There has been a great deal of publicity in the UK today about the authorities finally establishing the existence of a database holding information about itinerant workers in the UK building industry. This information was syndicated to potential employers for vetting of “trouble makers”. This is not a database attack. The data held about the individuals’ breaks data protection regulations – this sort of human resources information is highly regulated.
This is not the first time that sensitive information is assembled by a trusted third party so that other organizations can utilize it. Consider the credit industry – individual banks are unwilling to share information about their customers to competitors, but they are willing to share to a trusted third party who can combine others’ information and then provide a central credit reference check.
As I wrote above, despite the media attention, this I not a database attack. This incident was not caused by inappropriate use or release or leakage of data, but simply by the inappropriate data being collected in the first place.
Now if only we could find a Data Capture Protection system that was compliant with all possible data protection laws …
Friday, 6 March 2009
Subscribe to:
Posts (Atom)