UK Data Protection Review for October 2012
ICO fines Stoke-on-Trent
City Council £120,000 after sensitive information about a child
protection legal case was emailed to the wrong person
- 11 emails
containing sensitive information relating to the care of children were sent to
the wrong address by Council employees
- The
fact the Email and attachments were not encryption protected was the root cause
of the seriousness of the incident, leading to the high fine. An encrypted file
cannot be opened by unintended recipient, therefore it is best practise to use
file encryption on any document contain sensitive personal information sent
outside a company infrastructure via email.
ICO fines Greater
Manchester Police £150,000 following the theft of a memory stick
holding sensitive personal data from an police officer’s home
- The ICO
action was prompted by the theft of a memory stick containing sensitive personal
data from a police officer’s home. The memory stick was not encrypted and
contained details of more than a thousand people with links to serious crime
investigations.
- The ICO
found that a number of police officers across the force regularly used unencrypted
memory sticks, which may also have been used to copy data from police computers
to access away from the office. Despite a similar security breach in September
2010, the force had not put restrictions on downloading information, and staff
were not sufficiently trained in data protection.
ICO serve a £70,000
monetary penalty to Norwood Ravenswood after sensitive information
about four children was lost after being left outside of a house
- A
social worker, who worked for Norwood Ravenswood, left the detailed reports at
the side of the house on 5 December 2011, after attempting to deliver the items
to the children’s prospective adoptive parents. At the time neither occupant
was at the house, but when they returned to the property the reports were gone.
The information has never been recovered.
- The
reports contained sensitive information, including details of any neglect and
abuse suffered by the children, along with information about their birth
families. The ICO’s investigation found that the social worker had not received
data protection training, in breach of the charity’s own policy, and received
no guidance on how to send personal data securely to prospective adopters.
- In this
case the lack of data protection awareness training provided to the social
worker was identified as the root cause of the incident; therefore the business
was held to account and fined.
ICO release a statement stating it was concerned
with personal data protection within local government and the NHS
- The ICO
published four reports which summarise the outcomes of over 60 ICO audits
carried out in the private, NHS, local and central government sectors.
- In the
health service only one of the 15 organisations audited provided a high level
of assurance to the ICO, with the local government sector showing a similar
trend with only one out of 19 organisations achieving the highest mark. Central
government departments fair little better with two out of 11 organisations
achieving the highest level of assurance.
ICO issues two
monetary penalties over £250,000 to two marketers responsible for distributing
millions of spam texts
- Spamming is just wrong, especially all those PPI text messages going around at the moment, nice to see the ICO attempt to go after someone for it doing
No comments:
Post a Comment
Any comments with weblinks, or promoting/advertising company products and services will be rejected