[LINK] Computer theft

Howard Lowndes lannet at lannet.com.au
Tue Apr 20 11:09:04 EST 2004 

On Mon, 2004-04-19 at 18:15, Jeff Fulton wrote:
> I received a letter from the local council today, notifying us of the
> theft of a computer from a council childcare centre.
>  
> According to the letter, the computer contained data about clients,
> including:
>  
> <quote>
>  
> child/family names & addresses
> parent and emergency contact details
> child's medical details
> accounting details including cheque account numbers
> attendance records
> childcare benefit information

Is all of this data strictly _necessary_ for them to function.  If not,
then they are probably in breach of the Privacy Act 1988 (as amended)
>  
> The information was on a proprietary software package and was password
> protected with access only by the director and assistant director....
>  
> </quote>
>  
> I have a number of concerns:
>  
> There was no information about whether the data itself was encrypted
> in any way.
> I doubt that the "password protection" provides any real level of
> security against data theft - epecially given the fact that staff
> turnover probably means that at least 6 or 7 people knew the password
> at some time, along with all the usual issues about the strength of
> the password.
> In our case, the data specific to us was close to 5 years old, so I
> wonder about the need to retain it "online" for that period of time.
>  
> It was at least positive that the council saw the need to notify
> affected parents.
>  
> I am curious to hear comments from linkers, including any thoughts on
> whether it was likely to be a simple computer theft, or whether there
> is a risk that the data itself was the target.
>  
> Regards
> Jeff
>  
>  
> 
> ______________________________________________________________________
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
-- 
Howard.
LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com>
------------------------------------------
Flatter government, not fatter government - Get rid of the Australian states.
------------------------------------------
To mess up a Linux box, you need to work at it;
to mess up your Windows box, you just need to work on it.
 - Scott Granneman, SecurityFocus

More information about the Link mailing list