customers, were having to pay the fine rather than the Directors.
Of course, as it is a building society and the customers are all
shareholders they could presumably remove the shareholders or ask them what
steps they have done to improve their information security at the next AGM.
Nick Landau
----- Original Message -----
From: "Ian Welton" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, February 19, 2007 10:54 AM
Subject: [data-protection] FW: Personal data loss - One Million Pounds fine
> As pointed out to me off-list this was the 'NATIONWIDE' building society
> involved and not as incorrectly stated in my original post.
>
> Ian W
>
> -----Original Message-----
> From: Ian Welton [mailto:[log in to unmask]]
> Sent: Saturday, February 17, 2007 12:20 PM
> To: [log in to unmask]
> Subject: Personal data loss - One Million Pounds fine
>
>
> I have been somewhat surprised this week not to see any discussion
> regarding
> the UK Financial Services Authorities fine on the Norwich Union building
> society of nearly 1 million pounds for the loss of a laptop during the
> burglary of a member of staffs house.
>
> With Chris Pounder and the ICO's office both appearing on the TV and in
> other media I had expected some discussion regarding Principle 7 and the
> potentials for avoiding such heavy fines by embedding effective access
> control and encryption requirements in robust security policies for all of
> those small mobile devices. Perhaps there is little perceived need to
> publicly increase appropriate knowledge of those issues as questions
> inevitably arise anyway.
>
> Home working anyone?
> Difficulties in justifying expenditure on improving old or non-existent
> security software?
>
> Whilst the ICO is frequently less than lukewarm in supporting DP measures
> which involve business costs, this type of fine should be most helpful in
> reducing competing expenditures into small bucks thereby assuring
> appropriate business protections can exist.
>
> Searching the Web for the UK will no doubt reveal many links to
> appropriate
> articles for those in the position of having to conduct a state of the art
> risk analysis following this business accident.
>
> Ian W
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|