Following last week’s report of the £180,000 fine imposed on the Department of Justice for losing a hard drive, it is perhaps time to think, “but for the grace of God, go I”.
As far as we know there have been no victims, no one has suffered loss or harm and it would not appear there was any intent or wilfulness on the part of the DoJ or its officers. The crime was simply, that following previous data security concerns, the Department sent out special secure hard drives to 75 prisons throughout England and Wales but didn’t tell the users they had to manually select encryption. In other words, if one of the hard drives was stolen the data on inmates could be easily accessed. One of the hard drives subsequently went missing.
Over the last year the Information Commissioner’s Office (ICO) received 15,492 data protection complaints, a 10% rise on the previous 12 months, whilst the ICO issued £1.97 million in penalties to organisations found to have breached data protection rules.
Individuals are equally exposed. One example of this saw a probation officer plead guilty to inadvertently revealing the new address of a domestic violence victim to the alleged perpetrator. The officer was fined £150, and had to pay £280 in costs.
Many of the complaints involve local authorities and the leaking of personal data. The ICO secured 12 criminal convictions and two cautions over the last year for the unlawful obtaining or disclosing of personal data. When upgrading phones, laptops and PCs, in fact any equipment holding data, it is essential that every effort is made to stop data leakage. Ask, “Where are our old laptops now? Do we know what data is on them? How safe is that data?”
All organisations are exposed as soon as they hand them over to a third party, whether it be for destruction or refurbishment. Managing the safe destruction of data does not need to be expensive, unless of course, it goes wrong. If you are not already enjoying the peace of mind from using AssetCare, be safe and get answers to the following questions:
1. Is your contractor an ADISA accredited provider? ADISA carry out annual audits and spot checks on all members to ensure the voluntary code is upheld.
2. Can every item collected from your premises be tracked from the beginning of its journey to final destruction or destination?
3. Does your contractor control, using their own employees, the entire journey from collection to data destruction?
4. Does your contractor use approved data destruction software such as Blancco?
5. Does your contractor use exclusively security vetted personnel?
6. Does your contractor have data protection insurance or the financial resources to deal with any possible claim?
If you are not entirely happy you are getting the right answers, please contact Alexander West on 07760 619 212 or email firstname.lastname@example.org for support.