Through the application process, CKGS collects a ton of personally identifiable information (PII) that, if stolen and falls in the wrong hands, will wreak havoc in our lives. The PII includes date of birth, name, address, passport number, next of kin, our IP address, domain name of ISP, etc.
And we agree to this by way of using their website. Automatic agreement...
. There are multiple privacy policies. I only checked the one applicable for CKGS US site.
The good news is the CKGS appears to know and comply with GDPR. If you don't know what GDPR is, it is a law enacted by European Union to burden companies with specific responsibilities regarding handling of personal data they collect about EU citizens.
The bad news, CKGS privacy disclosure says it is not liable for our personal information being stolen from its custody. You cannot sue them if your personal data is stolen due to their negligence.
"However, sometimes third parties may unlawfully intercept or access transmissions or private communications and other users may abuse or misuse a user's / users' personal information that they may collect from the website for which CKGS shall not be liable.
Therefore, although CKGS works very hard to protect Applicant’s privacy, it cannot guarantee that personal information or private communications will always remain private and secure. "
How about that!
In case of a breach, will they follow the same GDPR mandated protocol of breach notification to a non-European person? Who the heck knows? Those of us who live outside of the EU will probably never get to know that my data has been stolen. That is unless some newspaper releases that information.
So what can one do? Is there any hope to protect one's personal information?
The policy says that we have the right to opt out. I don't know what that means though. I am going to find out by emailing them.
With that kind of treasure trove of personal data, CKGS website is a ripe target for hackers. I have no idea how good they are at safeguarding the data. More importantly, if hackers get in, they will not be held liable.
So who protects our data?
Got any ideas? Please reply to this thread.