Posted: February 12th, 2010 | Author: Richard | Filed under: Data Security, Government | Tags: Data Loss Risk, Government, Security | No Comments »
A new rule, approved by the Secretary of State for Justice and expected to come into force on 6th April 2010, will enable The Information Commissioner’s Office (ICO) to issue fines of up to £500,000 for serious data security breaches.
This new power is in no doubt a reaction to several high profile data losses from large organisations including the DVLA and the Ministry of Defence.
With an enormous amounts of personal data stored and processed online, Christopher Graham, the Information Commissioner, said he hoped the penalty would encourage companies to comply more closely with the Data Protection Act.
“These penalties are designed to act as a deterrent,” he said in an official press statement.
“I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the Act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law.”
Under the most recent Act of 1998, data can only be used for the purposes for which it is collected and cannot be given to others without the consent of the individual.
Posted: November 27th, 2009 | Author: Richard | Filed under: Data Security, Government | Tags: Access, Data Loss Risk, harmful media, Security | No Comments »
New research from IDC and security vendor RSA, that included 400 top level executives, revealed that organisations are more likely to suffer from accidental data security leaks than malicious insider attacks.
The research shows that the accidental data leaks often cause more damage than insider attacks; giving reason to doubt the traditional assumption that theft is the highest cause. Most security leaks are accidents that occur simply when employees do not follow correct security protocol or misuse information accidentally.
The firms that participated in the poll reported that accidental data loss accounted for 6,244 of incidents; unauthorized people receiving privileged access to data resulted in 5.794 incidents of risk, and malware attacks that came from within the firms accounted for 5,830 incidents.
Posted: September 16th, 2009 | Author: Richard | Filed under: Data Security, Government | Tags: Data Loss Risk, Government, harmful media, Security | No Comments »
A USB stick infected with malware brought Ealing council to it’s knees for several days after a town hall employee plugged it in to a work computer.
Despite the use of anti-virus software, the virus spread through Ealing council’s IT network, preventing the use of phones and making it impossible to process payments and fines for nearly a week.
On top of this delay, parking tickets worth £90,000 had to be cancelled, £14,000 was spent on on clearing housing benefit claims, the library service lost £25,000 as it could not issue fines or booking fees, and council property rent could not be collected.
Total costs are estimated to exceed £500,000 in lost revenue and system repairs.
A council report said:
“At the point the memory stick was plugged in the virus attacked the host PC.
It blocked connections to anti-virus and Microsoft Support websites and attempted to establish connections with 500 internet sites chosen at random from a selection of 25,000 seeking instructions from its author, and sought to also contact other similarly infected PCs that it could find.It then started propagating itself across the Ealing network.”
Bhav Lakhani, Operations Director at the international software distribution company Codework observed that;
“This unfortunate incident highlights the increasing dangers usb sticks and other endpoint devices pose and emphasises the importance of having a sound security strategy in place”
A council spokesman said: “The council acted immediately to protect all data and ensure that essential frontline services could continue.”
Posted: July 29th, 2009 | Author: Meha | Filed under: Data Security, Government | Tags: Data Loss Risk, Security | No Comments »
HSBC, Britain’s biggest bank, has been fined £3m by the financial regulator for failing to protect customers’ confidential details after data was lost in the post on two occasions. Three companies belonging to the bank’s insurance division have been fined by the Financial Services Authority after it found that large amounts of unencrypted customer details had been sent via post or courier to third parties. Confidential information about customers was also left on open shelves or in unlocked cabinets and could have been lost or stolen.
The failings date back to April 2007, when HSBC Actuaries, a division of the bank, lost an unencrypted floppy disk in the post, containing the personal information of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers. Later in February 2008, HSBC Life, another division, lost an unencrypted CD containing the details of 180,000 policyholders in the post. The confidential information on both disks could have helped criminals to steal customers’ identities and commit financial crime. The FSA fined HSBC Life £1.61m, HSBC Actuaries was fined £875,000 and HSBC Insurance Brokers was fined £700,000.
Margaret Cole, director of enforcement at the FSA, said:“These breaches are very disappointing. All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals.
“It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details.
Clive Bannister, group managing director of HSBC Insurance, said the group regretted the incident:
“Keeping our customers’ data confidential and secure is vitally important to everyone at HSBC,” he said.
“We have implemented even more rigorous systems, better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy.”
The data loss by HSBC is not the first time that data have gone missing from financial institutions and government departments. In November 2007, the government admitted that it had lost two CDs containing details of 25m child benefit records.
Another bank, HBOS, now owned by Lloyds, apologised to more than 60,000 mortgage customers in June 2007 after private information about them was lost in the post. The FSA takes any loss of data seriously.
In the past it has fined Nationwide, the building society, £980,000 for lapses in information security procedures after a laptop containing sensitive customer information was stolen from an employee’s home.
Norwich Union, part of Aviva, was fined £1.26m for not having effective controls in place, enabling fraudsters to obtain customers’ details and cash in £3.3m of policies.
A report issued by the regulator last year found that many financial services firms still had lax attitudes toward their customers’ private information, despite the series of high-profile incidents.
Posted: July 16th, 2009 | Author: Sai | Filed under: Government, Internet Restriction, Web Monitoring | Tags: Access, Block websites, Control, Government, Internet, Restriction | No Comments »
An Internet filter on the Parliament IT system blocks access to websites that contain “offensive or illegal content or are sources of malicious software”.
The policy emerged after an MP was unable to access the Daily Sport site.
“Because of the things they are trying to censor they may have made an assumption about this particular website,” said Lembit Opik, MP.
Guidance issued to all MPs in December 2007 warns that they have a duty to ensure the Parliamentary network is used properly “by themselves and their staff” and to avoid actions that “threaten the integrity of the system or bring it into disrepute”.
The aim is to protect security but also to “help to prevent users of the network from being exposed to inappropriate material”.
The web filtering system also “collects data related to user activity, including user names and all websites visited whether blocked or not and will be retained for a period of 12 months”, it adds.
MPs who try to access sites deemed inappropriate are presented with a screen asking them to contact the Commons authorities for permission to view the material.
Those who break the rules face being disconnected from the system by the Serjeant-at-Arms.
Do you think MP’s should be allowed to browse freely?
For more information on how BrowseControl can help you restrict your internet access please click here.
BrowseReporter can track and monitor your browsing activity. Click here for more information or for a free 30 day trial.
Alternatively, please feel free to contact us for more information or to discuss your requirements.
