More consumers helpless at the hands of negligent Bord Gais Energy and HSE

This week has seen two more instances of customer data losses by two more Irish organisations. These are the 12th and 13th incidences of data loss tracked in this running total I’m keeping – Who has lost their customers personal data?

The Health Service Executive (HSE) in Roscommon were the first to be outed. This is the 4th entry of the HSE on the list. According to this article:

Yesterday it was revealed that the Health Service Executive (HSE) and gardai were investigating the theft of 15 laptops in Roscommon town.

The HSE confirmed tonight that information on one unencrypted laptop contained sensitive details relating to a social worker’s case notes involving nine families.

The larger second incident affected Bord Gais Energy, and many of their new electricity customers. According to the same article:

A laptop containing the bank account details of 75,000 Bord Gais electricity customers has been stolen, it was revealed tonight.

The energy company confirmed that the laptop – which was not encrypted – was one of four taken during a burglary at its Dublin offices 12 days ago.

The usual questions have to be asked here – and unfortunately, many of us watching such data losses and data protection screw ups are tired of asking them.

While it’s understandable that a social worker would have case notes on a laptop, it’s ridiculous that the laptop wasn’t encrypted. Last September, the HSE was impacted in exactly the same way – this is the reporting from that occasion:

The Office of the Data Protection Commissioner said it is surprised that people still carry around laptops with sensitive information, which is not encrypted.

That’s 9 months ago. Why weren’t the remaining laptops in the HSE encrypted since then? I know there’s a lot of laptops in such a big organisation, but surely 9 months was enough time to protect them all.

The more egregious foul up here is that of Bord Gais Energy. There is no legitimate reason that would necessitate a company such as this to store the personal banking details of their customers on a laptop.

The fact that the laptop wasn’t encrypted compounds this balls up. And the fact that the laptop was stolen from inside their office doesn’t negate that fact. Any responsible company nowadays ensures that no sensitive data is stored on portable devices at all, and where this unavoidable, precautions are taken to ensure that devices are encrypted, and further, other measures can be taken to ensure such data is deleted either automatically or remotely.

I have a couple of serious concerns here.

Firstly, the Data Protection Commissioner was complicit with Bord Gais Energy here in keeping this data theft secret and leaving 75,000 customers hanging out to dry and left blissfully unaware that their bank details were in the hands of criminals.

Secondly, from the coverage that I heard on RTE Lunchtime news, it’s most likely that Bord Gais Energy are unlikely to get anything more than a slap on the wrists from the Data Protection Commissioner for this negligence. The DPC, who have been helpful to and our information requests in the past, are unfortunately doing the classic National Consumer Agency cop-out of “working with” Bord Gais Energy rather than actually defending the interests of consumers – the primarly purpose of DPC.

Share with Others?Tweet about this on TwitterShare on FacebookShare on LinkedInShare on Google+Email this to someonePrint this page

, , , ,

2 Responses to More consumers helpless at the hands of negligent Bord Gais Energy and HSE

  1. declan June 19, 2009 at 11:43 #

    Have you not seen? It gets worse. Apparently Bord Gais Energy hid from the data protection people the fact that the laptop wasn’t actually encrypted.

    I think this is shocking, all of it.

    I changed over the their electricity service at the end of May, but they haven’t told me if I’m impacted or not, and they won’t answer any questions that I have when I call them up.

    It’s unbelievable that a company can get away with treating their customers so badly without any consequences.

    What’s the point in having data protection people or laws in the first place really?

  2. The.Q June 19, 2009 at 15:39 #

    Completely agree that this is scandalous. I’m (I think) one of these BGE customers, although I’m not sure as no-one is telling us anything. I’ve checked my bank acct (and am continuously) and all seems OK, but it may not have been, and I wouldn’t have known what was going on until I heard this. This laptop was stolen the day of the elections. Think back to that, it was a while ago, wasn’t it?

    I work in a large government organisation (I won’t say which one, suffice to say one of the bigger ones), and all our laptops are encrypted, even down to ones used for training staff which have no personal details AT ALL on them, and no direct access to the organisation’s network. It’s a pain in the a%$e having to key in a 32 character code to unlock it each time I use my training laptop, but I do. Why can’t HSE have something similar? No excuses.

Leave a Reply

Powered by WordPress. Designed by WooThemes

hit counter