Agree with Lee. Certainly in my local authority experience, abuse of
access rights e.g. looking up friends and neighbours, is a much greater
problem than totally unauthorised access.
Phillip Bradshaw
Information Manager
Democratic Services
Room CY4A, County Hall
EMail: [log in to unmask]
Phone: 029 2087 3346
Mobile : 07890 265987
Fax: 029 2087 3349
"If councillors and council officers are to be held to account, the
press and public need access to the information that will enable them to
do it. If town halls want to reduce the amount they spend on responding
to freedom of information requests they should consider making the
information freely available in the first place."
Eric Pickles, Secretary of State for Communities and Local Government
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of SHQ - Gardiner, Lee
Sent: 22 December 2010 09:18
To: [log in to unmask]
Subject: Re: [data-protection] Internal breach
Just to make things that little bit cloudier you also have the problem
where people need access to a specific data set to do their job and then
abuse that access.
Lee Gardiner
Data Protection & Freedom of Information Officer
Operational Risk Management
Lancashire Fire & Rescue Service
Service Headquarters
Garstang Road
Fulwood
Preston
PR2 3LH
01772 866903
07891 718879
[log in to unmask]
-----Original Message-----
From: Adrian Tribe [mailto:[log in to unmask]]
Sent: 22 December 2010 08:32
To: [log in to unmask]
Subject: Re: [data-protection] Internal breach
This scenario also highlights the need for organisations to review their
systems and policies to ensure that staff are only able to access data
appropriate to the role they play within that organisation. The problem
is, that often makes more work and may not be straightforward to
maintain, so the temptation is not to look to closely at those kinds of
controls...
Best wishes,
Adrian
********************
This e-mail contains information intended for the addressee only.
It may be confidential and may be the subject of legal and/or
professional privilege.
If you are not the addressee you are not authorised to disseminate,
distribute, copy or use this e-mail or any attachment to it The content
may be personal or contain personal opinions and unless specifically
stated or followed up in writing, the content cannot be taken to form a
contract or to be an expression of Lancashire Fire and Rescue Service's
position. Lancashire Fire and Rescue Service reserves the right to
monitor all incoming and outgoing email Lancashire Fire and Rescue
Service has taken reasonable steps to ensure that outgoing
communications do not contain malicious software and it is your
responsibility to carry out any checks on this email before accepting
the email and opening attachments.
********************
GET OUT - STAY OUT - CALL THE FIRE SERVICE OUT
********************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user
commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************************************
Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of the Council of the City and County of Cardiff shall be understood as neither given nor endorsed by it. All e-mail sent to or from this address will be processed by Cardiff County Councils Corporate E-mail system and may be subject to scrutiny by someone other than the addressee.
**********************************************************************
Mae'n bosibl bod gwybodaeth gyfrinachol yn y neges hon. Os na chyfeirir y neges atoch chi'n benodol (neu os nad ydych chi'n gyfrifol am drosglwyddo'r neges i'r person a enwir), yna ni chewch gopio na throsglwyddo'r neges. Mewn achos o'r fath, dylech ddinistrio'r neges a hysbysu'r anfonwr drwy e-bost ar unwaith. Rhowch wybod i'r anfonydd ar unwaith os nad ydych chi neu eich cyflogydd yn caniatau e-bost y Rhyngrwyd am negeseuon fel hon. Rhaid deall nad yw'r safbwyntiau, y casgliadau a'r wybodaeth arall yn y neges hon nad ydynt yn cyfeirio at fusnes swyddogol Cyngor Dinas a Sir Caerdydd yn cynrychioli barn y Cyngor Sir nad yn cael sel ei fendith. Caiff unrhyw negeseuon a anfonir at, neu o'r cyfeiriad e-bost hwn eu prosesu gan system E-bost Gorfforaethol Cyngor Sir Caerdydd a gallant gael eu harchwilio gan rywun heblaw'r person a enwir.
**********************************************************************
--
Scanned by iCritical.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|