In a truly monumental screw up, recruitment agency, Hays, has accidentally published the personal details, along with the daily rates, of 3000 contractors working for the Royal Bank of Scotland (RBS) to 800 RBS staff.
In a time when publically owned RBS is cutting back on permanent members of its IT team, while still employing highly-paid contractors to carry out much needed IT functions, an information leak of this nature will undoubtedly cause upset throughout the bank. Top rates, as high as £2000 per day, have being cited on The Register.
This incident shows that it’s not just one’s own systems and one’s staff that need to be considered in a corporate security policy, but it’s also the approach to contractors and suppliers that needs to be documented and agreed upon.
Here at InfoSec Reviews we were wondering what contractual arrangement exists between RBS and HAYS in terms of protecting the privacy of the contractors they employ, and how much in the way of comeback the contactors may have for this kind of privacy breach?