Monday, 29 June 2009

Another day, another laptop loss...

Yesterday it was a HSE laptop with sensitive financial information on the public. (Don’t forget the HSE has form - with multiple data losses just last year - and has now shown that it has broken its promise to encrypt all laptops containing sensitive personal information.)

Today it’s the turn of Bord Gáis to lose another unencrypted laptop containing bank account and credit card details of 75,000 customers.

We’ve been banging on about this for a while, but it’s worth repeating that in light of these fiascos, a law to warn you that your data has been stolen is long overdue:

At the moment, there is no legal obligation on a body which loses your personal information to notify you. This means that individuals may be unaware that sensitive information such as medical histories or financial records has been lost. It may be, for example, that the first you learn about it is when you go to the ATM and find that your account has been emptied.

What’s being done on this front at the moment? The Minister for Justice has kicked this issue to touch for the time being, setting up a working group to consider whether mandatory reporting should be introduced - and we’ve made submissions to that group. But if you want to see action taken sooner rather than later, now would be a good time to let your TDs (firstname.surname@oireachtas.ie) and MEPs (contact details here) know that you support a right to be warned when your data has been stolen.

Perhaps most importantly, you might want to ask yourself this question - if this is what happens to your financial information, what can you expect to happen to your email and web information if the government is allowed to continue with its plans for data retention?

No comments: