A parking ticket company is being investigated by the ICO after insecure web code allegedly exposed the personal information of UK drivers.
Any organisation that holds sensitive or personal information about members of the public has a responsibility to treat those details with care. This incident, that inadvertently revealed details related to the cars of hundreds of UK citizens, highlights the need for robust information handling policies that are understood and adhered to by every single employee within any business. In this case, an IT error was at fault in exposing the personal details. A secure IT system, however, is not enough. Information responsibility should be part of an organisation’s culture, with every employee understanding what constitutes confidential information and aware of the measures required to keep that information secure.
Organisations have a lot to lose from data breaches, not only a possible fine from the ICO, but also the catastrophic reputational damage that can accompany inadvertent disclosure. This incident shows that the private sector will not escape being held to account for noncompliance with the Data Protection Act. Consequently, businesses would be advised to embrace policies and procedures that encourage and reward employees to treat sensitive information with the care it deserves.