Tuesday, 6 August 2013

Another “unforgivable" data breach

Here we go again. Another fine for another data breach – this time the Bank of Scotland is on the naughty step for faxing documents to a couple of wrong numbers. Over a 3 year period, one wrong number received some 75 documents, while another one received some 11 faxes. Oh, and during that time, some 325,000 faxes were evidently sent correctly each week. 

But, as Stephen Eckersley, the ICO’s Head of Enforcement explained: “The Bank of Scotland has continually failed to address the problems raised over its insecure use of fax machines. To send a person’s financial records to the wrong fax number once is careless. To do so continually over a three year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act.”

The bank was so keen to prevent future breaches happening that it spoke to the owner of the fax number that received 11 incorrect faxes, and managed to buy the fax number from him.

But this state-owned institution still received a fine of £75,000 for its sloppy data handling practices. Another wodge of dosh will get shunted from one side of HM Treasury to the other.

As American singer Christine Grimmie might have put it:


Ok, let’s keep this simple
We did intend to fax this stuff on the safe side
It's who we are and it's who you aren't
We can, now anyone, can know you clearer
As your docs are available to all
We can all see your complexion
And we all know in your heart the way you choose
We’ll always want the best for you
Now we’re standing here with a cryin' face
Everyone knows it’s our disgrace

We never meant for you to have this news
We shoulda' known better
There's nothing left for us to lose
When you looked at us and said we had sent it all
But what we did is not unforgivable (unforgivable)
What we did is not unforgivable (unforgivable)

We know these things have been goin' on
We know we can't erase our sin
Our reputation’s right in the rubbish bin
We know your wallet is breaking
But is it as torn as ours
As ours(oh)
And you've already made it known
How much of you we shouldn’t have shown
Now the ICO  won't never leave us alone


Despite this, we’re still declining to loan
You any money for repairs to your dodgy home


Image credit:

Huge apologies to the institution incorrectly named as the culprit (and whose logo I inadvertently used) in earlier versions of this posting. I am immensely relieved that keen readers at said institution have contacted me to point out this mistake.  Bottles of scotch will be offered as a token of my gratitude that the error was spotted so quickly.