Treat All Sensitive Data as Important

  • Comments posted to this topic are about the item Treat All Sensitive Data as Important

  • .. Recently there was a data breach from B&Q, a home improvement retailer in the UK, where 70,000 names were lost. These weren't customers, but rather people that had been caught stealing from the stores. ..

    70,000 seems like a lot. It makes me wonder if this is an internal list of people who were actually caught stealing from this specific chain of stores, or maybe it was something like a black list of known shoplifters that is shared by the retail community or acquired from a 3rd party provider. I'm just theorizing here and maybe drifting off topic, but I can imagine a scenario where retailers have facial recognition functionality built into their security camera system, and then they subscribe to a mugshot database of known offenders. Why else would the store maintain a database of shoplifters?

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • I apologize for how this may sound, and yes I know you didn't mean this to sound like it does, but...

    certainly most people would have little sympathy for criminals

    Isn't that the real issue? Companies have little concern over our data, treat all of us no better than criminals, which results in us being harmed. Maybe we need to start thinking about not saving data that we don't need to, and have no right to, and then protecting the data that we do need to save.

    Again, this is not directed at you, but at our industry. I can't even say that I think we need to do better, because the fact is that too many companies are doing nothing.

    Dave

  • I would agree with you, Dave. Too many companies have treated us, or at least our data, poorly. That is one of the things I really like about the GDPR. Data about me belongs to me, not to the company. They don't get to use it indiscriminately for any purpose for all time.

  • Eric M Russell - Thursday, February 21, 2019 7:44 AM

    70,000 seems like a lot. It makes me wonder if this is an internal list of people who were actually caught stealing from this specific chain of stores, or maybe it was something like a black list of known shoplifters that is shared by the retail community or acquired from a 3rd party provider. I'm just theorizing here and maybe drifting off topic, but I can imagine a scenario where retailers have facial recognition functionality built into their security camera system, and then they subscribe to a mugshot database of known offenders. Why else would the store maintain a database of shoplifters?

    70,000. A lot and not a lot. Most breaches are in the millions, so this is fairly small. 

    I'm not sure this was just shoplifters but suspected criminals. no idea why they keep this, but it's not a great idea to not secure the data.

  • Steve Jones - SSC Editor - Thursday, February 21, 2019 8:18 AM

    Eric M Russell - Thursday, February 21, 2019 7:44 AM

    70,000 seems like a lot. It makes me wonder if this is an internal list of people who were actually caught stealing from this specific chain of stores, or maybe it was something like a black list of known shoplifters that is shared by the retail community or acquired from a 3rd party provider. I'm just theorizing here and maybe drifting off topic, but I can imagine a scenario where retailers have facial recognition functionality built into their security camera system, and then they subscribe to a mugshot database of known offenders. Why else would the store maintain a database of shoplifters?

    70,000. A lot and not a lot. Most breaches are in the millions, so this is fairly small. 

    I'm not sure this was just shoplifters but suspected criminals. no idea why they keep this, but it's not a great idea to not secure the data.

    <humor>Correcting your typo...

    no idea why they keep this, but it's a horribly bad idea to not secure the data


    </humor>🙂

    Dave

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply