April 22nd, 2008

haircut

more on Bank of Ireland's lost laptops

"Bank of Ireland apologises to customers and is committed to moving as quickly as possible to allay the concerns of affected customers," the company said in a statement last night. (link)
Indeed. Moving as quickly as possible by not saying anything for months (the laptops were stolen over a period between June and October last year).

The opposition parties are, as expected, getting their mouths in on the act: Labour deputy leader Joan Burton said "I am calling on the Financial Regulator and on the Information Commissioner to make a clear statement on the implications of these security breaches,", because, no doubt, a clear statement is more important than, say, some action. Somewhat more usefully, Fine Gael’s communications spokesman Simon Coveney called for "...the mandatory encryption of all sensitive personal data carried portably; and for the strengthening of the Data Commissioner’s powers to investigate and enforce regulations, even where a complaint has not been made." - both measures I agree with, although I suspect the latter can only practically be accomplished by random checks since we don't yet have the ability to confer psychic powers on the Commissioner; the former is loosely specified in the existing legislation under the requirement to "adequately secure" data on a sliding scale based on its importance, impact of its disclosure, etc.