ICO tells British Council to encrypt after data breach
The Information Commissioner’s Office has taken action against the British Council after it lost a disc containing trade union details.
The disc was lost in January by a courier and originally said to contain bank and insurance details. The ICO revealed it actually contained personal data on 2,000 trade union members in addition to bank details.
While the British Council claimed at the time of the breach that the disc was secure and required special equipment to access, the ICO noted that the disc was in fact unencrypted.
The ICO has requested that the British Council sign an agreement to improve its security measures, including immediately encrypting all portable data storage devices.
Mick Gorrill, assistant Information Commissioner, said in a statement: "The British Council proactively reported the breach to the ICO and took immediate remedial action which demonstrates its understanding of the seriousness of this data loss."
A British Council spokesperson told IT PRO that it always aims to meet or exceed the data protection act. "The British Council is committed to implementing the requirements of the UK Government's Data Handling Review."
Click here to read some of the lessons the British Council should have learned from previous public data breaches.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now