Privacy Advisor

Breaches Affect Publisher, Councils, Columnist

November 27, 2013

By Angelique Carson, CIPP/US

Across the UK, breaches have been making headlines and prompting orders and advice from the Information Commissioner’s Office (ICO).

After a breach at Racing Post’s website, every member has been told to change their passwords, TechWeek Europe reports. The number affected is in the “six-figure” range, according to the publication’s editor. No credit card or betting data has been compromised, but names, encrypted passwords, addresses and dates of birth were.

Meanwhile, the ICO has warned companies to train temporary workers in best data protection practices just as they would permanent staff after four data breaches occurred at the Great Ormond Street Hospital for Children NHS Foundation Trust. Three of the incidents occurred because of temporary employees who had not been properly trained despite their roles in handling data, Kroll reports.

The ICO has also criticized Anglesey Council for having insufficient physical security and storage standards for its manual records. “Immediate action is required,” the ICO said, and BBC News reports the council has agreed to an action plan.

Additionally, the ICO has ordered Windsor and Maidenhead council to review its data protection policies after “restricted details of employees were accidentally posted to an organization-wide intranet,” ComputerworldUK reports. A spreadsheet containing the details was accidentally sent to all employees, and a subsequent investigation found the council had failed to adequately train on data protection.

Meanwhile, a columnist for The Guardian reports on a recent experience in which she received an e-mail from a stranger who had been sold the iPhone she recently traded in, and it still contained all of her data.