recent work

MPs Personal Data is Compromised

Work carried out on a database that contained the bank details, vehicle registrations and home telephone numbers of MP’s with expenses claims allowed such personal information to be put at risk, the ICO has confirmed. Routine maintenance on the database was carried out by the Independent Parliamentary Standards Authority (IPSA) during July 2010, which is when the expenses claims, and hence the personal data, was accessible by others.

Mick Gorrill, Head of Enforcement at the ICO, said:
“This case highlights how any work carried out on a database must be subject to rigorous security testing before being re-launched. MPs carry out a high profile role and the information their expenses claims include could put them at risk of fraud and endanger their security.”

As a result, the IPSA has signed a formal undertaking in order to ensure any necessary security measures are put in place in order to protect MPs personal information, that such measures are communicated to all MPs and staff, and that regular reviews to the system’s administrator account take place.

To read the formal undertaking, please go to http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/~/media/documents/library/Data_Protection/Notices/ipsa

Comment
Mistakes can happen, and an organisation’s current system may be found to have loop holes in, thus introducing an element of risk into the data management system. However, it is vitally important that procedures relating to the management of data are documented, adhered to and regularly reviewed so as to not allow such procedural flaws to happen at all.
By having a documented procedural system for data management, the chances of getting it right first time will be increased. By reviewing such systems, organisations will continually improve data management systems. This is something that Absolute Data does and can help you with. Absolute Data also works with many organisations to reduce or eliminate the risk to the personal information that they hold about individuals. The “softer side” of privacy risk management such as staff training and having documented procedures is often overlooked and under-funded in organisations and an area where we can have a big impact for a modest investment.  For further information, please contact us now at info@absolute-data.co.uk.