Cambridgeshire council in memory stick blooper
By Tom Brewster,
Cambridgeshire County Council has breached the Data Protection Act after a memory stick containing sensitive data relating to vulnerable adults went missing.
The Information Commissioner’s Office (ICO) was told about the loss in November 2010, when an employee lost an unencrypted memory stick containing personal data of six individuals.
The unencrypted stick had not been approved to store the information that was downloaded onto it.
Furthermore, the breach happened just after the council had carried out an internal campaign to promote its encryption policy.
Data included case notes and minutes of meetings related to the individuals’ support.
“While Cambridgeshire County Council clearly recognise the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check their data protection policies are continually followed and fully understood by staff,” said Sally Anne Poole, enforcement group manager at the ICO.
“We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed.”
The council has escaped a fine, but has pledged to use adequate encryption on portable devices and regularly monitor data protection and IT security policies.
A Cambridgeshire County Council spokesperson apologised for the data loss and confirmed the affected parties had been informed.
"The loss of the memory stick was immediately reported by the member of staff involved, who following a full investigation has been disciplined and given advice on their future professional conduct," the spokesperson said.
Chris McIntosh, chief executive (CEO) of Stonewood, said the council had failed with employee education.
“An organisation can have the best security technology and protocols in the world, but without an educated workforce they’re worthless,” he said.
“There will always be a chance of human error in IT security; the job of the organisation is to make sure that its employees are educated on these risks and that policies are enforced.”
Earlier this week, the ICO rapped the Identity and Passport Service for losing customer data.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Public Sector Analysis & Insight
The Digital Economy Act: Is it doomed to never happen?
As a further delay hits part of the implementation of the Digital Economy Act, is this just a small hiccup, or is the Act being rendered toothless already? Simon Brew takes a look.
- Does the government want to snoop on your data?
- Q&A: Rajeeb Dey, CEO Enternships
- Government IT: Apples for the mandarins
- Striving to solve the security skills crisis
- 2011: The year in news
- Are the cookie laws crumbling already?
- UK rural broadband: too little, and too late
- How the Data Protection Act's death will punish the UK economy
- Education: glad to be a geek
Latest Public Sector Reviews
HTC Flyer review: First Look
- HP TouchPad review: First Look
- RIM BlackBerry PlayBook review - First Look
- MWC 2011: Acer Iconia A100 and A500 reviews – first look videos
- MWC 2011: HP TouchPad review - first look video
- MWC 2011: RIM BlackBerry PlayBook review - first look video
- MWC 2011: HP Pre3 review - first look video
- MWC 2011: Motorola Pro review - first look video
- MWC 2011: HTC Flyer tablet review - first look video
- MWC 2011: Samsung Galaxy Tab 10.1 review – first look video
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Public Sector
Q&A: David Elton, PA Consulting Group
PlayCIOs are increasingly influential, but have to juggle "dual roles", study finds.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
RE:
This news once again stands as testament to the fact that current storage security solutions for removable storage are not adequate or do not fit the way that users and organisations need to operate in order to remain efficient and productive.
Countermeasures such as complex endpoint security solutions that only allow specific USB devices or approved removable media to be used are extremely expensive and cumbersome, as well as impacting significantly on PC performance. The draconian approach of locking down all the PCs in the workplace to prevent the use of USB ports for any devices is similarly impractical, limiting productivity and preventing legitimate duplication of data for backup, testing, approved sharing and offline working.
Here, it would have been better to use a combination of strong encryption with remote management and wiping so that end users are afforded an extra level of security and protection in the event they lose a device or have one stolen from them.
Tom Colvin, CTO, Conseal Security
By Conseal_Security on Thursday Feb 24