Sounds ridiculous? Look at the news from Ireland, where it has emerged that a civil servant — from the Data Protection Section (!) — passed information from government databases to his criminal brother. The brother used it to burgle one man and attempt to extort money from three businessmen. The civil servant told investigators that it is “common practice” to look up data on friends, family and acquaintances. Apparently there have been a number of other breaches since, with civil servants leaking sensitive information to third parties.
I’m not seeking to draw attention to the Irish breach, since I’m sure that the same things happen in other countries (including the U.K.), just pointing out that data breach legislation might need to cover matters more sensitive than credit card numbers. So what is the right answer?
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]