Teachers union hit by data loss
By Nicole Kobie,
A teachers union has been slapped on the wrist by the Information Commissioner's Office after it lost a laptop and memory stick holding data on over 6,000 of its members.
The devices held "sensitive personal data" - though none of it was financial - on 6,282 of the The Association of Teachers and Lecturers (ATL) union's members.
ATL has been ordered by the ICO to encrypt all its portable devices after the unencrypted laptop and stick went missing from the car of one of its staff members.
Aside from being forced to encrypt such devices, the ATL must also review its data policies, ban users from storing personal data on memory sticks, and better educate staff.
Sally Anne-Poole, head of enforcement at the ICO, said: “I encourage organisations to prevent staff from downloading large amounts of personal data."
"It is vital that portable devices, including laptops and memory sticks are encrypted if they are used to store personal information," she added in a statement. "Staff members should not be allowed to keep people’s personal details, especially sensitive personal information, on their own memory sticks."
The ICO has pushed for the ability to fine organisations up to £500,000 for data breaches, but at the moment tends to just require data storage changes to prevent losses from reoccurring.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- Dell EqualLogic PS6100XS review
- Chromebooks: What's gone wrong?
- ICO: Fines for cookie law breakers
- UK regulator shuts down Angry Birds scam
- Open source software driving cloud-based innovation
- Fujitsu targets enterprises with Android ICS tablet
- IBM bans use of Siri on iPhones
- Dell PowerEdge R820 review
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
A detention of common sense
We have already seen several high-profile and embarrassing instances of laptops being stolen or left behind on trains, in taxis and in other public places. This latest incident could have been avoided by implemented and maintain tight access controls and using strong authentication techniques.
Protecting sensitive corporate and customer data means more than just having a good password policy. It requires strong policies and training to ensure that processes and best practice are adhered to. Common sense is also paramount, and in the case of the ATL, one can’t help but think that on this occasion, common sense was in very short supply.
Systems – be they laptops or desktops - must be kept as secure as current technology allows and users must ensure that access procedures and technologies are not only used properly, but safeguarded. Leaving a decryption dongle or smart card with the laptop when not actually using it is just as bad, if not worse, than writing a key access password on a Post-It Note and sticking it to the side of the monitor.
By combining the use of a dongle with a robust authentication system, a compromised dongle would pose less of a threat to the organisation and limit the damage to mission-critical systems and to users.
Stuart Hodkinson, UK general manager for Courion
By Ip_courion3a5e03 on Tuesday Feb 2