Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

ICO Action Against Councils Should Be Unnecessary

Cryptzone : 30 November, 2011  (Technical Article)
Cryptzone comments on the cases of county councils falling foul of the UK Information Commissioners Office and how this could be prevented with the right security controls
ICO Action Against Councils Should Be Unnecessary
Cryptzone understands why the Information Commissioners Office deems it necessary to impose fines against North Somerset Council and Worcestershire County Council after staff at both authorities sent highly sensitive personal information to the wrong recipients. However, says Cryptzone, this action would be unnecessary if councils were putting the right security controls in place and taking action when policy violations take place.

Grant Taylor, VP of the IT threat mitigation specialist, comments, "There really is too much of this sort of thing going on across local government and allied agencies. People who handle highly sensitive personal information need to understand the real weight of responsibility that comes with keeping that data secure"

The Cryptzone VP went on to say that, whilst assisting staff with the correct training and having the right security policies in place is clearly a given, protecting data in the public sector is also about using some common sense.

Considering whether open or secure email is the appropriate communications medium, checking and double checking that the right recipients will receive the information - and measures like encryption and data minimisation - should be routine in all aspects of local government interactions, he explained.

Taylor says that, against this backdrop, he hopes these penalties send a clear message not just to those working in the social care and allied sectors, but any organisation dealing with sensitive personal information.

"The bottom line here is that the Information Commissioner takes this sloppiness seriously - and so should you. We've had more than 18 months of warnings against public sector bodies and that approach has not worked, monetary penalties are a regrettable measure of last resort," he said.

When public sector cuts threaten the quality of patient care, it becomes even more difficult to get IT security expenditure approved. However it is time that organisations woke up to the fact that IT security is the responsibility of everyone across all departments. When staff don’t fully understand the correct IT policies and procedures and management ignore it when mistakes are made, the cost to organisations is much higher than the measures that would have avoided these ICO fines in the first place.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo