ComputerWorld US’s data breach hall of infamy for this year serves as a reminder that legally obliged disclosure of data breaches has yet to figure in the UK.

The US litany of breaches includes

• the Transportation Security Administration (TSA), which accidentally posted to the web a manual that containing complete details on its airport screening procedures
• Social networking application vendor RockYou, which exposed usernames and passwords (in plain text!) for over 32 million registered users

It does make you wonder what we’d find out under a more American legal regime. In Computer Weekly about a year and a half ago, we published a piece, by Sarah Hilley, revealing that more than 16.5 million people had had their details lost or stolen from financial services firms in 2007. This information was obtained from the Financial Services Authority, under the Freedom of Information Act. It puzzled us at the time that the mainstream media failed to pick the story up, and I’m still foxed. Perhaps we were too subtle?

Here are a few other links to data breach stories that I think are quite interesting:

• Register story here on a cost estimate of £47 for every lost record by a UK company.
• Blogpost, by Phil Muncaster, on the Ministry of Justice’s acceptance of Richard Thomas’s request, at the end of last year, that there be no US style data breach notification for private sector companies in the UK. Why not? Partly because of the risk of desensitization. To lose one packet of data is unfortunate, to lose two is careless. And the third, and fourth? Well ...
• Finally, a link to that story about our over-sharing friends at T-mobile.

Delicious

Digg

Reddit

Facebook

StumbleUpon