IT contractors should be checked to avoid theft of credit card details, says Eversheds
Paula Barrett, data privacy expert at Eversheds, has commented on the theft of almost half of all South Korea’s credit card details.
Referring to the recent Target breach, she said that reports of another large-scale security breach involving credit card data in South Korea can only add to mounting concerns about data security standards.
Barrett said: ‘In this instance, the threat seems to have come “from within”. It seems an errant contractor took advantage of their position. The ability of this contractor to copy this volume of financial data begs a lot of questions.
‘But, while the sheer scale of the breach has brought attention to this matter, the degree of access that IT contractors and staff have is all too often overlooked within many other businesses. In the UK, the Information Commissioner’s Office warned over the Christmas period of the need to be vigilant in relation to the use of temporary workers/contractors.’
She added that often the checks, controls and training that might be undertaken for full-time equivalents are not undertaken for contractors, even though the performance of their roles will often give them direct access to personal or confidential data.
Barrett continued: ‘Even if this is not payment card data, this vulnerability in the protection of personal data or confidential information should be addressed within data security and data protection compliance programmes. As in South Korea, in the UK that weakness could lead to investigation by local regulators, significant fines and damages claims.’
News from Eversheds
News from The Lawyer
Briefings from Eversheds
The current EU market abuse regime is in line for an overhaul. It is anticipated that the implementation of the new proposals may not come into force until 2016.
The ‘unfair relationship’ concept in respect of credit agreements was introduced into the Consumer Credit Act 1974 on 6 April 2007.
Analysis from The Lawyer
A new breed of lawyer is smoothing the path for companies entering emerging or unstable jurisdictions
‘Exotic’ investors and opportunities for legal work beyond M&A feature in The Lawyer’s high-level roundtable debate on south-east Europe