Data Privacy: Three Cautionary Tales

Irish Times image, via the Irish Times website.On front page of this morning’s Irish Times, Karlin Lillington writes

Garda powers of request for internet data to be widened

THE RANGE of criminal investigations for which the Garda will be able to request e-mail and internet data retained by internet service providers has been broadened by the Government. … Under the draft statutory instrument, retained data would include names of those who sent and received e-mails, computer addresses, the location of computer users, the times a user logged on and off a computer, and the size of files and e-mails sent and received, but not the content of e-mails.

Data theft, via BBC siteHow secure will all this retained data be? Consider another story also on RTÉ and on the front page of this morning’s Irish Times, where Paul Cullen writes

10,000 customers affected after four B of I
laptops are stolen

BANK OF Ireland is to write to over 10,000 of its life assurance customers after laptops containing their confidential personal and financial details were stolen. The four laptops belonging to Bank of Ireland Life were stolen at various dates last year, but the data protection commissioner and financial regulator were informed of the thefts only last Friday. None of the stolen information was encrypted, although lesser forms of security, such as password protection, were in place. …

Perhaps this is a one-off? Not at all. Later in the same story, Cullen recalls that

earlier this year there was controversy when a laptop belonging to the Irish Blood Transfusion Service, and containing the personal details of over 170,000 blood donors, was stolen in New York. However, this information, unlike the records now stolen from Bank of Ireland Life, was encrypted.

Personal data devices, via the BBC technology website.Read the Data Protection Commissioner‘s conclusions on this controversy here. And we are not alone. According to Darren Waters on the BBC News website

Customer data ‘needs protection’

Companies and public bodies are not doing enough to protect customers’ data, the UK’s privacy watchdog and a major survey of security have said. The Information Commissioner [Richard Thomas] said that the 94 security breaches reported to him last year was an “alarming” number. The survey of more than 1,000 firms suggested that almost 90% of them let staff leave offices with potentially confidential data stored on USB sticks. … Mr Thomas’ findings and the separate Information Security Breaches Survey will be detailed at the InfoSec show in London, the world’s largest event of its kind. The survey was carried out by Price Waterhouse Coopers on behalf of the Department for Business Enterprise and Regulatory Reform. …

Are you afraid for your data privacy yet? I am; I am very afraid.