Data protection – it’s not just about encrypting laptops and the cloud

I know that Douglas thinks that data protection is boring, but a press release from the ICO earlier today provides a timely reminder that data protection is about more than just stolen laptops and CDs, Web 2.0 and data going missing in the cloud.

Whilst no fine has been imposed by the ICO, the latest undertaking to be given by a data controller to the ICO relates to the good old fashioned theft of papers containing sensitive personal data from the “unlocked” bag of a home support worker at North Lanarkshire Council.

Following an investigation, the ICO found that the Council’s procedures and staff guidance were indequate.

Ken MacDonald, the Assistant Commissioner for Scotland said:

Organisations have a responsibility to make sure that any personal information used by their workers outside of the office remains secure. It is never acceptable for papers containing sensitive personal information to be left in an unlocked bag without necessary precautions. The council’s guidance on the handling of this type of information was inadequate and failed to advise staff on the best means of keeping information safe.

The undertaking emphasises the importance of ensuring that appropriate procedures in place to deal with the removal of files and paperwork from the office, and off-site working.

Whilst I’m not sure how much difference a lock on the bag would have made (in my experience, these sorts of locks are pretty flimsy and hardly equivalent to the sort of encyrption that the ICO now expects to be installed on laptops), I’m not surprised that the ICO is taking enforcement action in this area. I am constantly amazed at how often you see people openly working on confidential/senstive papers on trains, seemingly oblivious to the fact that their fellow passengers can see and/or (in the case of one lawyer that was dictating a letter across the table from me on the Edinburgh to Glasgow train recently) hear every word.

0 Responses to “Data protection – it’s not just about encrypting laptops and the cloud”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter: @BrodiesTechBlog feed

June 2011
« May   Jul »

%d bloggers like this: