PPRuNe Forums

PPRuNe Forums (https://www.pprune.org/)
-   Computer/Internet Issues & Troubleshooting (https://www.pprune.org/computer-internet-issues-troubleshooting-46/)
-   -   e-mail and Security of Personal data. BA. (https://www.pprune.org/computer-internet-issues-troubleshooting/609765-e-mail-security-personal-data-ba.html)

Ancient Observer 6th Jun 2018 12:56
e-mail and Security of Personal data. BA.
 
I have a common e-mail set up. I use Outlook on my pc, and the mail is through BT. From the wisdom on here, I try to ensure that I do not do stupid things - like sending any personal data over e-mail. I have no "special" encryption, so I assume that all e-mails can be read by the naughty folk.

I was extremely surprised to read an e-mail from BA yesterday. "[email protected]" sent me, in open text, my full APIS data to check.

The full APIS data set. Everything a con-artist would need to set themselves up as me. Surely this is Unlawful?

If it is not unlawful, it must be stupid, or am I missing something?

Fly-by-Wife 6th Jun 2018 23:10
The full APIS data set would, I believe, constitute personally identifiable information (PII) under GDPR:
  • Full name (last name, first name, middle name if applicable)
  • Gender
  • Date of birth
  • Nationality
  • Country of residence
  • Travel document type (normally passport)
  • Travel document number (expiry date and country of issue for passport)
The passport number could be considered as sensitive information in this context.

To protect PII in transit, minimum technical measures under the GDPR would include:
  • Encryption of personal data in transit by using suitable encryption solutions. This may include SSL and IPsec VPN connections which are appropriate for machine-to-machine connections, or PGP which is generally used for messaging, such as, e-mail.
Note that the GDPR does not specifically mention these measures, but on the basis of commonly adopted security measures and trends in enforcement action by data protection regulators, it can reasonably be assumed that these are indeed a requirement.

If you feel that your personal data is being put at risk by the data processor in breach of the GDPR, you should complain to the supervisory authority - in the UK that would be:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 1625 545 745
e-mail: [email protected]
Website: https://ico.org.uk

FBW

jimjim1 7th Jun 2018 17:35
AirAys vs airways
 
"[email protected]"

Such an email would cause me some concern and I would not reply to it.

The registration of Almost Look Alike domain names is one way that people are persuaded to open malicious emails.

I hope is was just a typo on your part?

camileck 7th Jun 2018 19:44
If "britishairays.com" is not a typo here you have most probably experienced so called SCAM attack.

Ancient Observer 8th Jun 2018 14:44
Thanks
The missing w was my typing. That, or an unreliable keyboard!

I have e-mailed BA's Data people, but no reply!


All times are GMT. The time now is 10:52.


Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.