Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
Editor's Blog and Industry Comments

ICO investigates parking ticket company data breach

10 April, 2013
Christian Toon of Iron Mountain comments on the breach of personal car owners data by a parking ticket company in the UK


A parking ticket company is being investigated by the ICO after insecure web code allegedly exposed the personal information of UK drivers.



Any organisation that holds sensitive or personal information about members of the public has a responsibility to treat those details with care. This incident, that inadvertently revealed details related to the cars of hundreds of UK citizens, highlights the need for robust information handling policies that are understood and adhered to by every single employee within any business. In this case, an IT error was at fault in exposing the personal details. A secure IT system, however, is not enough. Information responsibility should be part of an organisation’s culture, with every employee understanding what constitutes confidential information and aware of the measures required to keep that information secure.



Organisations have a lot to lose from data breaches, not only a possible fine from the ICO, but also the catastrophic reputational damage that can accompany inadvertent disclosure. This incident shows that the private sector will not escape being held to account for noncompliance with the Data Protection Act. Consequently, businesses would be advised to embrace policies and procedures that encourage and reward employees to treat sensitive information with the care it deserves.


Bookmark and Share