Well done Parcelforce, you managed to not only expose people's names and addresses but some signatures too!!
What is staggering is that despite this being a very easy thing to happen with a simple coding error or lack of checking of what people type in, there are no specific legal requirements for people who run these sites. They should at very least require accreditation that ensures there are processes and systems in place to adequately test any changes etc and ensure that by procedure, these mistakes are rectified. There's no point threatening action under the Data Protection Act since 1) It is rarely enforced anyway and 2) It does not address the base problem of having no enforced guidelines for websites and justs wastes money.
An organisation called OWASP are a community based organisation whose specific aim is to development and maintain standards for secure principles. It wouldn't be beyond the wit of man to make these mandatory in a particular way and what is shocking is that we have an office (OPSI) whose job is to look after this sort of thing and obviously doesn't have much of clue because this is only about the 100th time something like this has happened. I'm not sure if there is a government minister though although I don't know whether that is good or bad.
No comments:
Post a Comment