Thanks Thanks:  33
Page 1 of 3 1 2 3 LastLast
Results 1 to 15 of 39

Thread: Dealing with breaches of data safety

  1. #1

    Join Date
    Jan 1970
    Posts
    0

    Angry Dealing with breaches of data safety

    Last night an email was sent out by the returning officer.

    The first 100 people to get this also received the email addresses of the other 100 people on the list.

    I have two questions.

    1) How would you prevent this from happening?

    2) If it were to occur again, how would you deal with it?

    Cheers

    Tony

  2. #2

    Join Date
    Oct 2007
    Location
    Porthcawl S Wales
    Posts
    481

    Default

    I would like to apologise to all concerned as I have already done so on the Facebook group where this has been posted.

    This is way above my technical knowledge and I would not know how to prevent this happening again. All I can do is apologise on the returning Officer's behalf - human mistakes can and do happen and if there was anything I could do to help correct this then I would.

  3. #3

    Join Date
    Jan 1970
    Posts
    0

    Default

    Lillian, you and the rest of the committee were not informed by the returning officer or the Chairperson. The fault on this occasion is not with the majority of the committee.

    How people would deal with it is a deal breaker.

  4. #4

    Join Date
    Jul 2012
    Location
    Poole, Dorset
    Posts
    111

    Default

    Quote Originally Posted by Mongoose39uk View Post
    Last night an email was sent out by the returning officer.

    The first 100 people to get this also received the email addresses of the other 100 people on the list.

    I have two questions.

    1) How would you prevent this from happening?

    2) If it were to occur again, how would you deal with it?

    Cheers

    Tony
    Firstly I would like to say I am not making any comment about the incident of yesterday I don't know the circumstances by which that happened. It may be a matter for the new Committee when elected to look in to.

    To answer the 2 questions:

    1) I would expect GAGB to use a proper legally run external email mailing list provider which provides the means to avoid this. There are several such email mailing list providers available to use which wouldn't require a fee to use. They would also meet any rules and regulations on Data Protection and European anti-spam laws.

    I won't openly name any of the email mailing list providers as I don't wish to be accused of advertising.

    2) If we were to use a proper email mailing list provider as I suggest above I would not expect it to happen again. In six years of using such providers I have not known any email list I managed via such a system to be compromised.

  5. #5

    Join Date
    Jan 1970
    Posts
    0

    Default

    You have not answered what you would do if it were to happen despite the provider?

  6. #6

    Join Date
    Jul 2012
    Location
    Poole, Dorset
    Posts
    111

    Default

    Quote Originally Posted by Mongoose39uk View Post
    You have not answered what you would do if it were to happen despite the provider?
    For me to state the action I would expect to follow would depend on how the data leak happened. To speculate about future possibilities of Data being compromised could lead me to write a book on the subject the subject is quite complex.

    All data we collect should be used in accordance with the principles of data protection as set down in Data Protection Act 1998, regardless of our need to register or not under the Act.


    Schedule 1 to the Data Protection Act lists the data protection principles in the following terms:

    1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless

      (a) at least one of the conditions in Schedule 2 is met, and

      (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
    2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
    3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
    4. Personal data shall be accurate and, where necessary, kept up to date.
    5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
    6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
    7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
    8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

    Taken from http://www.ico.org.uk/for_organisations/data_protection

  7. #7

    Join Date
    Jan 1970
    Posts
    0

    Default

    So no a simple apology to start with..........

  8. #8

    Join Date
    Jul 2012
    Location
    Poole, Dorset
    Posts
    111

    Default

    Quote Originally Posted by Mongoose39uk View Post
    So no a simple apology to start with..........
    Yes of course that was so obviously required in my mind I didn't think to actually say I would say sorry.

    Then I would move to the investigation and take action from there .

    Paul

  9. #9

    Join Date
    Jan 1970
    Posts
    0

    Default

    Sorry Paul just a little angry at the way the Chairperson has witheld information.

    I shouldn't have let you have that barrel
    Last edited by Mongoose39uk; 18th November 2013 at 07:55 PM. Reason: Appology

  10. #10

    Join Date
    Oct 2008
    Location
    West Lothian, Scotland
    Posts
    228

    Default

    I'm only just catching up with all this, so my first apologies is for the delay in replying. Work does tend to get in the way somewhat.

    Secondly I'd like to add my apologies to all those affected by the email in question.

    In answer to the two questions:

    1) How would you prevent this from happening?
    Unfortunately its happened, I wish there were some way of making it un-happen, but there isn't.
    The protection of personal details, such as email addresses, is taken very seriously. Access is restricted, even within the GAGB committee (I've never seen the full details of the members, only the list that is available for all under the users list section of the website)

    I suppose having a returning officer that is completely devolved from the GAGB is both an asset to impartiality and now an issue. Perhaps having some system in place for the returning officer to use the existing GAGB mailing system can be set up.
    (these things are beyond me, and I dont know if that would impact on the impartiality of the system, but its got to be worth a look).

    2) If it were to occur again, how would you deal with it?
    Hindsight is a wonderful thing, we'd all deal with issues differently given time to access and reflect.
    In my work we have information security managers, they are the ones you go to if something goes wrong. I've never had to use them (thankfully) but they know what to do if it does.
    I can only recommend to the new committee that some sort of policy / procedure is put in place to report these issues to. Someone who knows alot more about data protection than I do.



    All I can do is apologise, I'm not entirely sure if I'm a current committee member or not, but I feel responsible for this lapse in our communication systems.

    I have failed Mike (by not anticipating his requirements to run the voting system), I have failed some of our longest GAGB members (by sending their emails out) and I have failed generally in maintaining confidence in the GAGB from you the members.


    What I can do is ask for your forgiveness and hope that you will be understanding, and believe that (regardless of who is voted into the new committee) improvements will be made to the voting process.
    Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better. - Samuel Beckett

  11. #11

    Join Date
    Sep 2005
    Location
    The Mendips, Somerset
    Posts
    2,769

    Default

    As I have said in response to the post you started in the GAGB Facebook group, there was an unfortunate error last night when the emails were sent out and I have apologised several times.

    All the emails were having to be sent manually after LadyBugKids had problems sending a bulk email to all GAGB members from a hotel Internet in Germany (via his Alaskan domain) and he had to abort it.

    As part of the manual process, he inadvertently added the first 100 email addresses into the cc field rather than bcc field. He realised as soon as he pressed send, but was too late to stop them. All further emails were sent as bcc. He also emailed me to keep me informed and to apologise for this error and replied to those people that contacted him directly last night.

    By the time he had finished sending all the emails it was nearly 2am (his time) and we (Mike & I) decided that we wouldn't send out a bulk follow up apology email at that time, but that he would initially respond to any specific emails personally.

    Mike is in Europe on business this week so has limited time (mainly late evenings) when he has access to his laptop so may not have responded to emails that have arrived today.

    I have also been at work all day and only became aware of the facebook conversation after I finished this evening. I have since given a detailed description of events to the committee to keep them informed.

    It is an unfortunate incident in what otherwise has been an excellent service from LadyBug Kids for the third consecutive year as Returning Officer.

    I am sure Mike will reply to this thread once he has checked in at his hotel this evening.
    GAGB member since 2005
    GAGB Committee member 2010 to 2016 (Chair 2012 to 2015)
    UK Mega Event Chairman 2009 (Weston-super-Mare)


  12. #12

    Join Date
    Jan 1970
    Posts
    0

    Default

    Quote Originally Posted by JackieC View Post
    I'm only just catching up with all this, so my first apologies is for the delay in replying. Work does tend to get in the way somewhat.

    Secondly I'd like to add my apologies to all those affected by the email in question.

    In answer to the two questions:

    1) How would you prevent this from happening?
    Unfortunately its happened, I wish there were some way of making it un-happen, but there isn't.
    The protection of personal details, such as email addresses, is taken very seriously. Access is restricted, even within the GAGB committee (I've never seen the full details of the members, only the list that is available for all under the users list section of the website)

    I suppose having a returning officer that is completely devolved from the GAGB is both an asset to impartiality and now an issue. Perhaps having some system in place for the returning officer to use the existing GAGB mailing system can be set up.
    (these things are beyond me, and I dont know if that would impact on the impartiality of the system, but its got to be worth a look).

    2) If it were to occur again, how would you deal with it?
    Hindsight is a wonderful thing, we'd all deal with issues differently given time to access and reflect.
    In my work we have information security managers, they are the ones you go to if something goes wrong. I've never had to use them (thankfully) but they know what to do if it does.
    I can only recommend to the new committee that some sort of policy / procedure is put in place to report these issues to. Someone who knows alot more about data protection than I do.



    All I can do is apologise, I'm not entirely sure if I'm a current committee member or not, but I feel responsible for this lapse in our communication systems.

    I have failed Mike (by not anticipating his requirements to run the voting system), I have failed some of our longest GAGB members (by sending their emails out) and I have failed generally in maintaining confidence in the GAGB from you the members.


    What I can do is ask for your forgiveness and hope that you will be understanding, and believe that (regardless of who is voted into the new committee) improvements will be made to the voting process.
    You cannot be held responsible when the information is withheld from you. You have not failed.

  13. #13

    Join Date
    Jan 1970
    Posts
    0

    Default

    Quote Originally Posted by Maple Leaf View Post
    As I have said in response to the post you started in the GAGB Facebook group, there was an unfortunate error last night when the emails were sent out and I have apologised several times.

    All the emails were having to be sent manually after LadyBugKids had problems sending a bulk email to all GAGB members from a hotel Internet in Germany (via his Alaskan domain) and he had to abort it.

    As part of the manual process, he inadvertently added the first 100 email addresses into the cc field rather than bcc field. He realised as soon as he pressed send, but was too late to stop them. All further emails were sent as bcc. He also emailed me to keep me informed and to apologise for this error and replied to those people that contacted him directly last night.

    By the time he had finished sending all the emails it was nearly 2am (his time) and we (Mike & I) decided that we wouldn't send out a bulk follow up apology email at that time, but that he would initially respond to any specific emails personally.

    Mike is in Europe on business this week so has limited time (mainly late evenings) when he has access to his laptop so may not have responded to emails that have arrived today.

    I have also been at work all day and only became aware of the facebook conversation after I finished this evening. I have since given a detailed description of events to the committee to keep them informed.

    It is an unfortunate incident in what otherwise has been an excellent service from LadyBug Kids for the third consecutive year as Returning Officer.

    I am sure Mike will reply to this thread once he has checked in at his hotel this evening.

    My issue is not so much that the error occurred though I am angry about that. I am livid that it was basically ignored unless someone noticed it. It was not even mentioned to the rest of the committee until the poo hit the fan! Has anyone even contacted the others on the list. If you haven't got it have you asked for a copy. You know several people who have a full copy. I could always email them but you may not be happy with what I have to say!

  14. #14

    Join Date
    Mar 2007
    Location
    Anchorage, Alaska
    Posts
    222

    Default Mike Malvick/Ladybug Kids Public Apology for E-mail List Breech

    Last night, whilst sending out an e-mail roll-out for the upcoming Committee election, I inadvertently sent one note out with 100 GAGB members' e-mail addresses exposed on the distribution list. The reason the e-mail addresses were exposed was that I failed to paste the addresses onto the blind carbon copy (bcc) line of the e-mail. I manually compiled the e-mails because the properly configured batch e-mail I attempted to send would not go out via my hotel internet in Ingolstadt, Germany. I was eager to get the word out on behalf of GAGB before the Q&A period closed and lacked time to troubleshoot the problem with my internet service provider (ISP).

    As past Webmaster and Secretary (and now, returning Secretary) for GeocacheAlaska!, Alaska's incorporated not-for-profit geocaching organization, I full understand and appreciate the need to maintain member record confidentiality. I personally have written into all GeocacheAlaska! procedures that discuss communicating with our membership, "compile distribution lists using the bcc line."

    I failed to follow my own process, and for that, I apologize to the GAGB Committee and all GAGB members, especially those whose e-mail addresses I accidentally exposed.

    As soon as I realized my error (which was about a millisecond after I hit "send"), I contacted Jen/Maple Leaf, to notify her because I recognized the significance of the exposed distribution list. At that point, the bell had been rung and there was no going back.

    The membership may rest assured that subsequent e-mails during this election period will maintain the confidentiality of their e-mail address. The ballots will be e-mailed by Surveymonkey.com on my behalf and there is no chance e-mails will be exposed.

    Again, I apologize to the GAGB Committee and to the GAGB membership for my error. It was my error and mine alone and I own it.

    I sincerely hope my mistake does not detract from the vibrant and exciting election GAGB has in the works. It's wonderful to see so many people step forward with a willingness to up their geocaching game in other significant ways.

    Apologetically,

    Michael Malvick
    GAGB Returning Officer
    Last edited by LadybugKids; 18th November 2013 at 10:58 PM.
    In Alaska, the best athletes eat raw meat, sleep in the snow, and run naked.
    Ladybug Kids' gc.com profile
    Visit the GeocacheAlaska! website.

  15. #15

    Join Date
    Jan 1970
    Posts
    0

    Default

    APART from this apology on here has any attempt been made to contact the individuals affected or are they still not regarded as worthy of your attention?

    These responses are not related to the questions for potential candidates and should be removed or moved to an appropriate thread.

    My questions here were for potential committee members to see how they would have dealt with it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •