Thursday, October 27, 2016

Personal data : the socialist Party sanctioned for serious security flaws – The World

The fault, since corrected, provided access to extensive information on the new members of the party.

The socialist Party (PS) has been sanctioned with a public warning, Thursday, October 27, by the national Commission on informatics and liberties (CNIL) for serious breaches on data security of its members.

It was indeed possible to access, from the Internet site of the party, the ” last name, first name, email and mailing address, telephone numbers fixed and mobile, date of birth, IP address, method of payment “ of some of the members, specifies the CNIL in a press release.

This last has not been notified of this flaw on the 26th of may, proceeded to control the next day and confirmed the existence. The PS was then immediately corrected, according to the CNIL.

The experts of the Commission are then made, on the 15th of June, in the premises of the party. They found that ” that the basic measures of security had not been implemented, “ by the party before the fault is reported. The latter was a database to manage the ” primary members “, that is, those wishing to join the socialist Party and who register on the site of the party. In addition, all of the data were not deleted after use, and the CNIL has found that information dating back to 2010 were still present in the database.

” Act activist, public “

political opinions are among the confidential data listed in article 8 of the law on data protection in 1978. The political parties and the trade unions are the only organizations to collect data revealing the political opinion of individuals. During the procedure, and to defend, the PS pointed out, a contrario, that the membership of the party is ” of his point of view, an act activist and the public that their authors usually do not seek to conceal “.

Despite the correction of the fault, the CNIL has decided to initiate a sanction procedure, which led to a public warning. Moreover, the Commission’s ” decided to make public his decision because of the gravity of the breach found, the number of people affected by the flaw and the particularly sensitive nature of the data involved, which allowed in particular to have knowledge of their political opinions “.


No comments:

Post a Comment