Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Public Sector Failing To Comply With ICO Requirements

Cryptzone : 14 June, 2012  (Technical Article)
Glasgow Council data loss demonstrates continued complacency regarding ICO requirements and penalties, according to CryptZone
Public Sector Failing To Comply With ICO Requirements
Recent reports that Glasgow Council is writing to more than 37,000 businesses and people, notifying them of the loss of their data – including business and personal bank details – on two laptops stolen from the council’s office last month, shows that ICO penalties are failing to hit home in the public sector, says Cryptzone.

According to Grant Taylor, UK Vice President of the European threat mitigation specialist, the data held on the laptops was not encrypted, yet it also included the bank account details of more than 6,000 people and 10,000 companies.

“Here we have another council apologising that it has put vulnerable people's personal information at risk. It seems that the penalties imposed by the Information Commissioner’s Office (ICO) are doing very little to make public sector organisations change their security behaviour until they are directly affected by a data breach,” he said.

“Senior management needs to be checking on the actual habits of its users rather than just relying on the documented practices presented by the IT department,” he added.

The Cryptzone UK Vice President went on to say that he finds himself wondering why – and for what purposes – a council representative needed to keep such high volumes of confidential personal and business data on the laptop.

If there were a valid reason for storing this information, he says, the question is why they did not think to secure the data more effectively.

No doubt the ICO – which has been notified – he adds, will determine the root cause of the breach, but it is likely to boil down to the usual reasons: a lack of user awareness, disregard for documented processes and a culture of organisational complacency.

Even if the laptop was never to be used outside of the building, says Taylor, good data protection practice requires that - at the very least - the data should have been encrypted.

“This would have protected the file contents not only in the event of equipment theft, but offered protection against any unauthorised access,” he said.

“Saying sorry is all well and good, but won't give peace of mind to the citizens – and businesses - whose data has been left exposed to potential fraudulent use. My observations here are that actions – as they always do in such situations - speak louder than words,” he added.

“In this spirit, I suggest any IT security professional reading this to pick up one of their organisation's laptops today and see what data is being put at risk in the event – as appears quite probable today – that their operation will become another crime statistic.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo