Re: Canada: Bell probes theft of personal information on 3.4 million Ont., Que. clients

[security curmudgeon <jericho () attrition org>]

: ": " They also need to define "services" here. Does this include DSL service? 
: ": " Just POTS services like call waiting?
: 
: Does either service constitute either "personal" or "private" information?

No, and this incident does not qualify for inclusion in the DLDOS. But, 
still a good academic discussion I guess.

: ": " *Similar*, which does not rule out the possibility of unlisted customers.
: 
: True.  But again, should an unlisted phone number be considered personal 
: or private information?  From a personal standpoint, I can see why it 
: should be, but what about from a generally accepted standpoint?  

In this day and age of telemarketing, net stalkers and other creeps, this 
is definitely private information. If my 'unlisted' information was 
leaked, i would certainly raise a stink with my RBOC and ask for a refund 
for the money I have been paying each month for the 'service' of them NOT 
adding my information to the directory (which is pretty sick to begin 
with).

: New ground here... how "private" or "personal" are unlisted phone 
: numbers and should they be held to the same standard as Social Security 
: (or SIN/NIN) numbers, credit card numbers, financial account numbers, or 
: dates of birth?

No, that information is private/personal yes, but that is not PII / NPPI 
by any definition.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml