There are numerous safe guards an organisation can employ to prevent information being disclosed, both procedural and technological. The government had a procedural failure as if I recall they knew how many people had accessed that information and how often they had looked.

True but it is also true that the more info that is in the database the more attractive it is to crack.

It can be attractive but if it’s encrypted then it can become not viable. You can measure the amount of time it would take to decrypt a 256 Bit AES encrypted database in centuries so instead you’d have to acquire the key, and like any other secret there are ways of making acquiring such a thing ridiculously hard as they can be generated, deployed, and managed without an administrator or corporate officer ever seeing one.

If someone is worried about how secure their ISP/telco retained information is then they should find out how secure that data is from their vendor. If they don’t like the answer then they should change vendors.

Data Retention has been a reality in other industries for years, it’s a business issue and companies who don’t address it correctly are going to find themselves in court. If Ireland tacks on breach notification to our implementation of the legislation then you’re going to see an awful lot of organisations take a very public whipping.

Litigation is a great reason to do a lot of things.

Sure Mark, in an ideal world. Remind me again how many of those civil servants who sold Dolores McNamara’s personal details to the tabloids were ever sued? Or, for that matter, where’s the case against the Department of Social and Family Affairs for the same breaches? This is one of the country’s richest women, remember.

while no lock is unbreakable some are significantly harder to break than others.

True but it is also true that the more info that is in the database the more attractive it is to crack. Yet another reason why the governments three year data retention policy is very dangerous.

Besides the fact that before a law has even been drafted it’s already subject to the European Privacy Directive. Any legislation around data retention is going to have a security component, it’ll have penalties to ensure compliance, and even if it didn’t you can still sue people for privacy breaches. Litigation is a great reason to do a lot of things.

Having said that no lock is uncrackable and if someone wants to get at Google’s databases badly enough, they will find a way. The easiest way to thwart this is not to retain the data!

And the same can be said about financial records, medical records, and any other collection of information which might have to be referred to at any time. There are many technical solutions to these problems and while no lock is unbreakable some are significantly harder to break than others.

The solution you’re proposing is one of killing the patient instead of administering a treatment.