BreachExchange mailing list archives
Identity and Passport Service breaches data act
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Wed, 23 Feb 2011 00:23:52 -0500
http://www.guardian.co.uk/government-computing-network/2011/feb/22/ips-data-protection-breach The Information Commissioner's Office has found the Identity and Passport Service in breach of the data protection act after it lost 21 passport renewal applications The loss occurred in May 2010 and included the personal data of both applicants and their countersignatories. All the individuals affected were informed and offered new passports and no complaints have been received to date, said the ICO. The IPS has also signed an undertaking and has agreed to put in place a number of measures including ensuring that staff are aware of policies for the storage and use of personal data and IT security. It has also agreed to carry out and document regular inspections of the security of the methods used for the processing of personal data as well as undertake regular audits, where an appointed data processor carries out certain tasks on its behalf. Mick Gorrill, head of enforcement at the ICO, said: "A passport is an important identification document and it is clearly of concern that information relating to renewal applications has been lost. "However, there is no evidence to suggest that the applications have fallen into the wrong hands and we are pleased that the Identity and Passport Service is taking steps to stop this happening again." A spokesman for the IPS said that it takes the security of its customer data "extremely seriously", and added that immediate action was taken to cancel the application information. "An internal security review has since been carried out and we have already significantly tightened our processes to prevent such an incident happening again," he said. "During the past five years the IPS has safely handled more than 25 million passport applications." _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Identity and Passport Service breaches data act Jake Kouns (Feb 22)