EU: Tyco Fined for Overseas Transfers of Personal Data

[security curmudgeon <jericho () attrition org>]

Courtesy of Fergie <fergdawg () netzero net>. While not a Dataloss incident, 
this should be of interest.

---------- Forwarded message ----------

Via OUT-LAW.com.

[snip]

The French data protection authority has fined a subsidiary of US firm 
Tyco Healthcare over the transfer of employee information across borders 
and inadequate data safeguards. Tyco Healthcare France was fined ?30,000.

It is believed to be the first time that a US-based multinational has been 
fined for unauthorised overseas transfers of personal data.

La Commission Nationale de l'Informatique et des Libertes (CNIL) has 
imposed the fine after discovering that Tyco's human resources database 
was using personally identifiable information more extensively than the 
company had admitted.

Tyco notified CNIL in 2004 that it was operating a human resources 
database containing personal information, as required by French law.

When at a later date CNIL requested further information from the company, 
Tyco said that it had stopped using the database. An inspection in 2006 by 
CNIL found that not only was the database active, but that it was being 
used more extensively than the company had indicated.

[snip]

More: http://www.out-law.com/default.aspx?page=8096

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 208 million compromised records in 675 incidents over 7 years.