By the nature of the business, our servers host our customers images and personal information i.e. name, address, email address, etc.
The following are two possible scenarios:
- Photobox has discovered a data breach that has allowed millions of our customers images to be exposed online. These images were not available in the public domain and may contain photographs of children, elderly relatives and residential property
- Photobox has discovered a data breach that has allowed millions of our customers name, address, password and email address to be exposed online. There is no credit card or financial information within the data breach
Of these two scenarios, which do you deem to be the most serious and why?
- Which of the above constitutes PII data?
- Which of the above would you report to the ICO or relevant body?
- Would you contact the customers affected in both scenarios?
Back to all challenges