Tuesday 28 January 2014

V3 Storage Summit: ICO warns firms of storage security issues to avoid £500,000 fine

padlock laptop
The Information Commissioner’s Office (ICO) has urged businesses to ensure they consider all possible issues that could affect data storage, to ensure they avoid falling foul of the Data Protection Act and paying a fine of up to £500,000.
Speaking to V3, group manager for technology at the ICO Simon Rice said trends such as cloud computing, bring your own device and mobile device use mean there is more to consider than ever before with data storage.
“Breaches are happening and there is no reason to suggest that, as people become more mobile or use different devices, those kinds of breaches will stop occurring. In fact they may well increase,” he said.
“The theft of devices is horrendous if you look at the number of iPhones stolen in London on a daily basis for example. These things will happen to your organisation and it’s not a matter of just thinking ‘we’ll be fine’, but about being prepared.”
In particular, Rice cited the age-old issue of encryption as a good first measure that firms must consider when assessing their data storage requirements.
“Data storage issues around laptops, USBs, mobiles and tablets features heavily in our work and in many cases it could easily be avoided if data was encrypted. It’s not the be all and end all, but it is a good first step,” he said.
Rice added that education and user awareness is also vital. “You need to explain to employees what the risks are of using devices for storing work data or working from home and how they are accessing data.”
Ultimately firms must accept that dealing with data storage in the current era, from a security point of view, is not easy and requires hard work.
“Organisations need to appreciate that technology is difficult and that the marketing tells you it’s great, and in many ways it is, but it’s not something you can just forget about,” he said.
“It’s like having a company car. You wouldn’t have that serviced once and never looked at again: you’d get it looked at regularly. Security tools and policies need the same approach to make sure it’s working for you and your staff.”
The warnings come as organisations of all types continue to fall foul of data protection regulations. The ICO reprimanded the Royal Veterinary College when an employee lost passport photos stored on their own digital camera.
Another incident saw a sole trader fined £5,000 for failing to encrypt data stored on a hard drive that was stolen from the boot of a car while it had stopped at traffic lights. The variety of the incidents underlines the need for businesses to consider storage issues from every possible angle.

No comments:

Post a Comment