What's the UK stance on not being a knob with people's data?
Discussion
I've been living in Australia where a major Telco had a huge data breach due to.. well, not giving a st about data security. (Public-facing API and keeping data they had no right or need to keep) Millions of people had their personal details leaked, including passport, driving licences, medicare, etc.. It was / is a huge problem to clean up and the Govt has brought in new laws (as well as massive fines)
So this sort of thing is on the front of my mind..
Today I booked a hire car. As part of the confirmation they wanted a copy of passport, driving licence, and a few other things. You know, important stuff. They said it was being uploaded to their super-secure server, which I'm sure it was.. however the person manually checking at the other end had a question so sent me a mail, or rather forwarded me a mail.
It appears that I uploaded my docs to one company, whose system automatically sent a plain text mail to the hire company with links to the documents I had uploaded. The links didn't need any authorisation or authentication, they just loaded.
So any bad actor could intercept mails between these two addresses and a load of data that would be super handy for identify theft.
Is there an authoritative government body in the UK who give a st about this sort of thing, or is it like Australia and you have to wait for something to go wrong first?
Ta
So this sort of thing is on the front of my mind..
Today I booked a hire car. As part of the confirmation they wanted a copy of passport, driving licence, and a few other things. You know, important stuff. They said it was being uploaded to their super-secure server, which I'm sure it was.. however the person manually checking at the other end had a question so sent me a mail, or rather forwarded me a mail.
It appears that I uploaded my docs to one company, whose system automatically sent a plain text mail to the hire company with links to the documents I had uploaded. The links didn't need any authorisation or authentication, they just loaded.
So any bad actor could intercept mails between these two addresses and a load of data that would be super handy for identify theft.
Is there an authoritative government body in the UK who give a st about this sort of thing, or is it like Australia and you have to wait for something to go wrong first?
Ta
GDPR / Data Protection Act 2018
https://www.gov.uk/data-protection
Complaints go to Information commissioners Office
https://www.gov.uk/data-protection
Complaints go to Information commissioners Office
SV_WDC said:
Aside from GDPR, most European companies have a Privacy officer you can email
Isn't the privacy officer a result of GDPR? I think that the companies have to make someone available you can talk to about the personal data they hold, and can request it is deleted if desired. Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff