MI5 ‘Unlawfully’ Handled Bulk Surveillance Data, Lawsuit

UK’s secret service, MI5, may have broken the law by holding large volumes of citizens’ private data without proper protections, according to documents released today in the High Court.  

Expert Comments:   

Fouad Khalil, VP of Compliance at SecurityScorecard:  

“As we consider MI5’s recent privacy violation we confirm that no one and no entity is out of GDPR reach. MI5 seems to have falsely claimed that they had the right to keep personal data and that they had sufficient controls to protect it. We have a situation here where MI5 may have violated many of the laws and regulations enacted for the mere purpose of protecting European residents. And they have done so for a number of years.   

MI5 will now be viewed opposite to what it’s known for “keep our country safe and protect our citizens.” MI5’s reputation and credibility is at stake here before any fines or lawsuits even commence.   

We all have to learn from these incidents and ask ourselves “are we compliant? Do we have a solid inventory of all personal data and related consent? Do we support our privacy program with sufficient up-to-date documentation? Will we survive an audit or even worse, a breach?”   

No one is exempt from protecting our personal data. No company has any rights over my personal data without my consent. All companies must prove the state of control over my personal data and enable deletion or restriction of my data any time I choose to request it.   

These rights are well known among all (globally speaking). With laws similar to GDPR brewing in the USA, South America, Asia and Africa, we learn that privacy has become the norm. Organizations must act now to ensure compliance and that they are capable of continuously monitoring for risks to personal data!!! Point-in-time will not cut it.”