A Scottish council has been fined £140,000 after repeatedly releasing sensitive information about vulnerable children and carers to the wrong people. Midlothian Council was guilty of five data protection breaches in as many months last year. It is the first local authority in Scotland to be fined by the Information Commissioner’s Office (ICO), which is…
Category: Exposure
CORRECTED and DELETED: NC: Documents Containing Personal Info Found In Dumpster
CORRECTION: The incident reported in this entry was from 2009. Don’t know how it showed up as news in my newsreader, but my apologies for reporting it again as a new incident and am deleting it.
CA: Sequoia Hospital vendor posted hospital employees’ personal information online
Aaron Kinney reports: A contractor working for Sequoia Hospital inadvertently posted the personal information of 391 current and former hospital employees on a public website, where it stayed for four years, the hospital said Thursday. An employee for Towers Watson, an international professional services firm, posted the information in October 2007, hospital CEO Glenna Vaskelis…
Update: More than 4,000 vets potentially affected by VA data breach
Nicole Blake Johnson reports: A Veterans Affairs Department data breach may have put at risk the personal information of more than 4,000 veterans, VA Chief Information Officer Roger Baker said Wednesday. That is nearly twice the number of potentially affected vets VA said last week were eligible for credit monitoring because of the breach. The…
(Follow-up) Agreement Reached With Metropolitan Life Insurance Co. Over Release of Some Customers’ Personally Identifiable Information
Attorney General George Jepsen and Consumer Protection Commissioner William Rubenstein have reached an agreement with Metropolitan Life Insurance Co. to provide additional protections to the current and former customers whose personal information was made public. Information of current and former MetLife customers was part of a spreadsheet posted to the Internet by an employee of…
UK: Manpower UK Ltd e-mail gaffe results in undertaking for violating the Data Protection Act
An undertaking has been signed by Manpower UK Ltd following a breach of the Data Protection Act where a spreadsheet containing 400 people’s personal details was accidentally emailed to 60 employees. Although no date is given for the breach, the undertaking indicates: The Information Commissioner (the ‘Commissioner’) was provided with a report indicating that one…