From: lyger (lygerattrition.org)
Date: Wed Feb 27 2008 - 08:52:03 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.siliconrepublic.com/news/news.nv?storyid=single10391

The loss of a laptop containing the files of up to 175,000 Irish blood
donors, which was stolen earlier this month in New York, does not
constitute a breach of the Data Protection Acts and the encryption on the
laptop is sufficient to protect the files, Ireland.s Data Protection
Commissioner said today.

Following an investigation into the theft of the laptop from an employee
of the New York Blood Centre (NYBC), the Data Protection Commissioner.s
office said the NYBC had a proven track record in developing query tools
for blood organisations like the Irish Blood Transfusion Service (IBTS).

[.]

The data contained patient names, addresses, email addresses and/or mobile
phone numbers. The log files also contain numeric codes for other kinds of
information such as attendance at the IBTS or blood-test results performed
by the IBTS.

"Importantly, the key for these codes was not on the stolen laptop or on
the disks given to the NYBC for the performance of its functions," the
Commission said.

"It is not possible to isolate individual fields in the log files, so it
would have been difficult, if not impossible, to have anonymised the files
prior to their supply to the NYBC. Accordingly, the amount of personal
data supplied to the NYBC for the performance of the contract entered into
is not considered excessive in the circumstances," the Commission said.

[...]
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]