BreachExchange mailing list archives
Security vow after vulnerable adults memory stick lost
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 24 Feb 2011 01:37:43 -0500
http://www.bbc.co.uk/news/uk-england-cambridgeshire-12551314 A council has agreed to improve its security after losing a memory stick which contained the details of at least six vulnerable adults in November 2010. Cambridgeshire County Council notified the Information Commissioner's Office (ICO) after the breach. An employee lost an unencrypted and unapproved device containing case notes and minutes of meetings. The member of staff had previously experienced problems using one of the council's encrypted memory sticks. The breach of the Data Protection Act happened just after the council had undertaken an internal campaign aimed at promoting its encryption policy. Employees had been asked to hand in unencrypted devices and were warned about the importance of keeping personal information secure. Council apology The ICO's enforcement group manager Sally Anne Poole said: "Cambridgeshire County Council clearly recognises the importance of encrypting devices in order to keep personal data secure. "However this case shows that organisations need to check that their data protection policies are continually followed and fully understood by staff. "We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures." A council spokesman said: "Cambridgeshire County Council takes the storage of personal data very seriously and has strict procedures on how it should be stored. "We apologise that this loss happened and contacted the relevant people as soon as we were made aware. "In this case the member of staff did not follow the council's policy of using a password protected and encrypted memory stick. "The loss of the memory stick was immediately reported by the member of staff who, following a full investigation, has been disciplined and given advice on their future professional conduct." The missing device has not been found. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Security vow after vulnerable adults memory stick lost Jake Kouns (Feb 24)