The ICO has quietly announced that a London barrister, Richard Dominic Preston, signed an undertaking following the theft of a laptop computer from Mr Preston’s home. The laptop contained documents relating to cases on which Mr Preston had been instructed, together with email correspondence. According to the undertaking, much of the data in the documents on the…
Month: December 2011
UK: Burglars steal equipment with 8,000 dental patients' information
Here’s another UK breach that we didn’t hear about at the time and only learned about because the entity had to sign an undertaking with the ICO: An undertaking to comply with the seventh principle of the DPA has been signed by Alan M Casson & Associates, after two unencrypted laptops and back up media had…
Follow-up to a UK breach: Godalming College signs an undertaking
A follow-up to a breach reported back in April involving Godalming College e-mailing sensitive medical details on 300 students to an entire year group: the college has now signed an undertaking with the ICO to improve its data protection practices. The undertaking provides a bit more detail on how the breach occurred: The Information Commissioner…
Restaurant Depot/Jetro Cash & Carry Customers’ Credit Cards Hacked (update2)
Gawker.com is not one of my usual sources for news on data breaches, but they managed to uncover a breach that we would not have known about had it not appeared on a firearms discussion forum (yes, really): If you used a credit card between the dates of Sept. 21 and Nov. 18th at national…
Millions of online poker players’ data leaked on the Internet
Online gambling sites have had a few mega breaches over the past few years. Now Ultimate Bet Poker (Blanca Games) has joined the unhappy ranks. No one seems to know how or who or when, but a lot of data on 3.5 million players has reportedly been available on the web since November 20. According…
Proposed EC regulations require breach notification within 24 hours
The leaked draft of European Commission regulations contains provisions that would require breach notification to the supervisory authority (Article 28) AND to the individuals affected (Article 29) within 24 hours after establishment of a breach. Wow. Article 28 Notification of a personal data breach to the supervisory authority 1. In the case of a personal…