Two institutions from the UK give the perfect example

Oct 6, 2011 12:30 GMT  ·  By

A perfect example from the United Kingdom shows us once again that companies fail to protect the sensitive information they are in charge of and take active measures only after a data breach occurs.

The Information Commissioner’s Office, an organization that upholds information rights in the public interest, revealed a case of the Association of School and College Leaders (ASCL) which broke the Data Protection Act, a UK Parliament law which highlights the ways in which personal info must be handled.

Even though the company possessed encryption software, it was not properly deployed by all its employees and in May 2011 the unexpected happened. A laptop containing unencrypted data, belonging to around 100 individuals, was stolen.

Acting Head of Enforcement, Sally Anne Poole revealed “The ICO’s guidance is clear: all personal information – the loss of which is liable to cause individuals damage and distress - must be encrypted. This is one of the most basic security measures and is not expensive to put in place - yet we continue to see incidents being reported to us. This type of breach is inexcusable and is putting people’s personal information at risk unnecessarily.“

A similar incident was encountered at, Holly Park School, in Barnet, where a laptop containing documents on students was stolen from an unlocked office.

In both situations the ICO discovered that the institutions didn't enforce a proper data security policy which led to the unfortunate events.

These occurrences can be easily avoided by installing proper anti-theft or encryption software on devices that contain information that could put someone's well-being at risk.

The Data Protection Act should act as an example to organizations all over the world, as we've recently witnessed many cases where unencrypted documents got into the wrong hands.

The eight principles of the Data Protection Act, say that anyone who processes personal information should make sure that it's:

- correctly processed; - not used for illegitimate purposes; - collected only if relevant; - accurate; - not kept when no longer necessary; - secure.