We’ve seen mistakes made in responding to public records requests that result in people’s personnel information or identity information being improperly released. But if there’s a mistake, and the receiving party is a journalist who agrees NOT to use the information and who destroys the data, should those whose data were revealed be entitled to…
Category: Exposure
Details of 15,000 Orange users hacked
Alan Hope reports: Telecommunications company Orange has admitted that a “data leak” exposed the personal information of some 15,000 customers in Belgium to possible hackers. The leak took place two weeks ago, but was only this week revealed to the clients affected. Orange did not reveal exactly what details had been leaked, but the possibilities…
Chicago Public Schools error exposed more than 3,700 students’ and families’ data
David Struett reports: Chicago Public Schools apologized Friday evening for a mass email accidentally linking to the private data of thousands of students and families. […] Families were sent an email Friday evening from CPS’s Office of Access and Enrollment inviting them to submit supplemental applications to selective enrollment schools. Attached at the bottom of…
UK: Gloucestershire Police fined for revealing identities of abuse victims in bcc email gaffe
The Information Commissioner’s Office has really been busy handing out fines. Have you seen any monetary penalties imposed by regulators on police departments here in the U.S.? No, you haven’t, right? Gloucestershire Police has been fined £80,000 by the Information Commissioner’s Office (ICO) after sending a bulk email that identified victims of non-recent child abuse….
French Data Protection Authority Imposes a Record 250,000 € Fine to Optical Center for a Security Breach on its Website
Catherine Muyl and Marion Cavalier of Foley Hoag write: On June 7, 2018, the French Data Protection Authority (the CNIL) published a decision (issued one month earlier) in which it imposed a record 250,000 euros fine on Optical Center (which, although its name does not indicate, is a French company) for having insufficiently secured the…
UK: Hundreds of email addresses revealed in gaffe
James Oxenham reports: Hundreds of personal email addresses were sent to residents in a huge data breach by the county council. On Friday evening (June 8) West Sussex County Council sent out emails to people who commented on plans to build an incinerator in Horsham, the vast majority of whom objected. People who received the…