As more and more employees of companies work mobile or from home, employers need to be more aware of the impact that data security breaches can have.
The Information Commissioners Office (ICO) has recently fined Aberdeen City Council £100,000 as a result of such a breach. The breach resulted in sensitive data being published on-line.
An employee at the council working from home accessed material from the councils computer system remotely. Unbeknown to the employee their home computer (which was second hand) had a file transfer system installed on it which allowed documents to be uploaded to a website. The information related to the care of venerable children in the area. This was on-line for three months before another employee of the council found it on the internet.
The ICO found that the council had no relevant home working policy in place. Neither did it have the appropriate hardware/software measures in place to ensure data could not be downloaded from their system and published on the internet for all to see.
The Assistant Commissioner for Scotland at the ICO noted that- “As more people take the opportunity to work from home, organisations must have adequate measures in place to make sure the personal information being accessed by home workers continues to be kept secure.”
“In this case Aberdeen City Council failed to monitor how personal information was being used and had no guidance to help home workers look after the information.”
Following the ICO’s finding the council are now putting the appropriate measures in place.
Organisations should be aware of the risk of data breaches in our ever advancing technological age. They also need to realise that breaches of data are taken very seriously by the ICO and are demonstrated by the afore mentioned example. In this case the fine was £100,000 but the ICO can fine up to £500,000, an amount of money that could put many companies out of business.
Employers should provide adequate security measures to safe guard information. Employees should be trained about the Data Protection Act to ensure that they are aware of the rules.
Recycling Your IT is registered by the ICO for data protection (No. PZ2793518) and also registered with the Environment Agency for Data destruction/shredding. (GH0610YU)
Call us today on 01279 215000 to find out how we can help you dispose of your IT equipment in a socially responsible way. |