PDA

View Full Version : e-mail and Security of Personal data. BA.

Ancient Observer
6th Jun 2018, 12:56
I have a common e-mail set up. I use Outlook on my pc, and the mail is through BT. From the wisdom on here, I try to ensure that I do not do stupid things - like sending any personal data over e-mail. I have no "special" encryption, so I assume that all e-mails can be read by the naughty folk.

I was extremely surprised to read an e-mail from BA yesterday. "[email protected]" sent me, in open text, my full APIS data to check.

The full APIS data set. Everything a con-artist would need to set themselves up as me. Surely this is Unlawful?

If it is not unlawful, it must be stupid, or am I missing something?
Fly-by-Wife
6th Jun 2018, 23:10
The full APIS data set would, I believe, constitute personally identifiable information (PII) under GDPR:

Full name (last name, first name, middle name if applicable)
Gender
Date of birth
Nationality
Country of residence
Travel document type (normally passport)
Travel document number (expiry date and country of issue for passport)

The passport number could be considered as sensitive information in this context.

To protect PII in transit, minimum technical measures under the GDPR would include:

Encryption of personal data in transit by using suitable encryption solutions. This may include SSL and IPsec VPN connections which are appropriate for machine-to-machine connections, or PGP which is generally used for messaging, such as, e-mail.

Note that the GDPR does not specifically mention these measures, but on the basis of commonly adopted security measures and trends in enforcement action by data protection regulators, it can reasonably be assumed that these are indeed a requirement.

If you feel that your personal data is being put at risk by the data processor in breach of the GDPR, you should complain to the supervisory authority - in the UK that would be:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 1625 545 745
e-mail: [email protected]
Website: https://ico.org.uk (https://ico.org.uk/)

FBW
jimjim1
7th Jun 2018, 17:35
"[email protected]"

Such an email would cause me some concern and I would not reply to it.

The registration of Almost Look Alike domain names is one way that people are persuaded to open malicious emails.

I hope is was just a typo on your part?
camileck
7th Jun 2018, 19:44
If "britishairays.com" is not a typo here you have most probably experienced so called SCAM attack.
Ancient Observer
8th Jun 2018, 14:44
Thanks
The missing w was my typing. That, or an unreliable keyboard!

I have e-mailed BA's Data people, but no reply!