Re: UK: Police personal data found on discarded floppy

[Brian Honan <brian.honan () bhconsulting ie>]

Don't forget that under EU, and UK, Data Protection legislation businesses and organisations are obliged to protect the 
personal information they hold on their customers and in some cases their staff.

While the EU Data Protection legisation places obligations on companies to protect this personal data, there are no 
significant breach disclosure laws.  So in my opinion breaches of this nature within the EU are significant as they 
could be in breach of the Data Protection legislation and we need to publicly know what breaches are occuring so that 
we can better argue for the introduction of data breach disclosure laws.

Brian

On Thu, 27 Dec 2007 04:40:52 +0000 (UTC), lyger <lyger () attrition org> wrote:
> On Wed, 26 Dec 2007, Michael Hill, CITRMS wrote:
>
> ": " We get that question a lot in our business and here's how we answer
> it.
> ": "
> ": " "Mr. (Business Owner) if I call into your business and ask for your
> home address and phone number, will you or whomever answers the phone
> going to give it to me?"   I think not.  The home address and phone number
> is just the first step to getting your identity stolen.
>
> Not to take things too far, but I guess that was my part of my point.  If
> someone cold-called my place of business and asked for that information, I
> wouldn't be willing to give it out.  However, what's to stop anyone from
> getting a copy of the White Pages or just getting online and hitting
> Google or a dozen other search engines for the same information (if the
> person in question is listed by such)?
>
> By the way, Adam made a good point about wanting a broader realm of
> disclosure for tracking and analysis.  I wasn't trying to criticize the
> content of the original post; it was more about opening discussion as to
> what might be considered "personal", "private", "public", or "other".  Any
> other thoughts?
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml
-- 
Brian Honan
BH Consulting
Helping You Piece IT Together
Tel:         +353-1-4404065
Mob:       +353-86-8114066
Email:      brian.honan () bhconsulting ie
www: http://www.bhconsulting.ie
Support Global Security Week http://www.globalsecurityweek.com

This message is for the named person's use only. If you received this message in error, please immediately delete it 
and all copies and notify the sender.
You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not 
the intended recipient. Any views expressed in this message are those of the individual sender and not of BH Consulting

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml