Security Bytes

Nov 27 2007   5:08PM GMT

How to handle a data breach with some dignity

David Schneier David Schneier Profile: David Schneier


Say this for the unfortunate folks at Her Majesty’s Revenue and Customs: they know how to respond to a data breach. I’m not necessarily talking about the legal response or notification of citizens potentially affected by the HMRC’s loss of two discs containing personally identifiable information for 25 million UK residents. That’s boilerplate at this point. What struck me is the classically British way that the officials involved stepped up and shouldered the blame for the mishap. “This is the biggest privacy disaster by our government,” Jonathan Bamford, assistant information commissioner, told Cnet News. “Clearly on the facts available there appears to be a major contravention of data-protection laws.”

Those are not the kind of statements you see coming from government officials or company executives in the U.S. Here, the company PR operative would have blamed the courier service for losing the discs, then the CEO would have pointed out that they are password protected, so there’s nothing to worry about, and then we’d hear about how it happens to everyone and the criminals are really the ones at fault. Maybe some of the corporate and government CIOs should catch a flight to Heathrow sometime soon to confer with our British cousins on this.

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Bill Graulty
    Geez, As a "PR operative" for a respected firm (Shift4) I wish you wouldn't lump us all together. Perhaps some could learn from the Brits, but be a little selective with that tar brush.
    0 pointsBadges:
  • Steve Mason
    Ermm, you got this very wrong indeed! Jonathan Bamford is from the independent data protection watchdog, not the UK Government. He was criticising the Government's response in very strong terms. To repeat, he is NOT a 'government official'.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: