Do you remember the unsettling feeling you get when a friend tells you that they've learned something about you personally? Over 150 former Dentsu employees are experiencing that feeling right now. Dentsu is a global ad and digital advertising agency headquartered in Tokyo, and now the agency's data was stolen and they have threatened to pursue legal action. Quite frankly, I would feel that way too; wouldn't you?
When I first read that I thought, "Why do these people still hold data about people that left in 2012 and prior?" I mean, that's a fair question isn't it?
Many of the former employees indicate to the firm that they have not been updated since the first correspondence on the initial notice. They don't know if their data was collected, or if their data was compromised. That undoubtedly adds to the stress and worry.
Here is what has been stated:
And guess what, if ICO finds Dentsu has committed an infraction, they could receive a large fine
So yes, this matter is important because:
On the plus side, Dentsu provided a one-year credit monitoring service to see if someone is misusing their data. But I still feel like they should have clearer answers.
What happened?
Dentsu notified the former employees that someone, at some time, somehow got into files at Merkle, Dentsu's data-guru company. Those files contained things like banking information, salary data, national insurance numbers and other personally identifiable information.When I first read that I thought, "Why do these people still hold data about people that left in 2012 and prior?" I mean, that's a fair question isn't it?
Many of the former employees indicate to the firm that they have not been updated since the first correspondence on the initial notice. They don't know if their data was collected, or if their data was compromised. That undoubtedly adds to the stress and worry.
So, why do they feel the need to take legal action?
Most likely because if I thought my private information was out there in the wild, I would feel upset too. So I understand the rationale behind seeking legal counsel.Here is what has been stated:
- Dentsu held on to their data for too long
- They were not adequately notified
- They could be in danger of having their private financial information compromised
And guess what, if ICO finds Dentsu has committed an infraction, they could receive a large fine
Why this matter
I always say it, your information is like your house keys, once someone has those, you can't sleep safe and sound every night.So yes, this matter is important because:
- People's financial safety is on the line
- Companies should be safeguarding data for both old and new employees
- Thousands of others may be exposed to similar risks in the future
My personal thoughts
I am aware of cyberattacks occurring in the world. Even strong systems can get hacked at some point. My biggest concern here is the part about data retention. Why keep old employee data for over ten years? This feels excessive... and risky.On the plus side, Dentsu provided a one-year credit monitoring service to see if someone is misusing their data. But I still feel like they should have clearer answers.
What happens next?
We will see the following:- There could be more ex-employees joining the legal claim
- ICO could dig even further
- Dentsu could be forced to rethink how they store and delete old data
