Locks and Security News: your weekly locks and security industry newsletter
4th December 2019 Issue no. 486
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Data Protection: Latest penalties highlight need for greater awareness of data collection and storage
Two penalties recently served by the ICO on Kent Police and the British Pregnancy Advisory Service have highlighted the need for organisations to understand precisely what personal information they are collecting and where it is being stored.
Kent Police received a penalty of £100,000 after interview tapes and documents containing sensitive personal information were left in the basement of a former police station. The information was only discovered some four years later, when a police officer spotted some of the tapes on a routine visit to see a local business owner who had recently bought the property. Our investigation found that the force had no guidance in place to ensure personal information was securely removed from former premises.
The British Pregnancy and Advisory Service was fined £200,000 following a serious breach of the Data Protection Act after failing to realise that its own website was collecting sensitive information about people requesting to be called back for advice on pregnancy issues. A vulnerability in the website's code allowed a hacker to access the information before threatening to publish the information online. The hacker was subsequently arrested and an ICO investigation found the organisation guilty of a serious breach of the DPA, with some of the callers' information going back over five years.
Both of these breaches were entirely avoidable and could have been prevented if the organisations had appropriate procedures and adequate security measures in place.
23rd April 2014