Orange has received a public warning from the French privacy watchdog Cnil after personal details of more than a million of its customers were leaked on the internet. Orange notified Cnil of the problem in April, blaming a technical fault at one of its marketing suppliers. Almost 1.3 million customers were affected, with their name,…
UK: Hammersmith and Fulham policewoman fired after breaching police data act
Graham Spence reports on another case of police misuse of databases: Trainee Detective Constable Sadaf Bhatti, 39 , a former Metropolitan Police Service officer based at Hammersmith and Fulham has been dismissed without notice. Bhatti had previously pleaded guilty to three counts of breaching the Data Protection Act at Westminster Magistrates’ Court on Thursday, 5…
NZ: Have your say on their new ‘Naming Policy’
From the Office of the Privacy Commissioner of New Zealand: We think it is time to ‘name names’ where it is warranted. Our view is that in certain circumstances, the Privacy Act is better served by revealing the organisations that have breached the law. Up to now, we’ve rarely publicly named organisations. It was done…
UK: Repeated security failings lead to £180,000 fine for Ministry of Justice
Long-time readers of DataBreaches.net will recall that I’ve posted breaches involving the UK Ministry of Justice before (cf this post or this post about a monetary penalty involving an email breach at HMP Cardiff). Now there’s another monetary penalty, it seems: The Information Commissioner’s Office (ICO) has served a £180,000 penalty on the Ministry of Justice over…
UK: Local authorities audit report: “areas of good practice, but clear room for improvement by all”
A report published by the Information Commissioner’s Office (ICO) today has highlighted ‘clear room for improvement’ in how local authorities comply with the Data Protection Act. The ICO audited 16 local authorities last year. The audits include an overall ‘assurance rating’, but none received high assurance that they were complying with data protection law. Six…
BioReference Laboratories notified over 3,000 patients after misconfigured server allowed their info to be indexed by search engines
Recently added to HHS’s public breach tool was a misconfigured server incident that affected 3,334 patients. The entity’s statement was posted on their web site: We at BioReference Laboratories, Inc., and our subsidiary CareEvolve, Inc., take very seriously our responsibility to protect the privacy and security of our patients’ personal information, as required by the…