Several warnings to business from ICO at Infosec 2011

Deputy Information Commissioner David Smith had several warnings for business organisations at this morning’s keynote at Infosec 2011 in London.

Looking to future, Smith made several references to recently and soon to be acquired extra powers for the ICO.

Many organisations are still not getting the basics right, he says, and the cardinal sin in the ICO books is any failure to have a proper managed approach to risk.

With 20 cases under investigation that may lead to monetary policies being imposed and up to 60 audits planned, the ICO clearly means business in 2011.

The results of past audits are published on the ICO’s website, so this is probably a good place for UK organisation to start any review to indentify potential data protection weaknesses.

Areas that UK business should be looking at include the theft or loss of unencrypted laptops and portable storage media, failure to clear data that is no longer required, failure to monitor contractors and data processors, poor communication and training around data protection, and failure to relate policies and procedures to jobs.

Many fax and email communications are still insecure, says Smith, and failure to prevent loss or exposure of personal data through email is likely to feature in monetary penalty cases soon.

Physical security is another common failing. Smith says organisations tend to focus on IT security at the expense of physical security. Access to buildings and hardware is all too often overlooked, he says.

The biggest changes in 2011 are likely to be for service providers. From May, all service providers will be required by law to report all data breaches, and all website owners will have to ensure they are not storing any information on users PCs that is not strictly necessary for the provision of the service.

“From May, this can take place only with the consent of the user,” says Smith. Any website operator failing to do this, will be held accountable.




Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I happen to be commenting to let you be aware of of the fine discovery my wife's daughter had reading through your webblog. She came to find plenty of pieces, most notably how it is like to possess an ideal helping character to let others easily know selected grueling things. You actually surpassed our own expected results. Thank you for distributing these invaluable, trusted, educational and easy tips on this topic to Julie.
I not to mention my buddies have already been reviewing the excellent secrets on your website and so instantly came up with a horrible suspicion I had not thanked the site owner for those secrets. The men happened to be absolutely glad to read through all of them and have now sincerely been taking pleasure in them. Appreciation for turning out to be really considerate as well as for deciding upon this sort of quality ideas millions of individuals are really eager to be aware of. My personal sincere apologies for not expressing appreciation to you earlier.
Hi there, just became alert to your blog through Google, and found that it is truly informative. I’m going to watch out for brussels. I will appreciate if you continue this in future. A lot of people will be benefited from your writing. Cheers!
Hello, i think that i saw you visited my blog so i came to “return the favor”.I am attempting to find things to improve my website!I suppose its ok to use some of your ideas!!
Hello this post is not really good. Can you tell me any related articles?