Conseal Security has highlighted the first anniversary of the Information Commissioner’s Office (ICO) using its fining powers to punish a data protection breach, calling for companies to learn from the experiences of the first organisations to be fined.
In June 2010, Hertfordshire County Council committed the first of two serious breaches of the Data Protection Act, and was subsequently fined by the ICO. In the first incident, a council employee faxed information relating to a court case on a child at risk to a member of the public by mistake.
It was one of two organisations included in the first round of fines to be handed out by the ICO, which received the power to fine companies up to £500,000 for failures to maintain data security in April 2010. Hertfordshire County Council was given a fine of £100,000 for faxing sensitive information to the wrong recipients, while a second company A4e was ordered at the same time as Hertfordshire to pay £60,000 for losing an unencrypted laptop, also in June 2010.
“In some respects, the first incident to warrant a fine from ICO is an unfortunate one, as it was an honest mistake akin to dialling a wrong number, rather than a deliberate leak or example of negligence. Nonetheless, it underlines the paramount importance of stringent data security in both the public and private sector,” said Tom Colvin, chief technology officer at Conseal Security.
“However, the data theft that befell A4e was a critical example of data loss that organisations must learn from. The laptop that was stolen from an A4e employee's house contained the details of over 20,000 people who had used legal advice centres in Hull and Leicester, including names, addresses, income and other sensitive data. It highlights the importance of ensuring that sensitive enterprise data is encrypted and securely stored at all times, especially when it is in transit outside the confines of the workplace,” Colvin added.
The decision to start handing out significant fines for data security lapses underlines the importance of a stringent security policy, backed up by the availability of solutions to maintain the safety and security of information being stored or transported.
Conseal Security is encouraging organisations to follow a four-point plan to maintain data security and minimise the risk of an ICO fine:
1) Know where your data is: Do not allow users to remove data from the workplace without approval
2) Use traceable media: In the event a storage device containing important or sensitive data is lost or stolen, ensure the device can be tracked and deactivated to remove the risk to the organisation
3) Never send unencrypted storage devices through the post: The infamous HMRC data loss has underlined what can happen when data goes astray in transit, and similar incidents have happened since
4) Ensure only the right people have access to data: Strict access controls can ensure that only the right people are authorised to access data sources and copy sensitive files, minimising the risk of malicious or unintended data loss.
Conseal’s solutions, which include Conseal USB, Conseal CD and Conseal Server, enable users and organisations to protect data stored on any removable media such as USB storage drives, CDs and DVDs, using a unique Dual Locks system to apply robust security and encryption to the device and stored data. This encryption is paired with a powerful cloud-based management console that enables users to track who using a device, where they are using it, and allows for remote deactivation and data destruction in the event a device is lost or stolen.