Search This Blog

Friday, November 23, 2007


MASSIVE DATA BREACH HITS UNITED KINGDOM, AND WHY AMERICANS SHOULD TAKE NOTE


In the International Herald Tribune, British Prime Minister Gordon Brown begged the pardon of the Brits involved in the loss of 25 million personal records that included bank account numbers. Based on the devalued U.S. dollar ($1 = £2), some of those victims are probably here in the U.S. trying to shop with maxed out credit cards because of the breach. The fact that it has taken this long for something this colossal speaks well of the U.K.’s Data Protection Act of 1998. In Great Britain, it is the consumer’s fault if they don’t know how their names and private information are being used. The Act provides them the right to be informed by any data broker (data controller as they call them) when their sensitive data is used, for what purpose, the specific information to be revealed, to whom it will be disclosed (sold); and with a written request from the individual, the data controller must provide all the above in writing, in layman’s language. After thoroughly reviewing the Act, there is no provision to exempt the government that I can find. Therefore, it is hard to understand how a “junior” staff member from the Revenue & Customs agency was allowed to copy “sensitive personal details” on nearly half the population of Britain, and place it in the mail to another agency. If it is lost, it sounds like there isn’t even any tracking, and making matters worse, it was only password protected, not encrypted. Is this a flaw in the Act, or just another stupid data handler’s stunt? Kinda like the guy in the U.S. who took home the personal records of 26.5 million veterans which ended up being stolen. Also not encrypted. The Brits had a law in place, though, so why didn’t it work? U.K. information commissioner, Richard Thomas says it is because he doesn’t have the right to audit organizations processing people’s private information without first getting their consent. Go figure. This is the guy who enforces the UK DPA. So back in the USA, a Republican Rep. by the name of Tom Davis from Virginia tries to convince Rep. Henry Waxman, a Democrat from California, to “pay attention to information technology security issues.” In consumer-speak that is get off your butt and pass a data breach bill. This coming from the GOP side of the aisle, directed at a politician who knows his way around Washington, and apparently wants some rightful retribution against a President that has led this country to the precipice in the loss of individual privacy. Unfortunately Davis’ bill pertains only to federal data; one of the provisions would require federal agencies to account for and secure their sensitive information, as reported by FCW.com. You mean they aren’t required to do that now? On the other hand, Waxman has a commendable record in his voting in favor of consumer privacy, so perhaps we could hear more on this issue from the seasoned Democrat. All you California readers take note: let Representative Waxman know that you would like control over your names and personal data, and want to be compensated when it is sold. Contact Rep. Waxman here.

No comments: