Virgin loses bank details

June 25, 2008 — 585

Virgin Media joins the latest in the ever increasing group of companies and agencies companies who have lost personal data.

Virgin has stated that they have lost the the bank details of 3000 new customers.

All the customers who have had their data lost have been have been offered “credit file protection”, so that their accounts will be watched more closely and  “automatic indemnity” – if a theft/fraud does occur on their account.

The data, as with other peices of media, was on an unencrypted CD which was lost during transfer, by hand,  between Virgin Media offices on 29 May 2008

Apparently the Virgin Media policy states that customer data must be encrypted and transferred by FTP, and not copied onto media.  What this shows is that while the policy may be correct people can, and do, avoid the policies.

There should be systems in place to prevent this occurring. There is dedicated software to prevent exactly this, and hardware solutions are even easier – remove the CD/DVD and USB ports from the machine that connects to all of the customer databases.

Under the Section 55 of the Data Protection Act this can be considered an criminal offence

Article VuNet , Computing The Register

Posted in Data Loss, Data Protection Act. Tags: , , . No Comments »

No Hats Please: CCTV

June 24, 2008 — 585

According to an article in the Telegraph South Yorkshire police have been encouraging landlords to make their customers take their hats off when they enter pubs.

As Police can effectively prevent a license being renewed at a pub, no doubt the encouragement is being taken very seriously.

A South Yorkshire spokesman stated that “There have been incidents both in pubs and other establishments when it has not been possible to identify offenders captured on CCTV because hats were hiding their faces.”

Perhaps dark glasses should also be banned, or curtains at home? Those net curtains must really hinder the CCTV operators viewing pleasure.

With an increasing number of cases of data misuse, who would blame somebody for wearing a hat in public.

But, as its Yorkshire, the home of the flat cap, there may be some resistance.

Dickie Bird, 75, a test umpire, famed for wearing a flat white cap said: “Asking a Yorkshireman to take off his flat cap – whoever heard of anything so silly.

Posted in CCTV, UK Law. Tags: . No Comments »

Data Theft in the Work Place Common

June 23, 2008 — 585

Office technology makes it much easier for workers to steal important information from their employers, a study has shown.

Research into intellectual property theft found that almost 70% of people have stolen key information from work.

The most pilfered items include e-mail address books, customer databases as well as proposals and presentations.

Many of those questioned said they used office e-mail to get the stolen information off company premises.

Lost prospects

Most of those stealing important information said they did so when they were leaving a firm to take up a new job.

The majority of those questioned, 72%, had no ethical problems stealing information to help them in a new post. Most, 58%, thought that, in moral terms, it ranked with exaggerating insurance claims.

“The surprising thing is the level to which people believe this is acceptable,” said Chris Watson of data forensics firm Ibas, which commissioned the survey.

He said that many thought that they were entitled to take information with them because they had helped win customers and create databases of sales leads.

“They have invested a lot of time putting it together and that’s why they feel they have ownership of it,” he said. Over 80% of those surveyed said this input justified their theft.

Full BBC Article


Posted in Data Loss, Data Misuse, UK Law. Tags: , , . No Comments »

Data Protection Act: Section 55

June 22, 2008 — 585

The Data Protection Act 1998 makes it an offence to “knowingly or recklessly” obtain or disclose data. This makes the action of “data theft”, to be a criminal act.

The Criminal Justice and Immigration Act 2008 makes two changes to this section of the DPA. The first increases the penalties for this offence, the second adds a defence for reasons of journalism.

Two recent cases of data theft are both relating to the police, they are available here and here.

Technically, the losses of data by the goverment, e.g. the 25 million records lost by the HMRC, could actually fall under this act as the loss was “reckless”. This is espeically true following the Poynter report into the incident which states that the data loss was entirely unavoidable.

55 Unlawful obtaining etc. of personal data

(1) A person must not knowingly or recklessly, without the consent of the data controller—

(a) obtain or disclose personal data or the information contained in personal data, or

(b) procure the disclosure to another person of the information contained in personal data.

(2) Subsection (1) does not apply to a person who shows—

(a) that the obtaining, disclosing or procuring—

(i) was necessary for the purpose of preventing or detecting crime, or

(ii) was required or authorised by or under any enactment, by any rule of law or by the order of a court,

(b) that he acted in the reasonable belief that he had in law the right to obtain or disclose the data or information or, as the case may be, to procure the disclosure of the information to the other person,

(c) that he acted in the reasonable belief that he would have had the consent of the data controller if the data controller had known of the obtaining, disclosing or procuring and the circumstances of it, or

(d) that in the particular circumstances the obtaining, disclosing or procuring was justified as being in the public interest.

(3) A person who contravenes subsection (1) is guilty of an offence.

(4) A person who sells personal data is guilty of an offence if he has obtained the data in contravention of subsection (1).

(5) A person who offers to sell personal data is guilty of an offence if—

(a) he has obtained the data in contravention of subsection (1), or

(b) he subsequently obtains the data in contravention of that subsection.

(6) For the purposes of subsection (5), an advertisement indicating that personal data are or may be for sale is an offer to sell the data.

(7) Section 1(2) does not apply for the purposes of this section; and for the purposes of subsections (4) to (6), “personal data” includes information extracted from personal data.

(8 ) References in this section to personal data do not include references to personal data which by virtue of section 28 are exempt from this section.

Posted in Data Loss, Data Misuse, Data Protection Act. Tags: , , , . No Comments »

WPC misuses Police National Computer

June 22, 2008 — 585

In 2002 a female police officer used the police national computer to access electoral rolls and car registration records in attempts to track down woman who had an affair with her boyfriend. The defendant Michelle Begley was convicted and sentenced to three months imprisonment.

In the age of national ANPR, Begley would have been able to track her partner and the other woman around the country.

There have been several cases of police officers misusing data; one police officer used his position and access to data to stalk and intimidate an innocent woman, another used access to information to gain the upper hand in a relationship.

Posted in Computer Misuse Act, Data Loss, Data Misuse, UK Law. Tags: , , . No Comments »

Examples of Data Misuse

June 22, 2008 — 585
Below is a small sample of the discovered and reported cases of data misuse within the government

Posted in CCTV, Data Loss, Data Misuse, RIPA, UK Law. Tags: , , , , , . No Comments »

Security guards turn CCTV cameras onto nearby homes

June 22, 2008 — 585

In July 2007 CCTV operators at the Welsh assembly buildings in Cardiff Bay were caught turning CCTV cameras onto nearby homes and hotels.

This is not the first time CCTV staff have used their cameras for nefarious purposes. Twice in 2005 CCTV operators were involved similar activities. One involved CCTV spying on a woman and another involved operators recording people having sex

Full Article

Posted in CCTV, Data Loss, Data Misuse. Tags: , , , . No Comments »

CCTV used to record couple having sex

June 22, 2008 — 585

In 2005  NCP CCTV operators were accused of using their CCTV cameras to spy on couples having sex, and then copying the recordings onto DVD.

National Car Parks said three people were initially suspended from their Brighton control room but two were now back at work.

Council CCTV operators also used CCTV cameras for voyeuristic purposes in 2005

Full Article


Posted in CCTV, Data Loss, Data Misuse. Tags: , , , . No Comments »

CCTV used to obtain naked images

June 22, 2008 — 585

In 2006 CCTV operators were involved in using their cameras to take close up pictures of people modellin nude for an artist.
“Northumbria police are investigating claims that close-up pictures of hundreds of naked people have been offered for sale in Tyneside pubs.

The stills were said to have been taken from closed-circuit TV footage when artist Spencer Tunick photographed 1,500 volunteers in Newcastle and Gateshead last July.

Northumbria’s deputy chief constable David Warcup said the force was investigating a complaint into the possible misuse of CCTV footage. “We have spoken to a number of officers and police staff and as a result two members of staff are in the process of being suspended.”

In 2005 CCTV operators were also used cameras for voyeuristic purposes

Full Article

Posted in Data Loss, Data Misuse. Tags: , , . No Comments »

BT involved in illegal tape

June 22, 2008 — 585

In 2002 a a BT engineer has was arrested on suspicion of tapping the phone of Angus Deayton (formerly of “Have I Got News for You”

It was reported that  recording equipment was found in a junction box near to the TV presenter’s home at a time when Deayton’s private life was under scrutiny.

A spokesman for BT said that it was assisting police with its enquiries and that the engineer in question had been suspended

Full Article

Posted in Data Loss, Data Misuse. Tags: , , . No Comments »
« Older posts
Newer posts »