Friday, 16th May 2008

News from the Guernsey Press

States criticised over its handling of security breach

0541759.jpgTHE States should have taken immediate action once notified that care home records were at risk, according to the chairman of the Guernsey Association of Compliance Officers.

‘If it was our company then something would have been done pretty much straight away, I have to say.  You have to look at it case by case, but once told about the breach we would be looking to have identified and started tackling the problem even within the hour,’ said Julian de G Parker (pictured), who is also head of compliance for Generali.

The Guernsey Press told the States on the morning of 10 March that whistleblower Marcus Cicero had discovered a serious fault in its internet system that meant personal information belonging to care home residents could be accessed. Mr Cicero said that he had first told the States of its internet vulnerability four years’ earlier.

The Guernsey Press provides daily in-depth coverage of life in the Bailiwick. Subscribe here. View a demo and subscribe to our online edition here.

Have your say on 'States criticised over its handling of security breach', comment below

This article posted on March 25, 2008 at 2:29 pm, filed under News.
My Zone from Wave Telecom
Editors Blog - 230Cinema - 230
Gazette Notices - 468

One Article Comment

  1. Darren
    Posted March 26, 2008 at 9:39 am

    With respect to the alleged security breach of care home records I think this story is wholly dispraportionate and has not been reported on objectively. No breach was actually undertaken and no records lost nor revealed to the public.
    I’m not a fan of the States of Guernsey per say, however I believe someone somewhere must have examined the case years ago when the ‘potential’ for an event to occur was highlited; this person, or people, obviously felt that despite the risk being identified it was an acceptable level of risk to the States.
    The comments made by the head of compliance for Generali are noted and, in the case of his business, given his organisation manages investments and funds it would be wholly appropriate to resolve potential issues as soon as practicable as I imagine the kind of records they keep pertain to accounts, account numbers, balances and such like which would have severe implications for their reputation.
    Risk per say is measured in likelihood versus impact; in the four years since this issue was identified there have been no breaches and as such I believe the States did the right thing - to change systems costs money, and to change a low risk area requires a sound business case.
    Kind regards
    Darren

Post a Comment on this Article

Your email address is never published nor shared. Required fields are marked *

*
*

Disclaimer: Please ensure your comment relates to the article it accompanies. If it is irrelevant, it will not be approved. We will put up as many of your responses as possible but cannot guarantee that all comments will be published. We prefer short comments that include no external website links. We reserve the right to edit comments and will not enter into correspondence over editing decisions. Comments featured on the site are not representative of the views of the This Is Guernsey or Guiton Group.

If you wish to make a comment about this website, please use our feedback form.