Brits! Petition for mandatory notification following data hemorrhages

Posted by Cory Doctorow, December 17, 2007 12:00 AM |
Following the revelations earlier this month that Her Majesty's Customs and Revenue service had repeatedly lost the financial details of 25 million Britons, a new petition has sprung up calling on Parliament to pass a law making it mandatory for organisations to notify you right away after they lose your personal information:
The UK Government waited more than 10 days before telling Parliament and the Public it has accidentally lost sensitive personal details of 25 million individuals.

Under current US laws, the Government would have had to notify immediately.

The petition calls on the Prime Minister to place a legal duty on public and private sector organisations, so that affected customers are informed immediately if the security of their personal data has been compromised.

Individuals have a right to know straight away when this has occurred to protect against identify theft.

Mandatory notification would make organisations more careful and more accountable for the use of personal information.

Link

UK tax-man repeatedly hemorrhages personal financial info of 25 MILLION Brits

posted in: CivlibIf you don't like something change itMake a DifferenceMaverick SpiritSafety
Favorite this!
Digg!
Send this to a Friend
Older Blender-shaped baby-bath
Newer Boing Boing TV: Jedi Bootcamp

Discussion

Take a look at this
#1 posted by Beanolini , December 17, 2007 9:12 AM

As I understand it, it's not quite correct to state that US law would have required the Government to 'notify immediately'.

The US law states that disclosure is required when 'personal information was acquired by an unauthorized person', and that disclosure 'shall be made as promptly as possible and without unreasonable delay'. Adequately encrypted data are exempted for providing 'no reasonable risk of identity theft, fraud, or other unlawful conduct'.

If this had happened in the US, there would have been no need to disclose at all, as there's not yet any evidence that HMRC's lost discs have been 'acquired by an unauthorized person'.

Take a look at this
#2 posted by dannysland , December 17, 2007 9:20 AM

Harry Shearer mentioned a neat bit of irony that happened in the lost CDs case: the British government sent out apologies to many of the people whose data was on the lost CDs, and at least one of those letters arrived unsealed.

With all the personal information on the apology letter.

For which the British government apologised again>.

Welcome to Great Britain: We Apologise for the Inconvenience.

Take a look at this
#3 posted by Maurik , December 17, 2007 4:27 PM

As much as one may argue this is a "good law", as a true free-marketeer I cannot condone this.

Take a look at this
#4 posted by gammydodger , December 18, 2007 3:26 AM

This is like a Monty Python sketch, "Dear Prime Minister, I would be most obliged if you would be so kind as to notify us once you are certain that you have lost our data irretrievably and compromised our identity. Your faithful servant..."

Wouldn't it be a lot simpler to begin the process of securing our data in the first place?

The website documenting data losses, Attrition.org, reports that between Dec 12th and 18th, over 400,000 names and details were 'lost' in 10 data breach incidents.

This type of occurence is going to be the norm rather than the exception. It's time that we as a population educated ourselves as to the meaning and risks of identity theft.

I have posted a note here www.realtea.net/id_theft that may shed a little more light on the matter.

Post a comment

Anonymous