| A
hard drive thought to contain the details of 1.7 million people
who enquired about joining the armed forces is currently missing.
Armed Forces Minister Bob Ainsworth has commented that the
MOD missing laptop incident has "illustrated the need
to continually review and enhance our (MOD) arrangements for
personal data". More extensive personal data may also
have been held with extra details of applicants’ personal
information such as next of kin details, passport and National
Insurance numbers, drivers' licence and bank details.
In September a camera was sold via popular
bidding site eBay complete with photos of secret information.
The camera was bought by an unnamed 28-year-old delivery man
from Hemel Hempstead for just £17. After content was
downloaded pictures of rocket launchers, log-in details for
the Secret Service's encrypted remote computer network marked
Top Secret and a hand-drawn diagram linking different, named
al-Qaeda cells including individual names and occupations
were found. Special Branch officers arrived at the man's home
and seized the camera and his computer. Officers also told
the family not to speak to the media.
The seriousness of data loss
The cabinet office official who left top
secret documents on a train in June is to be charged under
the Official Secrets Act. The man was on secondment from the
MOD when he left two highly classified documents on a train
from Waterloo, London. The documents were found and handed
over to the BBC before they then handed them over to the Police.
Although customer and client data may not
be kept on cameras or moved from one location to the other,
all the above examples show how a simple act of carelessness
can damage reputations and make headlines in the process.
Organisations need to be thinking about management of information
and how they train staff in best practice.
What are the implications for firms
in the regulated sector?
Financial services firms hold a great deal
of sensitive information about their customers and their financial
affairs. There are legal and regulatory considerations for
firms regulated by the Financial Services Authority (FSA)
which hold customer information.
Like all businesses they are bound by the
Data Protection Act. One of the principles of the DPA is that
information must be kept carefully. Aside from the reputational
damage, firms can face legal sanctions if they breach the
Act. Those firms which are regulated by the FSA face the additional
threat of regulatory sanctions.
Steps to a secure organisation
For any business, practical steps to train
everyone on basic information security need to be taken. This
should include I.T. security as well as physical security
measures, such as locking away sensitive information when
you are finished with it, not removing information from the
office and keeping a clear desk policy.
Make sure your organisation is fully
aware of the Data Protection Act and staff are aware of their
responsibilities under the Data Protection Act.
Key Subjects included within Absolutely Information Security
Training
- What is Information Security?
- Data Protection
- The rise of identity theft, fraud and electronic threats
- Using Personal & Corporate Systems Safely
- Physical Security
Reputational damage and
loss in faith in service can be detrimental to all public
sector organisations. A Public Sector focused version of the
course including expanded sections relating to legislation
relevant to public sector organisations is also available.
The course includes Public Sector detailed content on the
Freedom of Information Act (FoIA) and the Computer Misuse
Act (CMA).
Training Managers
can find out more and see course content at:
http://www.absolutelytraining.com/informationsecurity
|
