[Reading time: 46 seconds]
“The driving licences of thousands of Irish motorists who had vehicles towed on behalf of the gardaí [Ireland’s police force] were left at the mercy of hackers in a major data breach”.
This is according to the Irish Independent, which reported earlier this week that “over a half a million documents, including insurance investigations, vehicle registration certs, notices of car seizures and payment card details” were exposed.
Apparently, “the breach was caused by a software error at a Limerick-based IT services firm, which is retained by tow-truck companies working for the Gardai.”
So what?
Gardaí insist the force is not at fault for the breach, because the force is not the data controller.
“Data Controller” is a GDPR term and from a legal perspective, the Gardai may be correct.
But in the real world, the towing companies would not have had this personal data
unless the towing companies were contracted by the Gardai.
So what?
The Gardai may win the legal argument.
But they (and all of us) really need to cop on*
and take more responsibility
for what our supply chain
is doing with our data.
(* pun intended!)