Most normal people go on holidays, forget about work, relax and enjoy themselves. They also, probably take lots of nice photos of the great places they’ve been and the nice food they’ve eaten. I went on holiday recently in remote, rural Ireland and I did pretty much all of the above. However, I suffer from an affliction, which means I actually have holiday data breach photos because:
I wasn’t deliberately going looking for data breaches or other data privacy concerns. However these two examples just leapt out at me. Please note that I have redacted sections of these pictures where there were potentially identifying features. I’ve also removed individual’s names, just in case you could make them out.
Staff roster and holiday plans on public display
I ate and drank in quite a few different establishments on my holiday, but this one had the staff roster and a holiday planner in plain sight, over one of the tills.
Because it was dark, the camera struggled to pick it out very clearly, but I could read the names clearly on the holiday planner (on the left). This had the staff names down the left hand side. Then the columns were for June, July and August and this is where the staff obviously noted their holiday plans.
The weekly roster is on the right, where again the staff names were down the left hand side. Then what shifts they were working each day was in the columns. I couldn’t make this out myself at the distance I was from it – approximately 2m.
If I had a better camera or better light, there is no doubt I could easily have got the complete staff list, their holiday plans and their work schedule for the coming week.
This is a breach of the staff’s right to privacy. Any member of the public could see when they were going to be on holiday or when they were going to be at work. This could lead to their home being broken into, as the bad guys know when they are going to be away. Or how about an abusive ex-partner? How much would they love to have this kind of information available to them.
The real shame about this … this place had a large back-of-house (kitchen and office) that all the staff had access to, but not the public. Why not post these things back there?
CCTV is used extensively in pubs and restaurants mainly for crime prevention and health and safety purposes. In this pub there was this ONE camera that only had eyes for one thing … this till
So obviously they were using this camera to keep an eye on staff to see if they were fiddling the till. This was a very obvious placement of a camera. This would not be considered “covert” by any means or standards. That’s me talking as somebody who notices this stuff for a living. If I was still in school, starting out on my first pub job, I may not notice such things.
Surveillance of staff needs to be declared by the employer. In this instance there should be a point in the staff manual noting that the tills are monitored by cameras. If an employer was to use secret cameras to monitor staff, they should also declare this. They should state that from time-to-time covert surveillance of employees, in the performance of their work, may be implemented.
Have you any holiday data breach snaps?
In both of the above situations, I have anonymously (I was on holiday, so I’m not hunting sales leads) notified the owners of the establishments about my observations.
When you are looking through your photos from your vacation, can you find any holiday data breach pictures? If you think you have, send them in confidence to info@L2CyberSecurity.com and I’ll let you know, but please don’t tell me the name of the place or the location.
If you would like to know more about different data breaches under the GDPR, check out the videos available on the GDPR section of my website.