Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Lack of encryption leads to fine for CPS

ViaSat : 09 November, 2015  (Special Report)
ViaSat blames lack of encryption for the risks posed during the data breach at the CPS potentially exposing video material of victim and witness interviews
Lack of encryption leads to fine for CPS

The Crown Prosecution Service has been fined £200,000 by the Information Commissioner's Office (ICO) after laptops containing videos of police interviews were stolen from a private film studio. The interviews were with 43 victims and witnesses. They involved 31 investigations, nearly all of which were ongoing and of a violent or sexual nature.

Some of the interviews related to historical allegations against a high-profile individual. The videos were being edited by a Manchester-based film company so that they could be used in criminal proceedings.

However, an ICO investigation found the videos were not being kept securely, since although the equipment was protected with passwords, the data was not encrypted.

Commenting on the breach, the ICO's Head of Enforcement, Stephen Eckersley said: “The CPS was aware of the graphic and distressing nature of the personal data contained in the videos, but was complacent in protecting that information. If this information had been misused or disclosed to others then the consequences could have resulted in acts of reprisal.”

ViaSat finds the fact that an organisation with such a high profile as the CPS is not immune to such complacency to be worrying. Speaking on behalf of ViaSat, the company's CEO, Chris McIntosh told us, "As this case shows, a large proportion of threats to data don’t just come from shadowy attackers looking to damage organisations. They come from simple human error and a failure to follow best practice. Essentially, organisations should always assume the worst with data security; they should take the approach that they have already been breached and make detecting breaches and securing data their top priority. This means an all-encompassing approach to protection, of which encryption plays a crucial part. After all, there is always the risk that data will be stolen, but that risk holds much less danger if that data can’t be accessed."

In conclusion, Chris said, "There is a strong case for strengthening the data protection act to make encryption of all personal data both mandatory and enforceable, with real punishments for those who fail to follow the guidelines. The EU Data Protection Regulation could go some way to providing this, but what we should really be aiming for is a world where the CPS is punishing organisations for failure to protect data, rather than the other way round.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo