Yeah yeah. That Waider.

AIB files found in landfill; opposition party rallies around with the usual cry of "Something Must Be Done!" - you'd imagine if they're so keen on reforming the law they'd already have something prepared on the topic...

Bank of Ireland Life Online, but without the www still goes to a domain control/placeholder page. Seriously. Who let these people near the Internet?

Bank of Ireland, once again: http://bankofirelandlifeonline.ie/ currently redirects to a placeholder page with the text, "we've just hosted our site with irishdomains.com but we haven't moved in yet.". Add a www in there and you get the Bank of Ireland Life site you'd have expected. Oh, and the placeholder has a "click here to log into the site management stuff" link.

(cropped to avoid screen-filling; it's a stock Netscape iPlanet Server (or thereabouts) internal error page.)

Disc containing personal information about a murdered solicitor goes missing, possibly due to theft.

Not really a leak, but they've contacted the Data Protection office about it: HSE sends diagnosis-review letters to the wrong patients.

Ulster Bank: better than BoI. If by "better" you mean "lost more laptops".

Friends First: Mail Merge is hard!

The VFI are still the same bunch of misanthropes as the last time I checked: they're expected to criticise proposals to lower the legal blood alcohol limit for drivers, because let's face it, people should be allowed drink and drive, nanny state, our own business, etc. etc. etc.

And Bank of Ireland aren't quite done on their admission of laptop losses; apparently they lost one in Kildare 7 years ago. The bank seems to be treating it as an unconfirmed allegation, while RTÉ seems to be taking it as fact.

Data Commission subject of security breach, trumpets RTÉ news. Wow, that'd be embarrassing. Except all that happened was that yesterday, someone fished out a URL for a report due to be released today. OH NO3S ALL OUR PRESS RELEASE ARE BELONG TO IDIOTS.

Given the very real privacy leaks that have occurred recently (HELLO BANK OF IRELAND), it's completely crass of the alleged news media (and also some blogging types who Should Know Better) to declare this a security breach.

The Health Service Executive has said it does not know how many confidential medical files have been dumped in fields Co Cork, or how they got there.(link)

I was treated in one of the mentioned hospitals for a broken arm in 1979.

Last week, the bank said that medical records, bank account details, names, addresses and dates of birth of 10,000 customers were on the laptops.
In an update, Bank of Ireland said an assessment had concluded that the risk of fraud arising from the thefts was 'very low', as the data on the laptops did not include bank account passwords, PINs or copies of signatures. (link)

This is so pig-headedly wrong I can't come up with a suitable comment. You have someone's date of birth, bank account details, name, and address? You can get some pretty funky fraud going right there, with a little ingenuity and some social engineering to grease the wheels of the process.

"Bank of Ireland apologises to customers and is committed to moving as quickly as possible to allay the concerns of affected customers," the company said in a statement last night. (link)

Indeed. Moving as quickly as possible by not saying anything for months (the laptops were stolen over a period between June and October last year).

The opposition parties are, as expected, getting their mouths in on the act: Labour deputy leader Joan Burton said "I am calling on the Financial Regulator and on the Information Commissioner to make a clear statement on the implications of these security breaches,", because, no doubt, a clear statement is more important than, say, some action. Somewhat more usefully, Fine Gael’s communications spokesman Simon Coveney called for "...the mandatory encryption of all sensitive personal data carried portably; and for the strengthening of the Data Commissioner’s powers to investigate and enforce regulations, even where a complaint has not been made." - both measures I agree with, although I suspect the latter can only practically be accomplished by random checks since we don't yet have the ability to confer psychic powers on the Commissioner; the former is loosely specified in the existing legislation under the requirement to "adequately secure" data on a sliding scale based on its importance, impact of its disclosure, etc.

Bank of Ireland - my bank - have lost 4 laptops containing information on 10,000 customers. No, that's not right. They lost the laptops last year and only reported the loss on Friday. A cursory glance at the Data Protection Commissioner's website doesn't reveal any requirements for disclosing this sort of breach, mind you.

• Cheney gives China new info on North Korea's weapons program - here's how!
• for you / against you (see EU reaction). Understand? It's possible to be in both situations simultaneously.
• If the TSA didn't receive all that customer information from American et. al, who did?

( in which I whine piteously about the state of telecomms in Ireland. AGAIN. )

So I'm all set to whine to my health insurance company for not adequately protecting my personal information under Irish Data Protection Legislation, and I find this paragraph in the Handy Guide To Your Rights which basically says that any information gathered before July this year doesn't have to be fully in line with the requirements until... 2007.