I think that's a bit of a cop-out; I'm not interested in knowing who the
person was, only that they were suitably chastised!! (I can see visions
of Salome demanding the head of John the Laptop-User on a plate!)
-----Original Message-----
From: Broom, Doreen [mailto:[log in to unmask]]
Sent: 19 February 2007 14:58
To: Carter, Antoinette (MCS); [log in to unmask]
Subject: RE: FW: Personal data loss - One Million Pounds fine
I read an article which stated that the company would not disclose that
information. Obviously had some training in DP since the disclosures.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Carter, Antoinette
(MCS)
Sent: 19 February 2007 14:30
To: [log in to unmask]
Subject: Re: FW: Personal data loss - One Million Pounds fine
What I find interesting is that there is no mention of whether the
person whose laptop was stolen was sacked/disciplined as a result of
this. A huge fine only addresses the problem at corporate level,
whereas sacking someone brings it home to a whole different set of
people (ie. those who actually made the mistake).
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Nick Landau
Sent: 19 February 2007 10:56
To: [log in to unmask]
Subject: Re: [data-protection] FW: Personal data loss - One Million
Pounds fine
See
http://www.cbronline.com/article_news.asp?guid=F3020E93-098D-462F-92C6-F
FAFECE6F5CF
and http://news.bbc.co.uk/1/hi/programmes/moneybox/6371089.stm
The Moneybox site says:
"The Information Commissioner, the body which protects our data, let the
FSA take the lead in the investigation of what was almost certainly a
breach of the Data Protection rules.
Assistant Commissioner Phil Jones told Money Box: "It sends a very
important wake-up call particularly to banks and others in the financial
sector and to all organisations that hold personal information."
But he warned that customers could not use the Data Protection Act to
find out what data of theirs was on the laptop.
"The obligation is to tell you what information they hold," he said,
"but you and I don't have rights to require someone to tell us what data
is held in what particular kit in what particular place.
"The Data Protection Act does not require them to go into that sort of
details."
However, he confirmed the decision was up to Nationwide: "There is
nothing in the Data Protection Act that would stop them passing that
information on to customers who asked them."
Listeners contacted the programme because the company, and therefore the
customers, were having to pay the fine rather than the Directors.
Of course, as it is a building society and the customers are all
shareholders they could presumably remove the shareholders or ask them
what steps they have done to improve their information security at the
next AGM.
Nick Landau
----- Original Message -----
From: "Ian Welton" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, February 19, 2007 10:54 AM
Subject: [data-protection] FW: Personal data loss - One Million Pounds
fine
> As pointed out to me off-list this was the 'NATIONWIDE' building
society
> involved and not as incorrectly stated in my original post.
>
> Ian W
>
> -----Original Message-----
> From: Ian Welton [mailto:[log in to unmask]]
> Sent: Saturday, February 17, 2007 12:20 PM
> To: [log in to unmask]
> Subject: Personal data loss - One Million Pounds fine
>
>
> I have been somewhat surprised this week not to see any discussion
> regarding the UK Financial Services Authorities fine on the Norwich
> Union
building
> society of nearly 1 million pounds for the loss of a laptop during the
> burglary of a member of staffs house.
>
> With Chris Pounder and the ICO's office both appearing on the TV and
in
> other media I had expected some discussion regarding Principle 7 and
the
> potentials for avoiding such heavy fines by embedding effective access
> control and encryption requirements in robust security policies for
all of
> those small mobile devices. Perhaps there is little perceived need to
> publicly increase appropriate knowledge of those issues as questions
> inevitably arise anyway.
>
> Home working anyone?
> Difficulties in justifying expenditure on improving old or
non-existent
> security software?
>
> Whilst the ICO is frequently less than lukewarm in supporting DP
measures
> which involve business costs, this type of fine should be most helpful
in
> reducing competing expenditures into small bucks thereby assuring
> appropriate business protections can exist.
>
> Searching the Web for the UK will no doubt reveal many links to
> appropriate articles for those in the position of having to conduct a
> state of the
art
> risk analysis following this business accident.
>
> Ian W
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All user
> commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the
list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user
commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This message is for the use of the intended recipient(s) only.
If you have received this message in error, please notify the sender and
delete it.The British Council accepts no liability for loss or damage
caused by software viruses and you are advised to carry out a virus
check on any attachments contained in this message. Our purpose is to
build mutually beneficial relationships between people in the UK and
other countries and to increase appreciation of the UK's creative ideas
and achievements. The British Council is registered in England as a
charity.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user
commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PLEASE NOTE: THE ABOVE MESSAGE WAS RECEIVED FROM THE INTERNET.
On entering the GSI, this email was scanned for viruses by the
Government Secure Intranet (GSi) virus scanning service supplied
exclusively by Cable & Wireless in partnership with MessageLabs.
In case of problems, please call your organisational IT Helpdesk.
The MessageLabs Anti Virus Service is the first managed service to
achieve the CSIA Claims Tested Mark (CCTM Certificate Number
2006/04/0007), the UK Government quality mark initiative for information
security products and services. For more information about this please
visit www.cctmark.gov.uk
********************************************************************
* This email is privileged, confidential and subject to copyright. *
* Any unauthorised use or disclosure of its content is prohibited. *
* The views expressed in this communication may not necessarily *
* be the views held by Scottish Borders Council. *
* Please be aware that any email sent or received by the Council *
* may require to be disclosed by the Council under the provisions *
* of the Freedom of Information (Scotland) Act 2002. *
********************************************************************
This message is for the use of the intended recipient(s) only.
If you have received this message in error, please notify the sender and delete it.The British Council accepts no liability for loss or damage caused by software viruses and you are advised to carry out a virus check on any attachments contained in this message. Our purpose is to build mutually beneficial relationships between people in the UK and other countries and to increase appreciation of the UK's creative ideas and achievements. The British Council is registered in England as a charity.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|