Don’t Drink and Data! How a Man Lost the Personal Data of His Entire City

eDiscovery Today: Don't Drink and Data: How a Man lost the Personal Data of his entire city. Picture of USB drive in the grass

Hat tip to David Greetham for this story! One worker in Japan could be nursing a protracted hangover after he lost a USB memory stick following a night out with colleagues. Why? It contained the personal details of nearly half a million people.

As reported by the BBC (Japanese man loses USB stick with entire city’s personal details, written by Matt Murphy), The (fortunately for him) unnamed man placed the memory stick in his bag before an evening of drinking in the city of Amagasaki, north-west of Osaka. He spent several hours drinking in a local restaurant before eventually passing out on the street, local media reported.

He had transferred the personal information of the entire city’s residents onto the drive on Tuesday evening before meeting colleagues for a night on the town.

Doug Austin, eDiscovery Today

When he eventually came around, he realized that both his bag and the memory stick were missing.

Whoops.

The Japanese broadcaster NHK reports that the man, said to be in his 40s, works (or is it “worked” now? Hmmm…) for a company tasked with providing benefits to tax-exempt households.

He had transferred the personal information of the entire city’s residents onto the drive on Tuesday evening before meeting colleagues for a night on the town.

City officials said the memory stick included the names, birth dates, and addresses of all the city’s residents. It also included more sensitive information, including tax details, bank account numbers and information on families receiving social security.

That’s about as sensitive as you can get.

Luckily for the man, city officials said the data contained on the drive is encrypted and locked with a password. They added that there has been no sign that anyone has attempted to access the information so far.

But the embarrassing incident prompted an apology from officials, with the city’s mayor and other leaders bowing in apology to residents.

“We deeply regret that we have profoundly harmed the public’s trust in the administration of the city,” an Amagasaki city official told a press conference.

According to a 2020 census, Amagasaki has a population of 459,593 residents. That’s a lot of personal data at risk.

Of course, thanks to EDRM and the Asia Pacific (APAC) Primer for eDiscovery that EDRM recently published (available for download here), I know that in May 2017, the Amended Act on the Protection of Personal Information came into effect in Japan (“PIPA”). The law establishes the Personal Information Protection Commission (the “PPC”), which is tasked with the establishment and enforcement of privacy regulations and created regulations regarding disclosure of personal information to third parties, international transfers, and the collection and use of personal information.

The PPC’s enforcement powers include penalties for the theft or misappropriation of personal information. Current penalties depend on severity of the infraction and can include fines of not more than ¥500,000 or imprisonment for not more than one year. However, amendments in 2020, to be effective before 2022, will increase penalties for legal entities to not more than ¥100,000,000.

People who need people are the luckiest people in the world, but people who have people’s data need to be the most cautious people in the world. Due to the fact that the USB drive was encrypted, and password protected, this man may have survived his drunken mistake without exposing the city’s highly personal data – that is, assuming he doesn’t get drunk again and reveal the password to somebody who has access to the USB drive. Don’t drink and data!

Experience more of Doug Austin’s great work at the eDiscovery Today blog here.

Follow Doug Austin on JD Supra here.

Follow EDRM on JD Supra here.

Author

  • Doug Austin

    Doug Austin is the editor and founder of eDiscovery Today and an EDRM Global Advisory Council Leader. Doug is an established eDiscovery thought leader with over 30 years of experience providing eDiscovery best practices, legal technology consulting and technical project management services to numerous commercial and government clients. Doug has published a daily blog since 2010 and has written numerous articles and white papers. He has received the JD Supra Readers Choice Award as the Top eDiscovery Author for 2017 and 2018 and a JD Supra Readers Choice Award as a Top Cybersecurity Author for 2019.

    View all posts