Sensitive personal data found at dump

| 19/08/2020 | 11 Comments
Cayman News Service
George Town dump

(CNS): Documents containing confidential, sensitive information, including court records and autopsy reports, were recently found at the George Town dump by a member of the public, though the Office of the Ombudsman has been unable to connect to a specific entity. But the watchdog responsible for the oversight of data protection, has warned that these kinds of documents should never be disposed of in this way.

The ombudsman learned about the literal dump of sensitive personal data when the finder reported it to the office, bringing a sample of the documents. “Our Data Protection Team inspected the documents in detail but were not able to determine where they originated, or whether they belonged to a public or private sector data controller,” the office stated in a release.

The records included publicly available court records, handwritten notebooks in shorthand and autopsy reports, some of which contained confidential and sensitive personal information.

The ombudsman’s office did not say how old the records were, but given the content, they could have come from the from the legal department, the public prosecutions office, the police, the courts or a private attorney’s office. With no way of knowing for certain, the ombudsman has highlighted the importance of proper records management, including authorised and
responsible disposal, especially when documents contain personal information.

“It is both a legal requirement and best practice to ensure that measures are taken to protect personal data throughout its life cycle, and to only retain personal data for as long as necessary. Disposing of confidential records by abandoning them is not acceptable and should be avoided at all costs,” the office said in a release.

This disposal could have constituted a breach of the Data Protection Law and if the owners or controllers of the information had been identified they could have faced a fine of up to $250,000.

“Government entities are subject to strict retention and disposal rules, and should only dispose of records in an authorised and transparent way, by shredding or otherwise irreversibly destroying the records in accordance with an approved records disposal schedule, after consultation with the Cayman Islands National Archive,” the office said.

Unlike the public sector, most private sector entities are not subject to strict retention and disposal rules, other than those imposed by the Data Protection Law. However, many private sector businesses have adopted retention and disposal schedules to manage the life cycle of their records and information, a practice commended by the ombudsman.

For more information on the retention of personal data and the technical and organisational measures that should be put in place to protect personal data, see Data Protection Guidance for Organizations on the Ombudsman website.


Share your vote!


How do you feel after reading this?
  • Fascinated
  • Happy
  • Sad
  • Angry
  • Bored
  • Afraid
Print Friendly, PDF & Email

Tags: , ,

Category: Local News

Comments (11)

Trackback URL | Comments RSS Feed

  1. Al Catraz says:

    It would have been fine if they had simply left it to burn.

  2. Shocking says:

    Publicly available autopsy report! Notes in short hand! Sensitive personal information, could not determine the origin! but the documents were found in the garbage dump!

  3. Anonymous says:

    Sensitive dump found in data.

  4. Big Poppa says:

    Lol. Who can truly say that they are in any way surprised. Just another day in Absurdistan.

  5. Anonymous says:

    Sorry, I didn’t bring the shredder home.

  6. Anonymous says:

    So no shredding and incineration available?

  7. Anonymous says:

    Y’all can read my autopsy results any time you want.

    • Anonymous says:

      So you want your kids to read about the drug overdose you accidentally had while partying your sorrows away with two two male prostitutes after you wife recently died from cancer?
      It’s kind of a moot point anyway though because the data protection law only applies to the personal information of living individuals.

  8. Anonymous says:

    Hmmmm, $250,000 fine or a $25 shredder from Cost U Less…

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.