recent work

A reason to use DataWise

As Absolute Data launches its DataWise service, we look at some of the most high-profile data protection blunders made in 2011 (compiled by www.information-age.com).

DataWise, by Absolute Data, is committed to advising companies and organisations, regardless of their size, in creating robust and effective data protection policies and procedures, and helping them to ensure they stay above the law. We spend time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law.

A recent study carried out in partnership by the Ponemon Institute and Experian suggests that “by far, negligent employees, temporary employees or contractors not only make organisations vulnerable to [future] breaches…. [but that] conducting training and awareness programmes and enforcing security policies should be a priority for organisations” (2011).

March 2011
Retail, banking and services conglomerate the Co-operative Group apologised after details of 83,000 customers of its funeral planning service were accidentally published online. It blamed the episode on a contractor.

June 2011
Which? Money published a study of data protection complaints against banks. It found that Barclays Bank topped the list, with 116 legitimate complaints to the Information Commissioner’s Office in 2010, just above Lloyds with 114 complaints. The most common breaches by banks, the study found, were failures to respond to subject access requests.

August 2011
A hospital in Dublin was forced to admit that patient records had been subject to “unauthorised access and disclosure” after being sent to the Philippines for transcription, having initially described reports of the breach as “unsubstantiated”.

NHS North Central London (NHS NCL), had 20 of its laptops stolen from a storeroom.One of the laptops contained 8.6 million patient records, and the incident was only reported to police three weeks after the laptop went missing.

September 2011
A former Barclays employee was found guilty of illegally accessing a customer’s data. The woman, the wife of a convicted sex offender who abused her position to find out details of her husband’s victim, had chosen to “ignore training [Barclays] provide”, the bank said. “All staff receive annual training on the importance and regulatory requirements of the Data Protection Act and the consequences of any breach”

November 2011
A woman applying for a mortgage had her credit rating damaged by a glitch in the bank’s credit checking software. The system accidentally accessed the woman’s credit history multiple times, prompting her score to deteriorate. The ICO found that it was “unlikely that Barclays has complied with the requirements of the [Data Protection Act]”, but did not take any action against the bank.

December 2011
Powys County Council was fined a record £130,000 after sensitive information relating to child protection case was mailed to the wrong recipient. The information had been picked up accidentally from a shared printer.

Local Government
Big Brother Watch’s report suggested that 1,035 data breaches had ocurred in local government since 2008, although only 53 were reported to the ICO. These breaches included the loss of 244 laptops, 98 memory sticks and 93 mobile devices.

What does the ICO have to say?
 “Education…. awareness raising….are key activities”

Contact us now to discuss how your organisation will benefit from using DataWise: info@absolute-data.co.uk, or call us on 01423 790125.