Tag Archives: Data Leaks
North Somerset Council and Worcestershire County Council fined by ICO
Two councils have been fined by the Information Commissioner’s Office (ICO) after staff at both authorities sent highly sensitive personal information to the wrong recipients.
The ICO has served a monetary penalty of £80,000 to Worcestershire County Council for an incident in March 2011 where a member of staff emailed highly sensitive personal information about a large number of vulnerable people to 23 unintended recipients. The error occurred when the employee clicked on an additional contact list before sending the email, which had only been intended for internal use.
Enquiries by the ICO found that Worcestershire County Council had failed to take appropriate measures to guard against the unauthorised processing of personal data, such as providing employees with appropriate training and clearly distinguishing between internal and external email distribution lists. The council had also failed to properly consider an alternative means of handling the information, such as holding it in a secure system that could only be accessed by members of staff who needed to see it. Fortunately, on this occasion all of the unintended recipients worked for registered organisations used to operating within the council’s protocols about handling sensitive data. Worcestershire County Council has explained to the ICO that as soon as the breach occurred the council employee immediately realised their error and attempted to contact all of the unintended recipients to ensure that the information was deleted.
HiSoftware at IAPP Europe Data Protection Congress
HiSoftware will exhibit at this year’s IAPP Europe Data Protection Congress in Paris, France. The two-day event will see 300 privacy professionals participate in thought-provoking discussions, engaging debates, analysis and unparalleled education on the latest developments in privacy for the European data protection community.
Recently, HiSoftware announced HiSoftware Compliance Sheriff® for SharePoint, now HiSoftware Compliance Sheriff SP, and the debut of HiSoftware Security Sheriff™ SP. With these products, the company is making Microsoft SharePoint® safe for even the most sensitive enterprise data, from Personally Identifiable Information (PII) to Protected Health Information (PHI) to pre-release financials, strategic product information, HR data and more.
Keeping the Information Commissioner at Bay!
The increasing amount of personally identifiable information (PII) and protected health information (PHI) collected and utilised by government organisations presents an opportunity for a joined-up government, but also poses significant risk. The wrath of the Information Commissioner’s Office (ICO) and penalties associated with breaches of the Data Protection Act can be severe and all government agencies should mitigate their risk of exposure.
The E-Government Bulletin webinar, sponsored by HiSoftware, “Keeping the Information Commissioner at Bay: How to protect your organisation from content breaches” will be a live one-hour interactive online discussion on Wednesday 12 October 2011 from 14:00-15:00 GMT. The webinar will review some of the most recent and significant breaches of data privacy by local authorities and other public bodies that have incurred the displeasure of the Information Commissioner’s Office (ICO). It will examine the background and causes in each case, and the financial penalties each organisation incurred.
HiSoftware’s Chief Technology Officer, Thomas Logan, will provide insight into how these breaches could have been prevented, offering solutions and tips on how to avoid these costly pitfalls and stay on the right side of the law.
Hays Confidential Email Discloses RBS Contractors Day Rates
Recruitment agency Hays disclosed day rates of 3,000 RBS contractors to 800 people at the bank earlier this week which showed some contractors were earning up to £2,000 per day. The email was intended to remind managers to update timesheets in time for the bank holiday and included the attachment with the confidential information.
The massive mistake is resulting in huge repercussions for RBS as the union, Unite, is pressing for more information on contractor rates expressing “serious concerns” over the revelations. RBS, owned by the British taxpayer has made up to 1,000 IT staff redundancies in the last years and this email will likely intensify the divisions between temporary and permanent staff.
This was all caused by a Hays employee inadvertently emailing this information. We’ve all at one time or another sent an email to the wrong person, but when confidential information like this is sent, the consequences are dramatic.
While I am certainly not offering my opinion on the contractor rates, I will say, yet again this is another example of a non-malicious content breach that could have been prevented. Checks can be in place that scans for this type of confidential and sensitive information so that it is not able to be sent to a mass group or any irrelevant person.
We are entering a new era of business partnerships; content partnership agreements are the future. Gone are the days when businesses, like RBS, only have a content governance policy for their business. Now partners, like Hays, will need to have strict policies and producers in place for content and it will need to be part of the partnership agreement. There is too much at risk for the business from customer retention, brand damage and financial losses. For RBS they now face the union, internal unrest and customer dissatisfaction, all because a confidential bit of content was unintentionally emailed.
The Compliance Challenge for Banks [Opinion]
I recently filmed a short video for the British Banking Association’s Annual Conference for Chairmen, CEO/CFO/COOs, Executive Directors, Managing Directors. As I stood in front of the camera and thought about the issues facing the finance industry, I conveyed the huge compliance challenge they face. They are increasingly struggling to keep up with the explosion of content and the growth in the number of people able to create and edit content. We are now typically talking about thousands of people.
Security Breaches will be made Public [Opinion]
The European Commission (EC) will force firms to make their security breaches public.
In a speech at the British Bankers’ Association (BBA) Data Protection and Privacy Conference in London, Viviane Reding, vice-president of the European Commission, said “I intend to introduce a mandatory requirement to notify data security breaches. I understand that some in the banking sector are concerned that a mandatory notification requirement would be an additional administrative burden. However, I do believe that an obligation to notify incidents of serious data security breach is entirely proportionate and would enhance consumers’ confidence in data security and oversight mechanisms.”
Surrey County Council Fined £120,000 [News]
The Information Commissioner’s Office (ICO) has served Surrey County Council with a monetary penalty of £120,000 for a serious breach of the Data Protection Act after sensitive personal information was emailed to the wrong recipients on three separate occasions.
Which Type of Content Personality do you have?
Answer these few simple questions to find out if your personality will lend itself to causing a company confidentiality leak.
1. Do you love social media?
2. Are you always talking about your company through social media (on Twitter, Facebook, LinkedIn and on Forums)?
3. Are you trying to keep your company in the forefront of customers’ minds?
4. Have you ever used inappropriate language or misrepresented the brand when using social media?
If you’ve answered yes to any of these then you could be a ‘Four-Mouthed Social Media Monster!’
Next questions… If you are responsible for sharing documents with the entire company or sometimes with the public, answer these two questions:
1. Does any of the information you share have customer details within it? For example a National Insurance Number, date of birth or address
2. Can this information, with potentially sensitive customer information, be accidently published within your organisation?
If you answered yes to either of these then you could be a ‘Clueless Uploader!’
Moving on … If you are an executive assistant that manages calendars and information (i.e. confidential merger talks, reorganisation strategies, even potential layoffs) or publishes information for the executive team, answer yourself these two questions:
1. Are you able to recognise the sensitivity of some of that information?
2. Are you certain that the information cannot be accessible to the entire organisation?
If you answered no to either of these then you could be an ‘Executive Assistant with Slippery Fingers!’
Once you’ve identified problem personalities and characters, policies and education, awareness and enforcement are a few ways that can help eliminate these behaviors and stop information leakage in its tracks.
Read the full article.
Image Source: nyer.28
Subscribe to our RSS Feed 
Follow Us on Twitter 
Find us on LinkedIn 