A recent spate of data loss incidents in Wales has caused industry experts to call for greater measures to ensure the security of private data within the country. The complacency of some council workers and the inadequacy of data security precautions have been exposed by a number of recent data incidents. IT security advisor Jason Fitzgerald has added his voice to the general clamour for improvements in Welsh data protection.
A USB flash drive found in March 2009 was at the centre of the first of the current crop of incidents. It contained personal data, medical records and legal information relating to court cases handled by the Vale of Glamorgan Council. Later, in June, it was revealed that the Welsh Assembly had misplaced over 30 laptops and 16 mobile phones, including email-packed BlackBerrys over the last 36 months. Another flash drive was lost in July, this time by Neath Port Talbot council. None of the data lost was encrypted or even password-protected. That much of the data has pertained to vulnerable groups including children has further fuelled calls for improvement.
Fitzgerald indicates that the main problem caused by the data loss within Wales is not the potential use of the data by criminals but in fact the damage to the reputation of the government that any such public losses will inevitably cause. He also suggested that to combat data loss in the public sector it would be necessary to create security measures similar to those enforced by the PCI DSS.
Fitzgerald believes that the only way in which to ensure data security is to instigate controls over the data at all stages of its lifecycle. He believes that protection of private data in such a way falls under the Data Protection Act and as such should be taken seriously by both public and private organisations. It is argued that the only robust means by which to ensure data security is to encrypt it automatically, effectively removing responsibility from individual staff members.
Fitzgerald concludes by focusing on the importance of proper data backup systems for businesses and organisations of all types. It seems that regardless of region or industry, the need for improvement in data security and backup technology is on everyone’s mind.