Tag Archives: Information Commissioner

Leicestershire County Council Escape Fine after Data Loss

The Information Commissioner’s Office (ICO) has completed their investigation into a case where a Leicestershire County Council employee lost confidential data belonging to 18 children. Strict data protection laws had been broken and this case could have been prevented if the regulatory laws had been adhered too. The ICO have been critical of Leicestershire County Council but there have been no indication that they impose a fine.

The main role of the ICO is to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals in the UK. The ICO can impose a fine of up to Ł500,000.00 for any serious breach of the Data Protection Act.

Leicestershire County Council initially got into trouble when a social worker took home some confidential court documents in May last year.  These documents were left in a briefcase in the social worker’s home during the night rather than in a secure location in the house. The social worker had obtained permission to take the documents home but they hadn’t received the relevant data protection training and therefore appropriate procedures were not followed. The social worker’s house was broken into that night and the burglar stole the briefcase with the documents inside. If the social worker had received the data protection training, they would have known that the documents should have been kept in a secure location in the house, preferably under lock and key.

Stephen Eckersley, The ICO’s head of enforcements claimed, “While Leicestershire County Council already recognised the risks associated with home working and had produced guidance for their staff, the guidance did not explain how papers containing personal information should be kept secure.”

Eckersley later argued, “Local authorities must recognise social workers are handling some of the most sensitive information available. The fact this information often relates to vulnerable young children means it is all the more important for these organisations to provide staff with adequate training and guidance on how to keep this information secure.”

A County Hall spokesman has responded to this outcome stating, “The county council takes data security extremely seriously. As soon as it became aware a briefcase had been stolen from a social worker’s house, the Information Commissioner was informed. We already have comprehensive information security arrangements in place and constantly explore how we can improve these. This case has led us to reorganise our priorities.”

The County Hall spokesman later added, “We have made it clear staff should not take confidential documents home unless it is absolutely necessary for their work and they have their manager’s permission. If they do take documents home, they must lock them in a secure place.”

This latest case of data loss suggests that many people are still acting reactively towards data loss incidents and not proactively. Surely questions should remain why the social worker was allowed to take the confidential court documents home in the first place as they hadn’t even received the relevant data protection training.

New UK Data Privacy Commissioner

A report produced by the inquirer has made an amendment to a tabled discussion regarding data privacy.

A position is to be created which will regulate privacy issues affecting the public.

The House of Lords made this statement “The Secretary of State shall appoint a Commissioner to be known as the Privacy Commissioner ..It shall be the duty of the commissioner to promote respect for individual privacy.”

The current and weak Information Commissioner’s Office (ICO) is reputably disappointing in following through with its investigations.

“It is a quasi judicial regulator that sees its role as protecting data rather than people,” Privacy International says.

Poor data protection policies within the UK have prompted such discussions. Countless hacking scandals this year are beginning to be addressed, and the value of data being realised.

Although the primary duty of the new Privacy Commissioner would be to ensure individual privacy, data privacy within the business world also needs addressing. This is especially apparent with IT cutbacks and with organisations moving their infrastructures to the cloud.  Addressing the current failures of the ICO is only the start.

“If successful the UK could have a real privacy regulator rather than a weak one that merely oversees data protection,” Privacy International.

Loose Data Affecting Student Career Prospects

Students are not facing the most prosperous times with regards to career prospects but recent data suggests that many are concerned about data they post online affecting their chances of getting a job.

In fact of the 500 students surveyed in a study conducted by ICO, 42% expressed concern that personal data hanging around online may affect whether companies would take them on.

Christopher Graham, Information Commissioner stated “In touch times, young people are clearly less relaxed about privacy, particularly in relation to information that they post online – but many may not know what they can do about it.”

The study revealed that for one reason or another students are failing to take steps to maintain privacy. One in three (33%) of students have not got around to re-directing their post from a previous residence.

A shocking 75% have not checked their credit rating in the past year with 66% admitting they have never checked it.  This leaves them wide open to suspicious credit applications.

The ICO have conducted this survey as part of their 2011 Student Brand Ambassador Campaign. Graham comments “The Student Brand Ambassador campaign is about arming students with the advice they need to protect themselves from obvious dangers such as identity theft and keeping their social lives private.”

At Backup Technology we always look to take on graduates who have extra-curricular interests and who have had fun throughout conducting their studies. However undesirable data encountered online could severely impede students being granted an interview.

ICO warns UK businesses: New EU cookies law must be followed

Monday night saw a warning to all business from the Information Commissioner’s Office that they must “wake up” and take action to a new law, which will be enforced on the 25th May 2011. This law changes the EU’s Privacy and Electronic Communications Directive. The change will require business to obtain website visitors permission to store and retrieve usage information from users’ computers.

A cookie is a piece of text stored on a users computer by their web browser. It is generated by the websites that the user visits and usually stores information that can be users to save user preferences, shopping carts and authentication.

Information Commissioner, Christopher Graham, said:

“While the roll out of this new law will be a challenge, it will have positive benefits as it will give people more choice and control over what, information businesses and other organisations can store on and access from consumers’ own computers.

“The Directive will come into force in less than two months time and businesses and organizations running websites in the UK must wake up to the fact that this is happening. We are proactively working with the government, businesses and the public sector to find a workable solution. We recognize that the internet as we know it today depends on the widespread use of cookies and there are of course legitimate business reasons for using them. So we are clear that these changes must not have a detrimental impact on consumers nor cause an unnecessary burden on UK businesses. One option being considered is to allow consent to the use of cookies to be given via browser settings.

“Once the new regulations are published there will be a major job of education and guidance to be undertaken. In the meantime, both the business community and public sector organizations need to start thinking clearly about how they will meet the requirements of the new Directive.”

The law change is being lead by the Department for Culture, Media and Sport. With Ed Vaizey commenting. “Businesses need to be working to address the way they use cookies. We recognize that work will not be complete by the implementation deadline. The government is clear that it will take time for meaningful solutions to be developed, evaluated and rolled out.”

Justice Minister Lord McNally said:
“A strong and independent Information Commissioner is vital to ensuring our personal data is kept safe, as well as keeping public bodies open to scrutiny. The government recently announced measures to enhance the ICO’s independence even further, by giving it more freedom to make corporate and operation decisions..

“As technology advances it brings new opportunities, but also new ways our data can be misused, which is why we have been gathering evidence on how the current data protection laws are working and considering ideas on how the current data protection regime can be improved.”

ICO seeking greater investigative and punitive powers

The Information Commissioner’s Office (ICO) is seeking to earn greater powers to help curtail the actions of those individuals and businesses which breach the terms of the Data Protection Act (DPA), through inadequate security, data loss or theft.

The latest news from within the organisation is that it will be requesting the ability to impose custodial sentences on offenders, rather than the current fines, which are the maximum applicable penalty for such an incident.

The ICO has been approached by the Ministry of Justice in order to provide it with details of how data protection legislation currently operates. It announced that there need to be greater deterrents in place to ensure that the private information of normal citizens is not being abused or handled irresponsibly by businesses and public sectors organisations.

In a statement, the ICO said that offences involving selling or bartering with sensitive personal data should be punishable by a prison sentence in the most extreme examples.

It explained that the circumvention of data protection policy within organisations was most regularly carried out by lone agents, but complained that the threat of fines was insufficient to prevent future loss or theft under the current DPA rulings.

As well as highlighting the inadequacy of fines in combating DPA breaches, the ICO said that its current investigative abilities are underwhelming and inappropriate for the task in hand, when it is asked to examine a particular organisation.

The ICO said that at the moment it is only able to investigate those directly involved in handling data if they allow it. As such, the Information Commissioner is said to be in the process of collecting evidence which indicates the frequency with which those responsible for data refuse to co-operate with an ICO investigation.

The ICO said that it is the private sector in which this refusal of involvement is most regularly found and, ideally, the Ministry of Justice will be convinced of this when it has been given the opportunity to look over the evidence provided in the coming weeks.

Data loss crisis may rise due to the recession

With recession slowly unfolding, a top data firm believes that the number of data loss incidents will increase this year. The number of reported data loss cases last year is supposed to have been the worst ever, and apparently the number will rise as the year progresses. Another shocking revelation is the number of people that will be affected globally will double by the end of the year hitting 190 million.

The economic downturn is believed to be the cause of the many data losses. Many companies are facing financial constraints on their corporate IT budgets and this is what will make them vulnerable to data loss risk. This forecast has been supported by a survey from a consultancy firm, which concluded that ensuring information security would be a problem due to lack of resources.

Recently the Information Commissioner of the UK called for new and more effective methods that would make companies ensure adequate security of all the data they are managing.

It has been advised to companies to invest in a more effective means of storing data. This method can be found in the form offsite data backup. This is because these remote sites are efficient at encrypting and protecting data. It is not expensive to use an offsite data backup service; this makes it possible for everyone to have a data backup which can protect their data.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal