in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption: Midlothian Council First Scottish ICO Fine, Largest To Date

In a clear sign that it frowns on all data breaches, not just electronic ones, the UK's Information Commissioner's Office (ICO) has handed out its largest penalty to date to the Midlothian Council in Scotland.  It's the first ever ICO fine for any Scottish local government, and it underscores that, while laptop encryption software like AlertBoot goes a long way towards placating any concerns, it's not the only thing UK data controllers should be focusing on.

Five Breaches in Four Months

While it's true that the Midlothian Council has received the largest penalty to date (£140,000.  The next largest one is £130,000 handed to the Powys County Council in December 2011.  I keep a list of ICO monetary penalties), one could also argue that it's not a fine, but a total fine for 5 data breaches:

  • The wrong child's name was entered into an agreement
  • A GP was sent a request for a child's report.  The child wasn't registered with the GP
  • A file was unintentionally included with other documents and sent to unintended recipients
  • Minutes of a child's protection conference were sent to an old address
  • A letter on the foster care status of a child was sent to the wrong people

The above occurred in a period of 4 months.  It could be argued that each breach cost the council £28,000, putting it at the bottom of the pile.

Incidentally, the £140,000 was the reduced figure from £150,000 after the council appealed the fine.

Human Error?  They Usually Are

From scotsman.com:

Midlothian Council said it referred itself to the commissioner and insisted its procedures were sound, despite the breaches.

Colin Anderson, chief social work officer, said: "While the council accepts there were mistakes, they were caused by human error. Clear procedures were in place but were not followed."

That the breach was a result of human error is a moot point: that's usually the case when it comes to the ICO handing monetary penalties.  With respect to the UK data breaches I've covered on this site, especially those that have involved a penalty from the ICO, almost all of them involved human error.  That is, I can't really recall a breach where someone caused the breach on purpose.

That "clear procedures were in place but not followed" appears to exacerbate the situation, in my opinion.  In fact, if the procedures were so clear but ignored, couldn't one argue that this was not a case of human error?


Related Articles and Sites:
http://www.scotsman.com/news/health/140_000_fine_after_sending_child_data_to_wrong_people_1_2085605
http://www.databreaches.net/?p=23042
http://www.ico.gov.uk/news/latest_news/2012/midlothian-council-handed-penalty-five-serious-data-breaches-30012012.aspx
http://www.information-age.com/channels/information-management/news/1688338/ico-serves-scottish-council-with-record-140k-fine.thtml
http://www.zdnet.co.uk/news/security-management/2012/01/30/data-leaks-cost-midlothian-a-record-140k-fine-40094935/?s_cid=938

 
<Previous Next>

Ruling on Fricosu: Much Ado About Nothing?

Disk Encryption Software: Regions Financial Corporation USB Data Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.