Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Google Translate gives me, "Data Protection Agency takes no further action".

Is that true? No-one is fined or prosecuted for this? Or even sacked?



Yes that's true - The Data Protection Agency see no reason to take any further action in this case. Their assessment is that there is a low likelihood of an actual leak (based on a written statement from the Chinese employee who opened the letter). And the SSI has promised to send such information encrypted going forward.


If I were a senior official at the Chinese foreign service, and I heard that one of my employees got such a CD and just gave it back to the Danes without notifying higher-ups, then I would want that employee's head.

On the other hand, if I were a senior official in the Danish foreign service, then I would find my life a lot easier if no one was kicking up a fuss about the Chinese.


I know that visa office. I am not so concerned about them. That package could have been delivered anywhere.

What I mean is that it is private company handling incoming paper work just like any other company in that building. It happens to be doing paper work for the Chinese embassy.

I am more concerned about who put that information on those CD's and why did those people have access to that information. That information should be treated like a radioactive piece of material.


Sending this sort of data through the mail unencrypted shouldn't be legal to start with, imho. It's just a matter of time before it ends up in the wrong person's hands by accident.


As others write, the data protection agency doesn't have any real power. As a result very few companies and even other government agencies really care about the opinion of the data protection agency.

It doesn't make sense to fine anyone, or even try to prosecute, because everyone will just claim that they are just doing as instructed, and a fine to government agency is a little weird.

The issue is a very combination of a belief that any problem can be slowed using IT, and at the same time refusing to make any effort to understand IT. In terms of IT the Danish government is completely ignorant, bordering on the incompetent.

I don't think I would be completely of, if I claim that almost no one working in Denmark has ever received any real training in basic IT, and least of all in data protection. It's naively assumed that everyone in society has the skills required use a computer, and threat data with the care that is needed.

The basic issue is that the person in charge of making the CDs didn't see an issue with not encrypting them, or not knowing how to do so. It a culture of incompetence and happy ignorance.


> the data protection agency doesn't have any real power.

Which is a shame, because the Charter of Fundamental Rights of the European Union is suppose to guarantee that data protection issues are protected by an independent body.


Datatilsynet (Data Protection Agency) has no actual powers. They can only raise fingers. Parliament has decided not to actually grant them any powers but say mean things. Datatilsynet themselves have on numerous occasions admitted that they are pretty powerless.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: