WHS & Data Security

[YandaB]

Sorry for another WHS thread but I think that this is important and would like other people's opinons. I am being invited on our IG platform to consent to my data (DOB, name and email) to be shared with the WHS.

Given that the state of the project is, imho, poor, in that with 1 week to go they are still changing basic fundamentals (CSS inclusion) and others things are still unknown (what happens if only an initial handicap has been given CONGU or desloped CONGU) to name but a couple of issues, what are the views on the likely safety of our data? I know that GDPR says that they must keep it safe but there is no indication of how well they are set up to do that.

I wonder how much mishief a bad actor can get up to with name, email and DOB, is that enough to open bank accounts, credit cards etc? What other nefarious activities might they get up to? Then that needs to be balanced with what probability someone can hack into a database with a very significant number of records (the more records there are, the higher the chance of someone trying I suppose). I'm sure that at work the IT department do rigorous Security Risk Assessments looking at all sorts of standards and security controls to ensure that data is kept safe. Is that relevant here? Should we be told?

Bottom line is, how safe is our data really going to be? Fixing an identityf theft problem after it's happened is really difficult as I understand it.

Just feeling a little nervous (especially after a recent incident where our local kids football website was hacked) and not sure where I go for re-assurance.

 

[Britishshooting]

It’s a risk whenever you share your email and personal information that it may be shared or stolen.

Name, age and email is pretty easy to obtain from most people on social media these days.

You need proof of address, identification, utility bills, bank account details etc for good reason to help prevent identity theft.

Personally I have several emails, one for forums, social media and general stuff and one for banking, investments and financial stuff.

Personally of very little concern to me. You’d be surprised how many big companies that have a lot more data than name, address And date of birth have been hacked and blackmailed for payouts.

a lot of hackers these days will hack and threaten companies as the insurance companies often negotiate a payment and agreement that they don’t breach security again.

I work with companies that hold highly sensitive information which I can’t go into and they have been hacked and blackmailed for millions of pounds.

The little bit of information these guys could gleam is of little consequence and requires a lot more effort beyond that to make it useful. There’s a chance it can be useful to some but it’s not a primary target.

 

[jim8flog]

I pondered long and hard about allowing mine, mainly DoB.

Then I thought the club has already got it and the ISV already has it.

Like BS I have multiple email addresses which are given out as appropriate to use.

The one for golf is almost solely for that purpose and is the one for use by my golfing mates as they have easy access to the info already via an email directory.

 

[SammmeBee]

I’ve got a new handicap - whoop whoop.

Who cares what they do - you can always unsubscribe!

 

[Deleted member 1147]

If someone really wants to have your details they can already buy it on the dark net.
Everyone’s info is on there, even if they think they are security conscious.

 

[SammmeBee]

I pondered long and hard about allowing mine, mainly DoB.

Then I thought the club has already got it and the ISV already has it.

Like BS I have multiple email addresses which are given out as appropriate to use.

The one for golf is almost solely for that purpose and is the one for use by my golfing mates as they have easy access to the info already via an email directory.

So you stick it in a directory for all to see but you worry about giving it to someone to store it securely?

DOB prior to 1955.....?!

 

[jim8flog]

So you stick it in a directory for all to see but you worry about giving it to someone to store it securely?

DOB prior to 1955.....?!

where do you get ' I stuck it in a directory for all to see from'

Another young person who cannot understand written English?

 

[SammmeBee]

where do you get ' I stuck it in a directory for all to see from'

Another young person who cannot understand written English?

GDPR?

 

[rulefan]

GDPR?

General Data Protection Regulation

 

[SammmeBee]

General Data Protection Regulation

Yes I know what it means and what it implies. If ‘I’ give my permission for my details to be included in a directory then ‘I’ would know the implications.

If I was in charge of said directory then I would know the implications and who it can be shared with, and how I must protect that data, as do England Golf.

The old fella was moaning that people could see his email in a directory.......so someone has either acquiesced or someone doesn’t know what they are doing....

 

[rulefan]

The old fella ....so .. someone doesn’t know what they are doing....

 

[Deleted member 25172]

Hackers around the world are licking their lips as they now will be able to take UK golfers handicaps as hostage and demand extortionate amounts to not alter with it.

Seriously. Have you ever bought or booked anything online prior to WHS?

 

[SammmeBee]

View attachment 33073

View attachment 33073

Sorry - no idea! I’m in metric........

 

[jim8flog]

Yes I know what it means and what it implies. If ‘I’ give my permission for my details to be included in a directory then ‘I’ would know the implications.

If I was in charge of said directory then I would know the implications and who it can be shared with, and how I must protect that data, as do England Golf.

The old fella was moaning that people could see his email in a directory.......so someone has either acquiesced or someone doesn’t know what they are doing....

Where do you get "I was moaning" from?

Maybe you need to relearn how to interpret English.

 

[IanM]

Bssed on my observations of change and comms on the project, I assume they spent the budget on IT Security folk!