- SMB Spotlight
The Information Commissioner's Office (ICO) has been forced to take yet more action against private sector firms for lapse data handling procedures involving misdirected emails and unencrypted USB sticks.
The first incident concerned employment agency Manpower and involved a member of staff accidentally sending an email containing data on 400 individuals to 60 members of staff.
An investigation by the ICO found that, while the data appeared not to have been compromised, the firm had failed to properly consider the best way to transmit sensitive data among staff.
"The data controller had not given sufficient consideration to the security of the personal data compromised and had sent all data to the employee involved rather than only that which was required," it said in its undertaking.
"It was also discovered that the data had been transmitted over the internet without protection."
The firm has now agreed to ensure that all staff are fully trained on the correct way to handle sensitive information and that it will be sent with password protection or encryption if sent over the internet.
An ICO spokesperson added that the case highlighted the importance of having adequate procedures in place before personal information is disclosed
"Checking and double checking that information is being sent to the right recipient is a simple measure and one that could have prevented this data breach," they added.
The incident follows on from an undertaking the organisation issued after an employee working for mental health care provider Praxis Care lost an unencrypted memory stick containing personal details on 160 individuals.
The firm signed an undertaking agreeing to ensure such data was encrypted in the future and it said it was "confident that the measures taken will greatly reduce the risk of future information loss".
Unencrypted memory sticks are one of the most common causes of data loss in both the private and public sector with the ICO regularly forced to take action in such cases.