West Berkshire Council data loss shows need for automation

News

West Berkshire Council data loss shows need for automation

Warwick Ashford

The loss of personal data by the West Berkshire Council once again proves that employees will always be the weakest point in any security system, says Chris McIntosh, chief executive of encryption firm Stonewood.

The Information Commissioner's Office (ICO) found the council in breach of the Data Protection Act (DPA) for losing an unencrypted USB stick containing personal information about children and young people.

The ICO found that unencrypted devices, in operation before the council introduced encrypted memory sticks in 2006, were still being used by members of staff.

Organisations must make sure that they cannot breach security even inadvertently through use of rigorous protocols and automated technology to ensure that, for example, unencrypted USB sticks are correctly recalled, said McIntosh.

"While the organisation as a whole may know the value of encrypted data, it is imperative that not only do the workers know this, but that there is no opportunity whatsoever for sensitive data to be unencrypted at any point in its life," he said.

The council has been identified as the second most prolific local authority in the country in its use of data gathering powers granted by the Regulation of Investigatory Powers Act (Ripa).

"The fact that this is its second reported loss of sensitive, unencrypted data in six months is more than a little ironic," said McIntosh.

"Considering the council's willingness to gather information on its citizens, you might expect that nothing would be left to chance when protecting that information," he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy