Telephone intercepts can sometimes end up in the wrong
hands. And, occasionally, technical difficulties mean that only one side of the
conversation is intercepted.
What might have happened if an intercepted conversation like
this had been made public by Wikileaks, or some other group that leaks official
secrets to the public at large?
Hi, is that the ICO’s Breach Notification Department? It’s
Maud at the Serious Fraud Office. We’ve had a bit of an incident over here, and
our interim Data Protection Officer thought you might want to know. It’s all a
bit hush hush – so you mustn’t tell anyone else about it.
What? Dunno how it happened. Probably some kid on work
experience got carried away with the address labelling machine in the post room,
and stuck the wrong address labels on some boxes.
How many boxes did you say? Dunno. Enough to hold about
32,000 pages of documents, 81 audio tapes and a load of computer files.
When did it happen, did you say? Dunno. Probably last year between
May and October. We realised that
something was wrong about 3 months ago, and we think we’ve recovered about 98% of the
material. So we’re only short of about 1,600 documents, a
couple of audio tapes and a handful of computer files.
What were they about, did you say? Dunno – I haven’t read any
of them. They came from that team that carried out a 6 year investigation into
allegations that British Aerospace had paid bribes around the world to secure
lucrative arms contracts. You know, the one that ended with BAE paying out
almost £300 million in penalties. Yes, that was the one.
Who were they mistakenly sent to? I can’t tell you that. That’s
against data protection. These
recipients have got rights, you know.
Whattdya mean we’ve got to fill in a breach notification
form and you’ve going to start an investigation? We’re the ones that do the
investigating around here.
Civil Monetary Penalties? Are you mad? Do you think we’re seriously gonna cough up simply because some prat stuck the wrong labels on some bloody boxes? Don’t you know how many boxes there are, lying around our post room? We deserve medals for making sure incidents like this don’t happen every week. It’s not that serious, you know. Nowhere near as serious as most of the crimes we’re trying to investigate.
Well, if you’re going to take that attitude, then there will
be a problem. All I was told to do was give you a quick call on the sly so you’ve
clocked that we’ve ticked the “no publicity” box for this incident. Stuff like
this is embarrassing. So keep it quiet, ok?
Whattdya mean it’s all over the papers today?
Bugger.
In that case, the SFO will revert to plan B. We’ve given you
an oral report of the incident. So what if it's 3 months late. If you want one in writing it’ll take us another 3 months – and by the time you guys have had satisfactory answers to every
point you raise it’ll be well into autumn 2014. By that time, hopefully some
other poor sod will have reported an even more newsworthy data breach, and the
heat will be off us. Oh, and our interim Data Protection Officer tells me we’re fast running out of money, so
there’s no hope of you slapping a huge fine on us for our sloppy data handling
standards. We’ve stopped school kids from getting work experience in the post
room, and that’s all that can be done right now. They’ve been reassigned to the typing pool, instead.
Oh, and don’t go around in public mouthing off about us or
telling everyone that you’re investigating us. There must be a law against
that, somewhere.
Source:
Section 59 of the Data Protection Act prevents the Information Commissioner or his staff from revealing what enforcement action they intend to take, until it has been
taken (unless the news is already in the public domain). So we can only dream
about what may happen.
.