The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

Privacy Calendar

Links

RSS FEED for this site

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Saturday, October 09, 2004

Dutch prosecutor leaves crime files on dumped PC

You can get by with bad information management practices for a little while and stay under the radar, but if you dispose of information inappropriately, there is a very high likelihood that it will become public knowledge in a high-profile way. A Dutch prosector is reported to have disposed of his personal PC that contained loads of his own personal information and detailed information about crimes he was prosecuting. Check out The Register's article on this incident:

Prosecutor leaves crime files on dumped PC | The Register:
"Dutch public prosecutor Joost Tonino was condemned yesterday for putting his old PC out with the trash. It contained sensitive information about criminal investigations in Amsterdam, and also his email address, credit card number, social security number and personal tax files. Tonino dumped the computer, which he hadn't used for two years, because he thought it contained a virus. The operating system wouldn't start.
A taxi driver found the PC on the steet just outside Tonino's home, got it working again and informed a crime reporter, who yesterday revealed on television what was on the hard disk. Based on information left on the PC, the reporter also managed to gain access to Tonino's email account..."

Among the many morals of this story is that employers need to be careful about what work-related information their employees have on their home computers, how it is secured and how it is disposed of. A company that is vigilant about their own workstations and disposal of surplus hardware may not be aware of the achilles heel caused by keen employees who bring work home but don't have a clue about security and privacy. This incident happened because he put the PC on the curb with the trash, but a huge amount of harm could have happened if he simply had an insecure high-speed connection that allowed hackers onto his system without him being aware of it. The article says that criminals would have paid a fortune for the information, so he should really count himself lucky.

Labels: information breaches