14 DAY TRIAL // The Independent Parliamentary Standards Authority (IPSA) has agreed to implement several security measures following an incident that resulted in sensitive information about members of the UK Parliament (MPs) being exposed.
The security breach was the result of maintenance work on the MPs expenses database in July and allowed anyone with an account to other members' personal info.
The sensitive data was exposed for a period of 21 hours and among other things it included banking details, vehicle registrations and home telephone numbers.
"This case highlights how any work carried out on a database must be subject to rigorous security testing before being re-launched," said [pdf] Mick Gorrill, head of enforcement for the Information Commissioner’s Office (ICO).
"MPs carry out a high profile role and the information their expenses claims include could put them at risk of fraud and endanger their security," he added.
Andrew McDonald, interim IPSA chief executive, has signed a formal document [pdf] stipulating changes that will be undertaken in order to ensure similar incidents are avoided in the future.
The measures include reviewing administrator accounts regularly, introducing additional checks on certain database operations, as well as reassessing breach notification procedures and communicating them to MPs.
"The data controller shall implement such other security measures as, and when, it deems appropriate to ensure that personal data is protected against unauthorised and unlawful processing, accidental loss, destruction, and/or damage," the document stipulates.
The news comes shortly after ICO announced that it will start making use of its new penalty powers, which include fines of up to £500,000.
The first penalties are expected to be issued later this month and in the long term they will hopefully improve how organizations handle personally identifiable information.
The Information Commissioner's Office was recently criticized for failing to properly investigate the Google Street View Wi-Fi snooping incident.