Data & Privacy Exposures are not limited to security breaches

The impication of the Google 'right to be forgotten' caseThe Right to be Forgotten isn't just a Google issue
When considering data protection, data losses tend to spring to mind. However, this year, the risks of holding data for too long have been at the fore.
The recently publicised "right to be forgotten" case saw the European Court of Justice rule that Google Spain was a data controller due to its capacity to find, index, store and make information available to the public on its website.
The European Court of Justice (ECJ) ruled that search engines must remove web links from search results when requested to do so if the information collated is deemed to be out of date, no longer relevant, or excessive.
At the time of writing, it is estimated that over 91,000 "forget-me" requests covering a total of 328,000 links have been submitted since Google launched the service. Google is no longer alone - Microsoft has now confirmed that it is implementing its own form for Bing, leaving Yahoo as the only major operator without a means of requesting removal. 
The Google decision, combined with heightened public awareness over excessive data collection in light of the NSA scandal, means that data controllers need to be extra vigilant over the data they maintain – what it is, why it is retained, how it is stored and, importantly, for how long? It is a legal obligation independent of keeping data secure yet one that carries risks that must be considered by any organisation that controls personal data.
DAC Beachcroft
Hans Allnut & Helen Nuttall   24 July 14