Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 31 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Police website asks for data protection requests over HTTP connection

by The Gurus
March 3, 2015
in Editor's News
Share on FacebookShare on Twitter

The Association of Chief Police Officers (ACPO) is inviting members of the public to send data protection subject access requests over an insecure HTTP connection.
 
According to a blog by Jon Baines, chair of the National Association of Data Protection Officers (NADPO), as well as access requests, copies of proof of identity, such as passports or bank statements, are also requested to be sent over the HTTP connection.
 
“This is almost certainly in breach of ACPOs obligations under the Data Protection Act,” Baines said. “One of the most important rights under data protection law is that of ‘subject access’. Section 7 of the Data Protection Act 1998 (DPA) provides, in broad terms, that a person may require an organisation to say whether it is processing data about that person, and if so, to be given a copy of it.”
 
Pointing to a tweet by consultant Paul Moore highlighting the issue, Baines said that it is difficult to understand how it has happened. Baines said: “At a time when there are moves to encrypt all web traffic, the failure to offer encryption on such profoundly sensitive issues as information held by police, and identity documents, is jaw-dropping.”
 
In an email to IT Security Guru, Baines said: “The first consideration when designing an online process for transferring highly sensitive personal data should be security, and the privacy of individuals.”
 
Altered to the issue, an ICO spokesperson said: “We are aware of this issue and are currently making enquiries.”
 
UPDATE – Ian Readhead, the National Policing Lead for Data Protection and Freedom of Information, said: “The ACPO Criminal Records Office (ACRO) became aware of the situation concerning the provision of personal data over a HTTP rather than a encrypted HTTPS connection on Tuesday February 24th. This was caused by a contractual oversight. The Information Commissioner was immediately advised. The secure HTTPS connection was restored on February 25th. We apologise for this matter.”

FacebookTweetLinkedIn
Tags: Data ProtectionHTTPPolice
ShareTweetShare
Previous Post

GCHQ introduces northern summer school

Next Post

GCHQ summer hacker camps

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information