How dare Bord Gais keep my personal details on a laptop
I'M one of those who embraced Lucy Kennedy's 'Big Switch' campaign to Bord Gais by trying to save a few bob on my electricity bill.
Now instead of feeling smug about it, I've just received a letter telling me that my bank details are on one of the four stolen laptops which we're only just being told about, even though they were nicked weeks ago.
I'm checking my bank account feverishly to see if someone's hacked in (although I can't for the life of me work out how -- I usually have to present a passport, fingerprint and vial of blood just to get a bank teller to talk to me).
Look, the point is, what on earth was my information doing on a laptop in the first place? Surely big corporations like Bord Gais have not only mainframe computers but security measures in place to avoid unauthorised access. Many of us who work in offices know it's virtually impossible to get into anybody else's terminal, never mind access sensitive client details without authorisation.
The whole point of a laptop is mobility, so I have to wonder if an employee was taking home my bank account information and going through it in their kitchen, perhaps with their flatmate looking over their shoulder?
If so, why on earth was it necessary to have my private stuff available for anyone to see?
The Bord Gais letter tells me that "data security and laptop encryption is a major priority for us".
Well, it might be but it was hardly urgent. It goes on to say that all laptops are fully secured now.
But that's not really the point, is it? Nothing which is that portable should have sensitive information on it -- whether encrypted or not.
It's highly probable that this was an opportunistic crime and the machines taken for their intrinsic value rather than identity theft, but it wouldn't have mattered if client information was held only on systems which can't be taken away if a thief breaks in.
This is not the first incidence of stolen laptops and, in the HSEs cases, the information available was far more sensitive than bank account numbers, but why doesn't the Data Protection Commission have the teeth to insist, by law, that all such files are only available on terminals linked to main frame computers?
I'm sure Bord Gais, like many big companies have an entire IT department to deal with this kind of thing.
Bord Gais Energy's motto, clearly printed on their letter-head is: "Think Beyond". What a pity they didn't.