Council fines will not act as a sole deterrent, to prevent data breaches

Fining councils or businesses for not following policies, in light of data breaches, will not deter incidents occurring in the future, and does nothing to enforce best practice, according to Oscar Arean, technical operations manager at Databarracks.

  • 11 years ago Posted in

In light of the news that Glasgow City Council has been fined £150,000 for losing two unencrypted laptops, Arean states that the fines will do little to reassure the public that confidential data is being handled in a secure manner, and, that basic practices are in fact simply being ignored.


“The incident involving Glasgow City Council is quite staggering, and it is concerning to think that the public’s personal information can be mishandled in such a careless manner. When reading into the details behind the loss, it’s clear that fundamental mistakes were made that were very easily avoidable.


“In the first instance, encrypting laptops should be standard practice when it comes to data protection, alongside other access control and protection measures such as backups. The real question, however, is why are copies of thousands of records being stored locally on laptops in the first place, particularly with sensitive public data at stake? Surely, businesses and local government departments should be deploying preventive measures that stop confidential data being transferred easily and at such a large scale, with what appears to be such ease?”


Arean continues: “There needs to be a duty of care whenever handling, holding, or storing confidential data, in order to ensure that it is protected and made accessible only to those that need it, as and when it is required. “Controls also need to be initiated to allow only the right person, with the right level of access, to get hold of the information.


Arean concluded: “The focal point must now be to ensure incidents like this do not happen again, starting off by addressing the systems and tools in place. If you are able to copy large numbers of records onto mobile devices or laptops, then you are making it far too easy for similar episodes to occur again and again.


“While it’s expected that an internal review will take place into what went wrong with Glasgow County Council, with processes put in place to ensure laptops are checked for encryption, this can’t be the sole fallout. Incidents and breaches of this nature have been occurring for years, and lessons never seem to be learnt. Controls need to be implemented in order to prevent large numbers of records being copied onto laptops in the first place.”
 

Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Infinidat has achieved significant milestones in an aggressive expansion of its channel...
Nearly all senior business decision-makers (96%) surveyed report data strategies as essential to...
SharePlex 10.1.2 enables customers to move data in near real-time to MySQL and PostgreSQL.
NetApp extends its collaboration to accelerate Ducati Corse’s digital transformation and deliver...
Partnership to be featured at COP26, highlighting how data-driven solutions and predictive...
Next-Gen solutions to deliver market-leading enterprise cloud scalability, cyber resilience and...
he EMEA external storage systems market value was up 3.3% year on year in dollars but down 5.5% in...