Following an incident where a call center employee in Germany alerted authorities to bad data management practices by handing over details of 17,000 addresses and bank details, the Germany Interior Minister has promised tougher laws for data protection.
In Germany, there are currently no restrictions on the sale of personal data from one party to another - however, plans are now afoot to ensure this can only be done with the expressed consent of the individuals whose data has been collected.
However, WatchYourEnd believes that just as great a problem is presented by the ability of the call center worker to provide 17,000 records to the authorities without his employer’s knowledge. Clearly there were no data protection technologies in place to prevent the removal of the data from the corporate network. Although in this case the employee meant well, it could have just as easily been an attempt to commit identity theft or supply the information to criminal gangs.
The German government might do well to follow a similar tack taken by the British Government by planning laws which make it a criminal offense to allow a data security breach through negligence.
