All the latest UK technology news, reviews and analysis

Cambridgeshire council rapped for memory stick data breach

by Phil Muncaster

23 Feb 2011

Comment: 1

  • Tweet this

Cambridgeshire County Council has become the latest local authority to contravene the Data Protection Act after losing sensitive information.

Data protection watchdog the Information Commissioner's Office (ICO) said that the council lost an unencrypted memory stick containing personal information on at least six "vulnerable adults".

Further reading

The unapproved memory stick was used after the employee in question had difficulty using the USB stick provided by the council, according to the ICO.

To make matters worse, the breach occurred just after the council had launched an internal campaign designed to highlight the importance of personal information.

"While Cambridgeshire County Council clearly recognises the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check that their data protection policies are continually followed and fully understood by staff," said ICO enforcement group manager Sally Anne Poole.

"We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures, and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed."

The local authority will be pleased to escape the fines that the ICO is imposing with greater regularity.

Earlier this month, Ealing Council was fined £80,000 after losing the details of almost 1,000 clients, while Hounslow Council was fined £70,000 after losing the details of 700 clients.

Elwyn Jones, vice president of public sector at IT services firm Mastek, argued that public sector firms don't seem to be learning from their mistakes.

"Many organisations, are not paying enough attention to their responsibilities when it comes to the protection of sensitive identity based data, despite the regulatory mandate in place compelling the likes of local authorities to do so," he added.

"Competing priorities so often supersede these duties and it is astonishing that data is still lost or leaked on such a regular basis, especially when pseudonymisation and anonymisation tools exist that can take the responsibility for data protection out of human hands."

Do you agree?

Add your comment

Extra level of security needed

This news once again stands as testament to the fact that current storage security solutions for removable storage are not adequate or do not fit the way that users and organisations need to operate in order to remain efficient and productive. Countermeasures such as complex endpoint security solutions that only allow specific USB devices or approved removable media to be used are extremely expensive and cumbersome, as well as impacting significantly on PC performance. The draconian approach of locking down all the PCs in the workplace to prevent the use of USB ports for any devices is similarly impractical, limiting productivity and preventing legitimate duplication of data for backup, testing, approved sharing and offline working. Here, it would have been better to use a combination of strong encryption with remote management and wiping that is set up, handled and managed centrally in-house so that end users are afforded an extra level of security and protection in the event they lose a device or have one stolen from them. Tom Colvin, CTO, Conseal Security

Posted by: Tom Colvin, CTO, Conseal Security 24 Feb 2011

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Public Sector

Cloud Computing Security

Eduserv outlines cloud computing best practice for the public sector

Related white papers

Related videos

Related articles

Related jobs

Today's top stories

Olympics

Top 10 steps businesses can take to prepare for the Olympics

amazon-kindle-touch-e-book-reader

Amazon Kindle Touch review

London Underground train going into tunnel

Virgin reveals 82 London Underground stations to receive Wi-Fi

Poll

Flame virus poll

Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?

37%

0%

11%

52%

Features

V3's Madeline Bennett

It's time to change tax system to bring technology manufacturing back to the UK

The V3 hotseat

The V3 Hot Seat: Imperva CTO and co-founder Amichai Shulman

Flame in monitor screen

Quick guide to Flame malware attack

cookies

Quick guide to cookie law compliance

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Symanteccloud

Social networking: a guide for IT managers

Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them

Riverbed

Mitigating the risks of IT change

The importance of understanding your infrastructure

Technology jobs

Availability & Capacity Lead

About Us WorldPay provides a globally connected, locally...

Change & Configuration Administrator

About Us WorldPay provides a globally connected, locally...

SQL Server Developer - SSIS - Zurich

SQL Server Developer - Our client, an international...

IT Technical Service Delivery Manager / ITIL / Reigate - 65K

IT Technical Service Delivery Manager / ITIL / Reigate...

To send to more than one email address, simply separate each address with a comma.