Tuesday, 8 August 2023

2 Data Breaches !!!!

 2 Data breaches identified on the same day. I'd say one is more serious than the other but the "less serious" one effects more people. The reason I'm writing this is just to view the way these are reported and a view as to what is meant by a data breach as opposed to what is already out there in the public domain.


The Police Service Northern Ireland has had a breach which has given personal details of all their staff, for me this is a serious security issue and this is probably due to my childhood listening and seeing the troubles being broadcast on a daily basis. The shocking thing here is the "breach" was actually a data hand over, a Freedom of Information request was answered with a simple hand over of all this data. Something i would describe as clumsy at best. 


The other data breach relates to the electoral register. . . So almost everyone over the age of 17 in the UK is signed up on the electoral register, this is administered and kept by the local authority and then reported to the electoral commission. According to some media outlets it could be a hack by the Russians, I assume this makes the story more dramatic. 

So why am I writing about this? 

Simple, the electoral register holds quite simple information which only a few years ago was very public, remember when everyone's name, address and telephone number was printed and delivered through everyone else's door in the local area, yes phonebooks were a thing but the world has moved on as well as our desire and need for privacy. 

The electoral register does contain peoples name and address, with those approaching voting age it will also contain their date of birth. This data is stored by the local council and electoral commission. BUT HOLD ON theres some questions here - 

Is literally everyone on the electoral register ?

There's the full register and the open register, i also understand there's a way of opting out of both but still being able to vote. When you apply to be on the register you can opt to not be seen on the register and so not appear on a published copy of the register, YES THE ELECTORAL REGISTER IS PUBLISHED. 

Who can see the electoral register ?

The full electoral register is used by credit reference agencies to update information held on individuals' credit reference files. 

The open register can be bought by any person, company or organisation.

And then there's political parties 

  • Registered political parties, candidates and campaigners are entitled to receive copies of the full electoral register which includes eligible voters’ names and addresses.
  • They are also entitled to access the “marked register”, which enables identification of individuals who have voted in previous elections and referendums, but not how they have voted.
  • Access to this information is important for promoting political participation. Its use can be compatible with data protection law, which must still be complied with. 
The electoral register is used in a variety of ways by a variety of groups of people. so my question is, how a big a story is it that this has been accessed by a hack and not by a simple payment through a normal route, second to that question - what is Russia going to do with our phone book, I mean we now need photo ID to vote, imagine a world where a passport is needed to vote but you can get into the country on a small boat without one. 

So couple of years off and another rambling from me, unedited and posted before I sleep on it.