Data Leaks are aplenty, Now What?

I received an email the other day from T-Mobile saying that my personal data has been breached. I am among the one million customers who were, regrettably, ‘inconvenienced’.

The data leak was related to my pre-paid wireless account. Frankly, I could not recall having used T-Mobile pre-paid wireless account! Even if I did, it must have been umpteen years ago. Does it mean T-Mobile has kept my record long after I am no longer a customer?! After all, it was a pre-paid wifi account, which means I most likely have bought it at an airport for my short stay in a certain country. Did they not have a data retention policy? Could they have saved themselves a lot of trouble if they had deleted data that are no longer needed?

The T-Mobile official website tried to play down the seriousness of the data breach which are not helpful at all. This is typical of almost all data breach notifications.

They are not alone.

A few days earlier, it was reported that the Singapore Accountancy Commission (SAC), a statutory body under the Ministry of Finance, has ‘accidentally’ or ‘inadvertently’ leaked 6,541 personal records over a period of 4 months to 22 organisations. The personal data leaked included name, NRIC, date of birth, contact details, education, employment information, CA qualifications exam results. Pretty comprehensive set of data. And for how long? 4 months and 22 organisations? These ‘accidents’ seem pretty routine to me.

One thing I noticed is that among the mainstream media, only CNA has put the word ‘inadvertently’ in quotes in its subject header. The Straits Times, Business Times, and zaobao have been low-key in its subject header with words like ‘inadvertently’ or ‘accidentally’ without the quotes, as if it is acceptable.

Data leaks are supposed to be unintentional, accidental, or inadvertent. Otherwise it should be called a data crime.

It is understandable that the organization involved will want to downplay the seriousness of the breach to limit liabilities. But if the media also do so, albeit ‘inadvertently’, we have a long road ahead of us.