As Absolute Data launches its DataWise service, we look at some of the most¬†high-profile¬†data protection blunders made in¬†2011 (compiled by www.information-age.com).
DataWise, by Absolute Data, is committed to advising companies and organisations, regardless of their size, in creating robust and effective data protection policies and procedures, and¬†helping them to ensure they stay above the law. We spend time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law.
A recent study carried out in partnership by the Ponemon Institute and Experian suggests that ‚Äúby far, negligent employees, temporary employees or contractors not only make organisations vulnerable to [future] breaches…. [but that] conducting training and awareness programmes and enforcing security policies should be a priority for organisations‚ÄĚ (2011).
Retail, banking and services conglomerate the Co-operative Group apologised after details of 83,000 customers of its funeral planning service were accidentally published online. It blamed the episode on a contractor.
Which? Money published a study of data protection complaints against banks. It found that Barclays Bank topped the list, with 116 legitimate complaints to the Information Commissioner’s Office in 2010, just above Lloyds with 114 complaints. The most common breaches by banks, the study found, were failures to respond to subject access requests.
A hospital in Dublin was forced to admit that patient records had been subject to “unauthorised access and disclosure” after being sent to the Philippines for transcription, having initially described reports of the breach as “unsubstantiated”.
NHS North Central London (NHS NCL), had 20 of its laptops stolen from a storeroom.One of the laptops contained 8.6 million patient records, and the incident was only reported to police three weeks after the laptop went missing.
A former Barclays employee was found guilty of illegally accessing a customer‚Äôs data. The woman, the wife of a convicted sex offender who abused her position to find out details of her husband‚Äôs victim, had chosen to ‚Äúignore training [Barclays] provide‚ÄĚ, the bank said. ‚ÄúAll staff receive annual training on the importance and regulatory requirements of the Data Protection Act and the consequences of any breach”
A woman applying for a mortgage had her credit rating damaged by a glitch in the bank’s credit checking software. The system accidentally accessed the woman’s credit history multiple times, prompting her score to deteriorate. The ICO found that it was “unlikely that Barclays has complied with the requirements of the [Data Protection Act]“, but did not take any action against the bank.
Powys County Council was fined a record ¬£130,000 after sensitive information relating to child protection case was mailed to the wrong recipient. The information had been picked up accidentally from a shared printer.
Big Brother Watch‚Äôs report suggested that 1,035 data breaches had ocurred in local government since 2008, although only 53 were reported to the ICO. These breaches included the loss of 244 laptops, 98 memory sticks and 93 mobile devices.
What does the ICO have to say?
¬†‚ÄúEducation…. awareness raising….are key activities‚ÄĚ
Contact us now to discuss how your organisation will benefit from using DataWise: firstname.lastname@example.org, or call us on 01423 790125.