ICO Slams Council For Data Loss, Prepares For Fines

St.Alban’s City Council has been found in breach of the Data Protection Act by the Information Commissioner’s Office (ICO), after a laptop containing the details of postal voters was stolen from an office.

The data breach was announced shortly before the introduction of new powers next month for the ICO to administer fines of up to £500,000.

In a statement released this week, the ICO criticised the council for leaving the laptop concerned unsecured on a desk. The notebook computer, along with three other devices, were discovered to be missing in November 2009.

Contractor under suspicion

As is usual with minor breaches of the act, the head of the organisation has been asked to sign an undertaking to shape-up the organisation’s security policies. In this case it appears that the devices may have been stolen by a contractor, as the undertaking contains specific advice that council carries out checks on contractors staff.

The council also agreed to encrypt laptops and other portable devices used to store and transmit personal data. “When organisations store large volumes of personal details on portable computers, encryption is essential,” said Sally-anne Poole, head of enforcement and investigations at the ICO.

Poole added that the council should also take steps to educate staff about handling information securely. “They must ensure staff and contractors are trained to handle personal information securely to avoid the risk of information falling into the wrong hands,” she said. “It is also crucial organisations don’t keep personal information for longer than is necessary.”

Fines could catch companies out

New powers granted to the ICO by the government earlier this year are due to become law on 6 April. Companies that fall foul of the data breach laws now risk a maximum fine of £500,000. It is not clear at this time whether the same principle applies to government departments that lose sensitive data.

Some security experts have warned that UK companies may be caught out by the ICO’s new fines. A survey this week from Cyber-Ark Systems – which obviously has a vested interest in making dire predictions about the state of security planning – revealed that 65 percent of workers in the City of London questioned by the company had not received any warning from their company about the new regulations.

The survey also highlighted that 95 percent of workers believed they would take better care of data if they were personally responsible for any losses or theft. Commenting on the research, Cyber-Ark’s  vice president of products and strategy Adam Bosnian said that education is obviously important, but so is having the rights technology in place. “Organisations also need to control privileged users and accounts to protect sensitive information, such as customer data, from navigating its way into the wrong hands,” he said.

Earlier this month the ICO named and shamed Zurich Insurance for the loss of an unencrypted backup tape containing the financial personal information of around 46,000 policy holders by its sister company Zurich Insurance Company South Africa.

Andrew Donoghue

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

12 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

15 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

16 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

17 hours ago