Staff supplied spam list

Quarkside’s spam sleuthing helped to identify a person who is no longer employed by the respectable company.  Prompt action was taken and a company wide letter has been sent to all staff reminding of them of their responsibilities under the Data Protection Act.  I hope that the Information Commissioner has been informed.

The list was used to create spam.  How wide this has spread, only time will tell.  It was interesting that the spam led to a company that has “adopted a pioneering approach to the deployment of modern technologies such as MDM, yet couple this with a no-nonsense attitude to advice, governance and analysis.”  If this is a no-nonsense attitude to governance, then their internal processes are worthy of deeper inspection.  No-nonsense should not mean avoiding due diligence on sources of personal information.

 

SCC: Beware of BCC

Recently Surrey County Council was fined £120k for breaching the Data Protection Act. One of the reasons was that the word “Transport” was put into the Blind Copy field on an email – in error for the subject line.
Unfortunately, Transport was also the name of a list with all sorts of people, none of whom were the intended recipients of personal confidential data.

Let this be a warning for all.

Cloud Contracts Clobbered

The Cloud is seen as a potential budget saver for public sector computing.  Commoditised processing power and storage with built in scalability and resilience is in everybody’s option list.  However, there are darker clouds that could dampen progress.

Security Soothsayer, David Lacey, has given us some warnings, blogging “I’ve long believed that Cloud computing will not be taken up by large corporate (sic) until much better legal and security assurances are provided. I’d even go as far as to say that we need a brand new security standard and independent assurance process to mitigate the risks to an acceptable level.”

He is right, of course.  Large corporates have lawyers to pay for looking at the small print that we mortals ignore.  ‘Like it or lump it’ seems to be the norm with Web suppliers these days.   It would be so much better if there was some definition of unfair terms and conditions that we could rely on.  Contracts are essential but they must be reasonable, providing legal protection and responsibilities for both parties.

Where I am working, location of cloud facilities is a major concern.  The public sector is paranoid about the implications of the Data Protection Act.  It’s not really the risk of using a trustworthy overseas supplier, but the fear of criticism from the Information Commissioner.