Home Knowledge WADA Hacks Highlight Importance of Effective Cyber-Security and Data Protection Procedures

WADA Hacks Highlight Importance of Effective Cyber-Security and Data Protection Procedures

October 7, 2016
Partner
Leo Moore

The publication by ‘Fancy Bears’ (a groupof international hackers) of the World-Anti Doping Agency’s (WADA) databaseserves as a reminder to large organisations to be vigilant of the importanceof effective cyber security to ensure compliance with Data Protectionlaws.

This hack has seen private medical recordsof Olympic athletes, including the cyclist Bradley Wiggins and tennis starSerena Williams, brought into the public eye. Serious questions haveconsequently been raised about WADA’s data protection policies, theirprocessing and storage of personal information and their proceduressurrounding data protection generally.

The hack revealed information relating toTherapeutic Use Exemption Approvals (TUEs), which allow athletes to take drugsfor specific medical circumstances that would otherwise be prohibited uses.WADA’s guidelines state that TUEs will only be retained for 8 years. The oldestof Bradley Wiggins’ TUEs that was leaked is from June 2008. While it is notknown when the hack took place, it was possibly outside of this 8 yearretention period and accordingly concerns have been raised about WADA’sadherence to their own guidelines.

In addition, the athletes themselves willobviously be concerned about the leak, many of whom have had their sensitivepersonal information published in contravention of their fundamental right toprivacy. The right to privacy is protected by both the Irish Constitution andthe European Convention for Human Rights.

The hacks have impacted on the reputationof many athletes and could potentially reduce their brand value. Taking theseconcerns together it could give rise to future litigation as athletes seekmonetary compensation for the damage to their reputation.

It has been reported that the hacksoccurred as a result of phishing emails into user accounts of the Anti-DopingAdministration and Management System. This highlights the necessary attentionthat must be paid to effective cyber security procedures, training and riskmanagement within organisations.

As WADA and other large sportingorganisations are now required to retain substantial amounts of personal dataabout athletes it is of critical importance that internal procedures arereviewed on an ongoing basis in this increasingly regulated area oflaw.

Follow us on Twitter @WFIDEA

Contributed by LeoMoore

Back to Legal News

Recommended Insights

See all
Article and Insights
1
Feb 2024
Responsible Business Annual Report 2023
William Fry is pleased to launch its Responsible Business Annual Report 2023.
Article and Insights
2
Feb 2024
Digital Operational Resilience Act – second batch of technical standards launched for consultation
We focus on the second batch of draft implementation measures announced by the Eur...
WF_author_blank
Partner
John O’Connor
Article and Insights
2
Feb 2024
John Delaney Documents – Supreme Court Refuses Leave to Appeal
The Supreme Court has refused leave to appeal from a decision rejecting John Delan...
WF_author_blank
Consultant
Deirdre O’Donovan
Article and Insights
24
Jan 2024
Cross-Examining Affidavit Evidence in Insolvency Cases
The High Court recently dismissed a petition seeking the winding up of a biofuel c...
WF_author_blank
Partner
Fergus Doorly
prev
next
See all