The UK watchdog Information Commissioners Office has recently slapped the police authorities with a $200,000 penalty after they were found guilty of a serious data breach. This is how it happened.
Greater Manchester Police was called to account after an investigation carried out by the Information Commissioners Office. The investigation was prompted by the theft of a memory stick which contained sensitive personal information from an officer’s home. It turned out that the memory stick had no password protection and was carrying the information about over a thousand people, as well as the links to serious crime investigations.
During the investigation, the ICO found out that some of the police officers were using unencrypted memory sticks on a regular basis. The watchdog came to a conclusion that these memory sticks might also have been used to copy data from police machines to access away from the office.
Information Commissioners Office claimed it was time for the police to learn its lessons, because this case wasn’t the first one. There was a similar security breach two years ago, when the police was found to have neglected to either put restrictions on downloading data or provide a sufficient training to the employees in information protection. As a result, the watchdog imposed a fine of $250,000, but the police force paid it right away and got a 20% early payment discount, which made it $200,000.
According to the ICO Director of Data Protection, it should be obvious to the police authorities that the type of data stored on its machines means that they need proper information security. But the force failed to realize this and caused a serious data breach instead.
Greater Manchester Police was called to account after an investigation carried out by the Information Commissioners Office. The investigation was prompted by the theft of a memory stick which contained sensitive personal information from an officer’s home. It turned out that the memory stick had no password protection and was carrying the information about over a thousand people, as well as the links to serious crime investigations.
During the investigation, the ICO found out that some of the police officers were using unencrypted memory sticks on a regular basis. The watchdog came to a conclusion that these memory sticks might also have been used to copy data from police machines to access away from the office.
Information Commissioners Office claimed it was time for the police to learn its lessons, because this case wasn’t the first one. There was a similar security breach two years ago, when the police was found to have neglected to either put restrictions on downloading data or provide a sufficient training to the employees in information protection. As a result, the watchdog imposed a fine of $250,000, but the police force paid it right away and got a 20% early payment discount, which made it $200,000.
According to the ICO Director of Data Protection, it should be obvious to the police authorities that the type of data stored on its machines means that they need proper information security. But the force failed to realize this and caused a serious data breach instead.
No comments:
Post a Comment