Reply to: data breach

Of course he is ... Just when the time is right. don't 'forget' those cloud backups

Are you going to delete them?

Lucky outcome, learn from it.

I apologised and agreed to delete the files. Client decided not to pursue the matter further.

Thanks everyone for some excellent advice.

Then point him to the thread about gaps in CVs

He only gets 10 mins internet a day so no time to respond. Give about 6 months and he'll be back with an update.

So, what was the outcome?

OK, tim if that's your view of the situation, fair enough.


Others of us have a different opinion/experience and have stated it, backing it up with perfectly valid examples.

Oh come on

live "real person" data as samples in project documentation,

and you think that the use of that data by project personnel could be a breach of "data protection" by that user?

As before, if that data were there, then it would be there intending it to be used by project personnel, then the only person in the targets for prosecution if that use is unlawful, is the person responsible for putting it in the document, not the person using it.

The whole company structure has to take responsibility for DP. As a manager, you can't absolve your own responsibility by getting your underlings to sign some contract saying that it is always their fault.

tim

Sorry, but the people to whom I responded were talking about the piffly data protection act

tim

Nope, the protected data may have included information that should protected (we're not talking about the piffly data protection act).


Let's say he was working for Thales and the project was to fix a bug in the guidance laser of the Starstreak which meant while it couldn't be jammed, it could sent off course. And let's say that was detailed in the project document which also discussed the solutions and showed which one was chosen along with any problems that occurred as a result.


That would be valuable data that should be protected.

No, I didn't say that. I'm saying we don't know what data has been taken; there could be sample data in the document(s) for all we know. We simply don't know what's there so cannot discount data protection issues.

So what you are saying is that someone (working on a specific project) has (may have) taken some project specific documents which just happen to contain the name, address and phone numbers (any other personal details) of other people working on that same project, and that act is a data breach?

I think that's pretty far fetched, because surely the dissemination of those details to other people involved with the project is exactly why you might want these details to be there in the first place.

If anyone is guilty of a data protection "crime" in this scenario, it will be the company for not correctly documenting/protecting the use that they were going to make of the data when they asked their employee for it, not the project numpty who copies it into his personal address book.

tim

Official Secrets Act

Yup, and the NDA (and any ClientCo security paperwork) will trump your contract, or anything the agent has.