Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Updated GDPR policy and new Terms of Use

13

Comments

  • #102
    droidman123
    Registered Users, Registered Users 2 Posts: 5,538 ✭✭✭droidman123


    Canis Lupus wrote: »
    I wonder how many actually care.

    I do


  • #103
    Canis Lupus
    Registered Users, Registered Users 2 Posts: 9,893 ✭✭✭Canis Lupus


    droidman123 wrote: »
    I do

    Why?


  • #104
    droidman123
    Registered Users, Registered Users 2 Posts: 5,538 ✭✭✭droidman123


    Canis Lupus wrote: »
    Why?

    Because i dont want strange people knowing my email address,you think that jist because they say they wouldnt abuse the info that they actually wont?this site is well known for having a stigma atrached to it and i certainly wouldnt wamt those people knowing my email address,its too late now because when i signed up i didnt know that info was going to be available and i certainly didnt realise what kind of site that it is


  • #105
    Timberrrrrrrr
    Registered Users, Registered Users 2 Posts: 25,646 ✭✭✭✭Timberrrrrrrr


    droidman123 wrote: »
    Because i dont want strange people knowing my email address,you think that jist because they say they wouldnt abuse the info that they actually wont?this site is well known for having a stigma atrached to it and i certainly wouldnt wamt those people knowing my email address,its too late now because when i signed up i didnt know that info was going to be available and i certainly didnt realise what kind of site that it is

    So close your account, then set up a new account using an email specifically created just for sites like this.


  • #106
    droidman123
    Registered Users, Registered Users 2 Posts: 5,538 ✭✭✭droidman123


    Timberrrrrrrr wrote: »
    So close your account, then set up a new account using an email specifically created just for sites like this.

    Good idea,but the horse has bolted,my email is already known, an email address i am not going to change for practical reasons


  • #107
    Boards.ie: Niamh
    Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    droidman123 wrote: »
    Just to make you all aware,not really related to gdpr,but those admins have access to all your email address,s
    droidman123 wrote: »
    I think its important that people signing up for this site are clearly made aware that the admins will have access to their email address,s
    droidman123 wrote: »
    Because i dont want strange people knowing my email address,you think that jist because they say they wouldnt abuse the info that they actually wont?this site is well known for having a stigma atrached to it and i certainly wouldnt wamt those people knowing my email address,its too late now because when i signed up i didnt know that info was going to be available and i certainly didnt realise what kind of site that it is
    droidman123 wrote: »
    Good idea,but the horse has bolted,my email is already known, an email address i am not going to change for practical reasons

    Boards.ie has never and will never use your email address for anything other than site business as set out in our Terms of Use. Insinuations to the contrary are unhelpful and without any basis in fact (see bolded section above). Staff and Admins have access to your email address and that of every other user, it does not mean that anyone has ever looked at your email address for any reason.

    You are fully free to change the email address associated with your account at any time here or to close your account if you disagree with how we operate the site.

    If you choose to close your account your email address, sign-up IP and any other personal information you have entered into your personal profile will be deleted. Your posts will remain as they are.

    If you request an account closure with reference to GDPR, you can re-read the OP of this thread for what will happen to your information and profile in that instance.

    How can I? User's guide to some features on the new site



  • #108
    dudara
    Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    droidman123 wrote: »
    Good idea,but the horse has bolted,my email is already known, an email address i am not going to change for practical reasons

    Honestly though, you will have this issue on just about any service where you have to provide your email. Any representative of any organisation who has access to your email could abuse or misuse that data.

    However, the vast majority of people take their job/responsibliities seriously, and do not abuse their position and trust that is placed in them. I don't know if you have access to personal information as part of your job, but if you do, you know the responsibility that comes with it.

    I realise this response is coming from someone who is an Admin, and therefore has the access described earlier in this thread. So I understand if you feel you need to take this with a pinch of salt.

    Many people will create special email addresses for use with service providers, and use those rather than divulging their day-to-day email address.

    And to clarify, I have not accessed your personal profile to check your email address :)


  • #109
    nim1bdeh38l2cw
    Closed Accounts Posts: 689 ✭✭✭nim1bdeh38l2cw


    Boards.ie: Niamh wrote: »
    Boards.ie has never and will never use your email address for anything other than site business as set out in our Terms of Use. Insinuations to the contrary are unhelpful and without any basis in fact (see bolded section above). Staff and Admins have access to your email address and that of every other user, it does not mean that anyone has ever looked at your email address for any reason.

    Do you have written contracts with your Admins (those that are not employees) where this is clearly stated?


  • #110
    Timberrrrrrrr
    Registered Users, Registered Users 2 Posts: 25,646 ✭✭✭✭Timberrrrrrrr


    droidman123 wrote: »
    Good idea,but the horse has bolted,my email is already known, an email address i am not going to change for practical reasons

    Have you recieved many emails from.admin since joining?


  • #111
    Beasty
    Administrators, Social & Fun Moderators, Sports Moderators Posts: 77,534 Admin ✭✭✭✭✭Beasty


    Seth Spicy Miser wrote: »
    Do you have written contracts with your Admins (those that are not employees) where this is clearly stated?

    A written contract would require monetary consideration:eek:

    You can rest assured though that we know we would be breaking the law if we used any of the "extra" information we can access for personal benefit (or indeed just for the hell of it). I for one would not be prepared to break the law certainly in the context of this site (although will acknowledge I may well have driven over the speed limit on occasion)


  • Advertisement
  • #112
    droidman123
    Registered Users, Registered Users 2 Posts: 5,538 ✭✭✭droidman123


    Timberrrrrrrr wrote: »
    Have you recieved many emails from.admin since joining?

    I think you are completly missing the point of why i dont want those people having access to my email address,and just for the record i did not accuse anyone of abusing the position of knowing my email address.i cant discuss my reasons on here or i will just get the usual "we are done here" and the little control panel will come into play to shut down the discussion.just to reiterate to niamh,i did NOT,accuse anyone or infer that anyone was going to use my email address for neferious reasons.


  • #113
    seamus
    Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Seth Spicy Miser wrote: »
    Do you have written contracts with your Admins (those that are not employees) where this is clearly stated?
    This is not the United States. A contract is required to benefit all parties to it. If it doesn't, then it is invalid. You cannot sign a one-sided contract.

    In this case, the admin is providing voluntary services to boards.ie for no compensation. Any contract which placed obligations on an administrator without any benefit (which, as Beasty says, is usually monetary compensation), would be little more than toilet paper.

    Nevertheless, even in the absence of a civil contract, volunteers are still bound by the law just like a company is, and can therefore be sued and/or charged with GDPR breaches.

    In other words, the law protects you against an errant administrator far more than any contract could.


  • #114
    Canis Lupus
    Registered Users, Registered Users 2 Posts: 9,893 ✭✭✭Canis Lupus


    droidman123 wrote: »
    Because i dont want strange people knowing my email address,you think that jist because they say they wouldnt abuse the info that they actually wont?

    An email address is nothing.... You're making it sound like they've you're name, home address and house keys.

    Explain to me what abuses they could carry out with your email address exactly.


  • #115
    droidman123
    Registered Users, Registered Users 2 Posts: 5,538 ✭✭✭droidman123


    Canis Lupus wrote: »
    An email address is nothing.... You're making it sound like they've you're name, home address and house keys.

    Explain to me what abuses they could carry out with your email address exactly.

    You have really never heard of people selling on email address,s to marketing companies? Again i,m not accusing anyone on here doing it,but also as i said earlier,nobody actually knows anyone else on here,(mostly) so that is the concern i would have


  • #116
    Timberrrrrrrr
    Registered Users, Registered Users 2 Posts: 25,646 ✭✭✭✭Timberrrrrrrr


    droidman123 wrote: »
    You have really never heard of people selling on email address,s to marketing companies? Again i,m not accusing anyone on here doing it,but also as i said earlier,nobody actually knows anyone else on here,(mostly) so that is the concern i would have

    It's what you signed up for when you joined the site, unknowingly obviously but who knew how things would change.


  • #117
    Beasty
    Administrators, Social & Fun Moderators, Sports Moderators Posts: 77,534 Admin ✭✭✭✭✭Beasty


    GDPR provides protection against anyone sending unsolicited marketing material or indeed simple spam. I've certainly noticed a significant reduction (in fact almost elimination) of such emails particularly since May when you actively had to opt in for stuff

    I also have (following a recent high profile data breach) now have a free service where I can check where my email address (and other data)has been compromised and take action to change passwords as necessary

    An email address contains less data than a physical address. It's not that long ago that we were all agreeing to allow our physical address to be shared via the phone book and indeed internet searches. Regulations have been catching up but the information I can access is much less than many share regularly online either in the open or when signing up for other things.

    We need a unique identifier for all accounts if only to facilitate log in. Without related passwords though an email address is pretty useless.


  • #118
    AndrewJRenko
    Registered Users, Registered Users 2 Posts: 29,459 ✭✭✭✭AndrewJRenko


    Boards.ie: Niamh wrote: »
    droidman123 wrote: »
    Good idea,but the horse has bolted,my email is already known, an email address i am not going to change for practical reasons

    Boards.ie has never and will never use your email address for anything other than site business as set out in our Terms of Use. Insinuations to the contrary are unhelpful and without any basis in fact (see bolded section above). Staff and Admins have access to your email address and that of every other user, it does not mean that anyone has ever looked at your email address for any reason.
    It also doesn't mean that your admin has never looked at my email address for any reason.

    One obvious concern with this is the possibility of exposing the identity of otherwise anonymous posters. The question should be "why do admins need this information?".

    Do you track and audit admin access to email addresses?


  • #119
    AndrewJRenko
    Registered Users, Registered Users 2 Posts: 29,459 ✭✭✭✭AndrewJRenko


    Beasty wrote:
    It's not that long ago that we were all agreeing to allow our physical address to be shared via the phone book and indeed internet searches.
    Speak for yourself. I've been ex-directory for as long as I've had my own phone account.


  • #120
    Canis Lupus
    Registered Users, Registered Users 2 Posts: 9,893 ✭✭✭Canis Lupus


    droidman123 wrote: »
    You have really never heard of people selling on email address,s to marketing companies? Again i,m not accusing anyone on here doing it,but also as i said earlier,nobody actually knows anyone else on here,(mostly) so that is the concern i would have

    I'm still confused. What exactly are you expecting to happen if someone sold your email address. Unless you've used leo.varadkar@oir.ie as your email address to log in.


  • Advertisement
  • #121
    droidman123
    Registered Users, Registered Users 2 Posts: 5,538 ✭✭✭droidman123


    Canis Lupus wrote: »
    I'm still confused. What exactly are you expecting to happen if someone sold your email address. Unless you've used leo.varadkar@oir.ie as your email address to log in.

    What i would expect to happen is a ton of unwanted spam emails


  • #122
    Timberrrrrrrr
    Registered Users, Registered Users 2 Posts: 25,646 ✭✭✭✭Timberrrrrrrr


    droidman123 wrote: »
    What i would expect to happen is a ton of unwanted spam emails

    Has it happend in the last 6 years you have been a member?

    Edit: on my phone so not sure but isn't there a change email address option on your account?


  • #123
    Beasty
    Administrators, Social & Fun Moderators, Sports Moderators Posts: 77,534 Admin ✭✭✭✭✭Beasty


    Timberrrrrrrr wrote: »
    Edit: on my phone so not sure but isn't there a change email address option on your account?
    Yes there is an option to change e-mail in your Control Panel


  • #124
    droidman123
    Registered Users, Registered Users 2 Posts: 5,538 ✭✭✭droidman123


    Timberrrrrrrr wrote: »
    Has it happend in the last 6 years you have been a member?

    Edit: on my phone so not sure but isn't there a change email address option on your account?

    Yes,but as i said,my email address is already out there,in hindsight,if i had of known,i would of used an alternative email address initially


  • #125
    Timberrrrrrrr
    Registered Users, Registered Users 2 Posts: 25,646 ✭✭✭✭Timberrrrrrrr


    droidman123 wrote: »
    Yes,but as i said,my email address is already out there,in hindsight,if i had of known,i would of used an alternative email address initially

    Hindsight is indeed a wonderful thing. Surely if you are that worried then you would immediately change your email address to prevent any future (possible) misuse?

    You're saying it's already "out there" but where exactly is out there? Is there a rogue admin that is noting peoples email addresses for future vigra spam ads?

    I'm sorry if this sounds like i am making light of your fears but i honestly don't gwt what you have to fear and what you expect boards.ie to do about it seeing as they are already complying with the laws.


  • #126
    the_pen_turner
    Registered Users, Registered Users 2 Posts: 7,523 ✭✭✭the_pen_turner


    Timberrrrrrrr wrote: »
    Hindsight is indeed a wonderful thing. Surely if you are that worried then you would immediately change your email address to prevent any future (possible) misuse?

    You're saying it's already "out there" but where exactly is out there? Is there a rogue admin that is noting peoples email addresses for future vigra spam ads?

    I'm sorry if this sounds like i am making light of your fears but i honestly don't gwt what you have to fear and what you expect boards.ie to do about it seeing as they are already complying with the laws.

    its not as simple as that. most people have their names as part of their email adddress. combine that with a few specific bits of info from posts like posting in your local town thread or what type of job you have could easily allow someone to work out who you are.


  • Advertisement
  • #127
    oscarBravo
    Technology & Internet Moderators Posts: 28,820 Mod ✭✭✭✭oscarBravo


    the_pen_turner wrote: »
    its not as simple as that. most people have their names as part of their email adddress. combine that with a few specific bits of info from posts like posting in your local town thread or what type of job you have could easily allow someone to work out who you are.

    Right, but to do so would be a criminal offence.

    Seriously. I don't care enough what your email address is - or what your real identity is, for that matter - to risk criminal prosecution to find it out.


  • #128
    the_pen_turner
    Registered Users, Registered Users 2 Posts: 7,523 ✭✭✭the_pen_turner


    oscarBravo wrote: »
    Right, but to do so would be a criminal offence.

    Seriously. I don't care enough what your email address is - or what your real identity is, for that matter - to risk criminal prosecution to find it out.

    i understand that . im not saying any admin etc has done anything wrong .

    do criminals care about the laws they are breaking

    a lock only keeps an honest man out.

    surely there should be some kind of system in place to protect users data from someone who would chose to break the law. maybe some kind of system that requires 2 or more admins to sign offf before the data is accesable


  • #129
    Nody
    Moderators, Category Moderators, Arts Moderators, Business & Finance Moderators, Entertainment Moderators, Society & Culture Moderators Posts: 18,334 CMod ✭✭✭✭Nody


    the_pen_turner wrote: »
    surely there should be some kind of system in place to protect users data from someone who would chose to break the law. maybe some kind of system that requires 2 or more admins to sign offf before the data is accesable
    There is no system or rule you can set up that someone who wants to abuse it can't circumvent; I've worked for years on payment processes (i.e. very high risk, high direct reward if abused) and no matter how many controls are added I've yet to find a system I can't abuse if I set my mind to it. Add a second accomplice (or someone I know in the general process I can get to do me a "favor") and you've circumvented pretty much every control in any system out there and you'll only find out afterwards. This is not to say you should not make it as difficult as possible but every system can be abused if targeted and every system and control tend to have the processor in question as the weakest link.


  • #130
    Timberrrrrrrr
    Registered Users, Registered Users 2 Posts: 25,646 ✭✭✭✭Timberrrrrrrr


    the_pen_turner wrote: »
    its not as simple as that. most people have their names as part of their email adddress. combine that with a few specific bits of info from posts like posting in your local town thread or what type of job you have could easily allow someone to work out who you are.


    Hence I'm saying why not change email address


  • #131
    the_pen_turner
    Registered Users, Registered Users 2 Posts: 7,523 ✭✭✭the_pen_turner


    Nody wrote: »
    There is no system or rule you can set up that someone who wants to abuse it can't circumvent; I've worked for years on payment processes (i.e. very high risk, high direct reward if abused) and no matter how many controls are added I've yet to find a system I can't abuse if I set my mind to it. Add a second accomplice (or someone I know in the general process I can get to do me a "favor") and you've circumvented pretty much every control in any system out there and you'll only find out afterwards. This is not to say you should not make it as difficult as possible but every system can be abused if targeted and every system and control tend to have the processor in question as the weakest link.

    i dont expect a hugly complicated system but surely there should be something that would stop someone acting alone. surely we can trust that boards wouldnt have more than one criminal on the mist(not sayng there is)


  • Advertisement
  • #132
    the_pen_turner
    Registered Users, Registered Users 2 Posts: 7,523 ✭✭✭the_pen_turner


    Timberrrrrrrr wrote: »
    Hence I'm saying why not change email address

    that doesnt change the fact that your email is out there for loads of strangers to see.

    if you change it what happens to the old one. can that still be accessed


  • #133
    Timberrrrrrrr
    Registered Users, Registered Users 2 Posts: 25,646 ✭✭✭✭Timberrrrrrrr


    the_pen_turner wrote: »
    that doesnt change the fact that your email is out there for loads of strangers to see.

    if you change it what happens to the old one. can that still be accessed

    Thats something for admin/staff to answer i have no idea


  • #134
    Beasty
    Administrators, Social & Fun Moderators, Sports Moderators Posts: 77,534 Admin ✭✭✭✭✭Beasty


    the_pen_turner wrote: »
    if you change it what happens to the old one. can that still be accessed

    Certainly not by Admins, and I suspect not by others other than via a backup that predates the change


  • #135
    Canis Lupus
    Registered Users, Registered Users 2 Posts: 9,893 ✭✭✭Canis Lupus


    droidman123 wrote: »
    What i would expect to happen is a ton of unwanted spam emails

    That's what a spam folder is for. I get zero emails into my main inbox that aren't expected. Anything spam goes to the spam folder. So basically, as far as I can see there's no impact.


  • #136
    AndrewJRenko
    Registered Users, Registered Users 2 Posts: 29,459 ✭✭✭✭AndrewJRenko


    Nody wrote: »
    the_pen_turner wrote: »
    surely there should be some kind of system in place to protect users data from someone who would chose to break the law. maybe some kind of system that requires 2 or more admins to sign offf before the data is accesable
    There is no system or rule you can set up that someone who wants to abuse it can't circumvent; I've worked for years on payment processes (i.e. very high risk, high direct reward if abused) and no matter how many controls are added I've yet to find a system I can't abuse if I set my mind to it. Add a second accomplice (or someone I know in the general process I can get to do me a "favor") and you've circumvented pretty much every control in any system out there and you'll only find out afterwards. This is not to say you should not make it as difficult as possible but every system can be abused if targeted and every system and control tend to have the processor in question as the weakest link.
    One very strong system to deter abuse is very simple - that all accesses of email addresses is logged and recorded.

    But more importantly, why do admins NEED access to email addresses?


  • #137
    Obvious Desperate Breakfasts
    Closed Accounts Posts: 8,474 ✭✭✭Obvious Desperate Breakfasts


    the_pen_turner wrote: »
    its not as simple as that. most people have their names as part of their email adddress. combine that with a few specific bits of info from posts like posting in your local town thread or what type of job you have could easily allow someone to work out who you are.

    I’m gobsmacked that people sign up to sites like boards.ie using their everyday emails. Dummy email addresses all the way. I’ve been doing that for years.


  • #138
    the_pen_turner
    Registered Users, Registered Users 2 Posts: 7,523 ✭✭✭the_pen_turner


    Obvious Desperate Breakfasts wrote: »
    I’m gobsmacked that people sign up to sites like boards.ie using their everyday emails. Dummy email addresses all the way. I’ve been doing that for years.

    hind sight is always 20 20


  • #139
    Boards.ie: Niamh
    Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    Seth Spicy Miser wrote: »
    Do you have written contracts with your Admins (those that are not employees) where this is clearly stated?
    No we don't, only people employed by the company have a contract. Admins are volunteers.
    AndrewJRenko wrote: »
    It also doesn't mean that your admin has never looked at my email address for any reason.

    One obvious concern with this is the possibility of exposing the identity of otherwise anonymous posters. The question should be "why do admins need this information?".

    Do you track and audit admin access to email addresses?

    Admins need access to certain user information to operate in their role as Admins and to maintain the security of the site when needed. We do not track or audit Admin access to email addresses.
    the_pen_turner wrote: »
    its not as simple as that. most people have their names as part of their email adddress. combine that with a few specific bits of info from posts like posting in your local town thread or what type of job you have could easily allow someone to work out who you are.
    Yes they could but are not allowed to do so. GDPR allows you to withdraw your personal data, in this case email address if you feel that this is an issue.
    the_pen_turner wrote: »
    i understand that . im not saying any admin etc has done anything wrong .

    do criminals care about the laws they are breaking

    a lock only keeps an honest man out.

    surely there should be some kind of system in place to protect users data from someone who would chose to break the law. maybe some kind of system that requires 2 or more admins to sign offf before the data is accesable

    Users data is only accessible to a very small number of people to facilitate the smooth running of the site. Two Admins signing off on anything would be not be feasible. Admins are in different locations and in some cases different time zones. Often when they have to act on a spammer, for example, it is time sensitive and waiting for another Admin to be around before they can access the user profile would hamper them in their role.
    the_pen_turner wrote: »
    that doesnt change the fact that your email is out there for loads of strangers to see.

    if you change it what happens to the old one. can that still be accessed
    If you change your email address the old one is essentially overwritten by the new one. It is no longer saved or visible anywhere once you have saved the new email address.
    AndrewJRenko wrote: »
    One very strong system to deter abuse is very simple - that all accesses of email addresses is logged and recorded.

    But more importantly, why do admins NEED access to email addresses?
    As above, they need it to fulfil their roles as Admins and to facilitate the smooth running of the site.

    How can I? User's guide to some features on the new site



  • #140
    AndrewJRenko
    Registered Users, Registered Users 2 Posts: 29,459 ✭✭✭✭AndrewJRenko


    Boards.ie: Niamh wrote: »
    Admins need access to certain user information to operate in their role as Admins and to maintain the security of the site when needed.

    With due respect, that's a 'nothing' answer. It says nothing.

    It doesn't see how or why admins need email addresses, over and above usernames.
    Boards.ie: Niamh wrote: »
    We do not track or audit Admin access to email addresses.
    Thanks for clarifying, but that's a substantial concern, and an exposure for your organisation.


  • #141
    Boards.ie: Niamh
    Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    AndrewJRenko wrote: »
    With due respect, that's a 'nothing' answer. It says nothing.

    It doesn't see how or why admins need email addresses, over and above usernames.
    I appreciate it's not as much detail as you are looking for but it's as much detail as I'm willing to give without compromising how we function and exposing some of our site security procedures.

    From our Terms of Use:
    Moderators and Administrators
    In order to allow for the proper administration of boards.ie we make use of third party moderators and administrators. And in order for them to properly carry out their functions as moderators and administrators they require access to personal information concerning you, your boards.ie account and your activity on the site. Such data is only permitted to be used by our third party moderators and administrators for the purposes of administering the site and cannot be used by them for any other purpose.

    AndrewJRenko wrote: »
    Thanks for clarifying, but that's a substantial concern, and an exposure for your organisation.
    As far as I am aware, we are not obliged to do so but I will pass the concern on, thank you.

    How can I? User's guide to some features on the new site



  • Advertisement
  • #142
    AndrewJRenko
    Registered Users, Registered Users 2 Posts: 29,459 ✭✭✭✭AndrewJRenko


    Boards.ie: Niamh wrote: »
    I appreciate it's not as much detail as you are looking for but it's as much detail as I'm willing to give without compromising how we function and exposing some of our site security procedures.
    Security through obscurity is not generally respected

    https://en.wikipedia.org/wiki/Security_through_obscurity
    Boards.ie: Niamh wrote: »


    As far as I am aware, we are not obliged to do so but I will pass the concern on, thank you.

    Like most security issues, the requirements are very general rather than specific.

    But in simple terms, if you have a breach, and you have an audit facility, you will have some chance of tracking the leaker down.

    The existence of an audit trail is substantial deterrent to leaking.


  • #143
    oscarBravo
    Technology & Internet Moderators Posts: 28,820 Mod ✭✭✭✭oscarBravo


    AndrewJRenko wrote: »
    Security through obscurity is not generally respected

    https://en.wikipedia.org/wiki/Security_through_obscurity

    That's a bit of a misconception. Security that relies entirely on obscurity is a risk, but obscurity as one layer of a security-in-depth approach often makes sense. From your own link:
    NIST's cyber resiliency framework, 800-160 Volume 2, recommends the usage of security through obscurity as a complementary part of a resilient and secure computing environment.


  • #144
    November Golf
    Registered Users, Registered Users 2 Posts: 973 ✭✭✭November Golf


    Off topic but....

    In future, can we please have two separate threads:

    1. for Information (one way - info, Updates & FAQ's)

    2. Discussion on the topic of information (two way - for discussing, raising concerns, and asking questions)

    I mean I have been dipping in and out of this thread since it was started and frankly I have forgotten what the policy changes actually are & I'm not that bother to go back and read the OP. I'm not saying there hasn't been real points made or justified concerns raised but if the whole purpose of this thread was to "inform people" about the changes that have been made, its no longer fit for purpose in my opinion.


  • #145
    hullaballoo
    Administrators, Entertainment Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 18,750 Admin ✭✭✭✭✭hullaballoo


    Not a bad suggestion tbf.


  • #146
    xi5yvm0owc1s2b
    Closed Accounts Posts: 1,325 ✭✭✭xi5yvm0owc1s2b


    Mike Foxtrot wrote: »
    I'm not saying there hasn't been real points made or justified concerns raised but if the whole purpose of this thread was to "inform people" about the changes that have been made, its no longer fit for purpose in my opinion.

    If the purpose was simply to inform people, staff should have posted an announcement. Starting a Feedback thread inevitably invites discussion.


  • #147
    nim1bdeh38l2cw
    Closed Accounts Posts: 689 ✭✭✭nim1bdeh38l2cw


    Beasty wrote: »
    A written contract would require monetary consideration:eek:

    Why would it? Contracts don't infer monatery anything, legally such a person would be a data processor (boards would be the data controller) under Article 4 and Article 28 requires "sufficient guarantees" which in my (qualified) opinion can only be given by a written contract where it's stated what such a processor can and cannot do with the data that they have access to.


  • #148
    seamus
    Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Seth Spicy Miser wrote: »
    Why would it? Contracts don't infer monatery anything, legally such a person would be a data processor (boards would be the data controller) under Article 4 and Article 28 requires "sufficient guarantees" which in my (qualified) opinion can only be given by a written contract where it's stated what such a processor can and cannot do with the data that they have access to.
    The law on what a data processor does, still applies whether or not a written contract exists.

    You're probably confusing a contract with a declaration.

    That is, a declaration from the admin that they understand they are a data processor and are bound by the legal obligations of one.
    Ultimately all this does is ensure that in a bind, the data processor can't plead ignorance.

    This doesn't necessarily have to be a formal sheet of paper. Merely the act of engaging in this discussion could be considered such a declaration.


  • #149
    hullaballoo
    Administrators, Entertainment Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 18,750 Admin ✭✭✭✭✭hullaballoo


    Seth Spicy Miser wrote: »
    Why would it? Contracts don't infer monatery anything, legally such a person would be a data processor (boards would be the data controller) under Article 4 and Article 28 requires "sufficient guarantees" which in my (qualified) opinion can only be given by a written contract where it's stated what such a processor can and cannot do with the data that they have access to.
    For a contract to be valid, there has to be an exchange of value if you like.

    The exchanged thing doesn't have to be representative of the true value of the agreement to either party but it has to be of value, and both parties have to commit something of value to the exchange.

    It's just one of the elements required for a binding and enforceable contract and it is known as consideration.

    Me going to boards HQ and signing a document saying
    I know that I'm a data processor for the purposes of the GDPR is not a contract. In fact, it has no real legal value other than, as seamus says, potentially preventing me from later saying I didn't know I am a data processor.

    A bit of a pointless exercise is all it would be.


  • #150
    Beasty
    Administrators, Social & Fun Moderators, Sports Moderators Posts: 77,534 Admin ✭✭✭✭✭Beasty


    Mike Foxtrot wrote: »
    Off topic but....

    In future, can we please have two separate threads:

    1. for Information (one way - info, Updates & FAQ's)

    2. Discussion on the topic of information (two way - for discussing, raising concerns, and asking questions)

    I mean I have been dipping in and out of this thread since it was started and frankly I have forgotten what the policy changes actually are & I'm not that bother to go back and read the OP. I'm not saying there hasn't been real points made or justified concerns raised but if the whole purpose of this thread was to "inform people" about the changes that have been made, its no longer fit for purpose in my opinion.

    The Announcement is in the Announcements Forum. Posts in Feedback are for discussion


  • Advertisement
  • #151
    ezra_
    Registered Users, Registered Users 2 Posts: 1,363 ✭✭✭ezra_


    hullaballoo wrote: »

    Me going to boards HQ and signing a document saying
    I know that I'm a data processor for the purposes of the GDPR is not a contract. In fact, it has no real legal value other than, as seamus says, potentially preventing me from later saying I didn't know I am a data processor.

    A bit of a pointless exercise is all it would be.

    Come now - a fifty would be valid consideration and would make the contract valid and enforceable. The lack of sufficient consideration isn't the blocker here, but rather that it would shift you from a volunteer to something along the lines of a contractor, and that brings in complications to both sides.

    However, since we have gone down the rabbit hole of an admin committing a breach, barring someone going rogue, the more likely outcome is;

    ezra_ starts spamming boards with something
    beasty checks out my email address
    checks it on www.isthisguyaspammer.com
    acts accordingly

    However, isthisguyaspammer.com then starts processing my email address and spamming me (or doing something else with it that I don't give consent to)

    DPC gets involved (because, well just because it is needed for this analogy).

    Who is at fault here? Beasty? Boards? Both? isthisguyaspammer.com?


This discussion has been closed.
Advertisement