Case Study Flashcards
2007 major high street banks.
In 2007, some major high street banks were named and shamed for leaving customers’ personal information in unsecured rubbish bins outside their premises.
2010, council.
In 2010, a council was fined when they inadvertently sent details of an officer to a member of the public instead if a barrister by fax.
2010, un-encrypted laptop.
In 2010, a firm was fined for allowing an employee to take home an un-encrypted laptop containing customers’ personal details.
October 2013 MOJ.
In 2013, the Ministry of Justice was fined after an attachment containing prisoner details.
October 2013, psychiatrist’s bag.
A university health board was fined when a bag containing personal details fell off a psychiatrist’s bicycle on his way home.
November 2013, council memory stick.
November 2013 saw a council fined £80,000 for losing an un-encrypted memory stick that contained details of children in its care. The memory stick was taken from a laptop in the council’s offices and was never found.
December 2013, payday lender.
December 2013, a payday lender was fined £175,000 for sending unsolicited text messages.
Mislaid laptops.
Government departments have also famously mislaid laptops.
2017, Uber.
2017, on the heels of the news that Yahoo and Equifax had lost huge amounts of customer data, it was reported that Uber had concealed a data hack affecting some 57 million individuals. The hack occurred in 2016 and Uber paid the hackers to delete the data. The data was obtained by gaining access to Uber Cloud computing. In 2014, Uber was fined $20,000 for failing to disclose a much less serious breach. These are the sort of circumstances that are likely to attract the highest penalties if EU citizens are affected.
