ICO Slams Council For Data Loss, Prepares For Fines

St.Alban’s City Council has been found in breach of the Data Protection Act by the Information Commissioner’s Office (ICO), after a laptop containing the details of postal voters was stolen from an office.

The data breach was announced shortly before the introduction of new powers next month for the ICO to administer fines of up to £500,000.

In a statement released this week, the ICO criticised the council for leaving the laptop concerned unsecured on a desk. The notebook computer, along with three other devices, were discovered to be missing in November 2009.

Contractor under suspicion

As is usual with minor breaches of the act, the head of the organisation has been asked to sign an undertaking to shape-up the organisation’s security policies. In this case it appears that the devices may have been stolen by a contractor, as the undertaking contains specific advice that council carries out checks on contractors staff.

The council also agreed to encrypt laptops and other portable devices used to store and transmit personal data. “When organisations store large volumes of personal details on portable computers, encryption is essential,” said Sally-anne Poole, head of enforcement and investigations at the ICO.

Poole added that the council should also take steps to educate staff about handling information securely. “They must ensure staff and contractors are trained to handle personal information securely to avoid the risk of information falling into the wrong hands,” she said. “It is also crucial organisations don’t keep personal information for longer than is necessary.”

Fines could catch companies out

New powers granted to the ICO by the government earlier this year are due to become law on 6 April. Companies that fall foul of the data breach laws now risk a maximum fine of £500,000. It is not clear at this time whether the same principle applies to government departments that lose sensitive data.

Some security experts have warned that UK companies may be caught out by the ICO’s new fines. A survey this week from Cyber-Ark Systems – which obviously has a vested interest in making dire predictions about the state of security planning – revealed that 65 percent of workers in the City of London questioned by the company had not received any warning from their company about the new regulations.

The survey also highlighted that 95 percent of workers believed they would take better care of data if they were personally responsible for any losses or theft. Commenting on the research, Cyber-Ark’s  vice president of products and strategy Adam Bosnian said that education is obviously important, but so is having the rights technology in place. “Organisations also need to control privileged users and accounts to protect sensitive information, such as customer data, from navigating its way into the wrong hands,” he said.

Earlier this month the ICO named and shamed Zurich Insurance for the loss of an unencrypted backup tape containing the financial personal information of around 46,000 policy holders by its sister company Zurich Insurance Company South Africa.

Andrew Donoghue

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago