Insurance company Bupa has been fined £175,000 after an employee offered personal data of 547,000 customers for sale on the dark web. The Information Commissioner’s Office (ICO) fined the insurer for failing to have effective security measures in place to protect customers’ personal information. The employee accessed the information between 6 January and 11 March 2017 via Bupa’s customer relationship management system, which holds customer records relating to 1.5 million people. The employee sent bulk data reports, including names, dates of birth, email addresses and nationality, to his personal email account before the data was put up for sale online. ICO director of investigations, Steve Eckersley, said: “Bupa failed to recognise that people’s personal data was at risk and failed to take reasonable steps to secure it.” An investigation revealed “systemic inadequacies” in Bupa’s safeguarding of personal data and showed that … [Read more...] about Bupa fined after personal data of 500,000 customers offered for sale on dark web
Personal data security
The doomsday view: The end is nigh - in order to survive the legislative onslaught we must take major actions along the lines of mass deletion of valuable and often company-critical data, bombarding our customers with requests for consent/re-consent and applying inappropriately high controls to low level risks whilst remaining unaware of many higher level risks. The buzzphrase associated with this view was “Are you aware that you will be fined €20 million or 4pc of gross turnover in the event of a breach?” There was a disproportionate focus on fines. Been here before view: Just another Y2K, what is all the fuss about? We all know that this will just fade away in time. Let’s just sit back and do nothing and take the view that “sure we’ll be grand”. The Hamlet view: This Shakespearean tragic hero was undone by his tendency to procrastinate or in simpler terms avoid making decisions and acting upon them. Many organisations when faced with the … [Read more...] about GDPR five months on: A greater focus on personal data security, reputational risk and compensation claims necessary
Personal data commissioner Irini Loizidou Nicolaidou said on Friday that people’s information should also be safeguarded on social media where serious violations have been detected recently. “This must stop at some point, hence the quite hefty fines my office has imposed recently in particular cases,” she told the Cyprus News Agency. On Thursday, her office said it had fined two people €3,000 and €5,000 in connection with one such case without giving any details. According to Politis, the fines were imposed on Anastasia Papadopoulou, the sister of Diko chairman Nicolas Papadopoulos, and Anti Zahariadou, who published the personal data of another woman on Facebook. The matter emerged before February’s election, when a report said the Papadopoulos’ law firm had forced an employee to resign because of the many absences she was registering. The woman, who is the wife of undersecretary to the president Vasilis Palmas, was seriously ill at the time. … [Read more...] about Personal data chief warns about social media
A security flaw had exposed the personal data of at least 12 million users of Moscow’s citywide wireless Internet network, allowing potential hackers to track movements in the public transportation system for almost a year.In a blog post last month, software engineer Vladimir Serov said he had uncovered the vulnerability on the metro’s publicly available WiFi authorization page. Maxima Telecom, the company that provides WiFi services in the Moscow metro, reportedly admitted that the security flaw had existed, but said in a statement that it had since removed the vulnerability by encrypting users' profile data, while rejecting media reports that there had been a massive data leakage. The Moscow WiFi network exposed personal data “including phone numbers, gender, approximate age, marital status, wealth, your home and work stations,” the The-Village.ru website quoted Serov as saying Monday.The insecurity allowed potential hackers to trace passengers' … [Read more...] about Moscow Metro WiFi Exposed Millions of Users’ Personal Data
The European Union’s General Data Protection Regulation (GDPR), which comes into force on May 25, will govern the storage and processing of data rather than its collection. It also includes some very important consumer rights. The most important are the right to be informed, the right of access, the right to correct errors, the right to erase data, the right to restrict processing, and the right take it elsewhere (data portability). How useful these will be in practice remains to be seen. “Personal data” includes names, addresses, phone numbers and IP addresses, as well as whatGDPR calls “factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. That includes biometrics such as face, fingerprint and iris recognition, and genetic information. In other words, you may have personal data that identifies someone even if you don’t know their name. GDPR applies to companies and … [Read more...] about GDPR: how can I email data securely to comply with the new regulations?