Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Is the Data Protection Commissioner doing the job?

  • 18-06-2009 3:46pm
    #1
    probe
    Closed Accounts Posts: 2,055 ✭✭✭


    Questions:

    One assumes that Bord Gáis is registered with Data Protection? If so:

    1 Does Data Protection (www.dataprivacy.ie) require holders of personal information to encrypt data?

    2 Does Data Protection impose basic standards for encryption of personal data? (eg minimum password size and complexity, requirements for multi-factor authentication, minimum encryption standards etc). Poor passwords are easily cracked by password “recovery” services*. When I hear reporters say "the stolen laptops where encrypted, so everything is OK" it makes me laugh!

    3 Does Data Protection require the installation of anti-theft software on devices that store high value datasets of personal information? (eg software – preferably a rootkit – that calls home over the internet to report its location and ideally is capable of taking instructions to wipe files after being reported stolen). Large valuable datasets (eg utilities databases containing customer co-ordinates and banking/bank card details of over a specified number – perhaps 50,000 customers) should not be permitted to be copied to portable devices or removed from a secure environment.

    4 What fines and other penalties are and have been imposed on negligent companies in the past?

    5 Is there any point in having a Data Protection Commissioner bureaucracy given the frequent disappearance of unencrypted personal datasets on portable devices used by Irish companies?

    *eg: www.lostpassword.com

    www.siliconrepublic.com/news/article/13218/cio/75-000-customers-bank-details-on-stolen-bord-gais-laptop


Comments

  • #2
    podgeen
    Registered Users, Registered Users 2 Posts: 1,176 ✭✭✭podgeen


    Hi Probe,

    I would be interested in hearing answers to your questions. I have another question to add to the list -

    Has any organisation ever been prosecuted for breach of the data protection act?

    I raised this question in a blog post on about the Bord Gáis breach earlier today.


  • #3
    probe
    Closed Accounts Posts: 2,055 ✭✭✭probe


    podgeen wrote: »
    Hi Probe,

    I would be interested in hearing answers to your questions. I have another question to add to the list -

    Has any organisation ever been prosecuted for breach of the data protection act?

    I raised this question in a blog post on about the Bord Gáis breach earlier today.

    Is this not the same as my question # 4? :-)


  • #4
    podgeen
    Registered Users, Registered Users 2 Posts: 1,176 ✭✭✭podgeen


    Yes it is :o
    Sorry I misread your question 4. Thats what I get for posting at 12:44am!

    In relation to your comments on question 2, did you read the report on the Irish times? The Managing Director of Bord Gáis Energy, Dave Bunworth said that while the laptop was not encrypted it would be "very difficult to get into" :)

    Dave


  • #5
    probe
    Closed Accounts Posts: 2,055 ✭✭✭probe


    podgeen wrote: »
    Yes it is :o
    Sorry I misread your question 4. Thats what I get for posting at 12:44am!

    In relation to your comments on question 2, did you read the report on the Irish times? The Managing Director of Bord Gáis Energy, Dave Bunworth said that while the laptop was not encrypted it would be "very difficult to get into" :)

    PR spin! BGE presumably had the Windows password enabled on this machine? Windoze security at its best :)

    http://windowspasswordforgot.com


  • #6
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,562 Mod ✭✭✭✭Capt'n Midnight


    probe wrote:
    The Managing Director of Bord Gáis Energy, Dave Bunworth said that while the laptop was not encrypted it would be "very difficult to get into" :)

    PR spin! BGE presumably had the Windows password enabled on this machine? Windoze security at its best :)

    http://windowspasswordforgot.com
    First home.eunet.no/pnordahl/ntpasswd is the free open source windows password removal tool no need to buy a closed source that claims (well it would) to be not dodgy

    almost any linux / BSD live CD will bypass NTFS security on un-encrypted windows files, hell even DOS 5 + NTFSDOS could do that 10 years ago ( files dated '92 ,'96 )


  • Advertisement
Advertisement