Author: Andrew Frowen | Total views: 49 Comments: 0
Word Count: 565 Date: Tue, 17 Mar 2009 4:28 PM

Security Breaches Highlight Need For Effective Data Security For Firms Handling Sensitive Data

In March 2009, a BBC Wales investigation revealed that serious data security breaches have occurred at three of the four Wales police forces. The breaches were revealed when BBC Wales made Freedom of Information (FOI) requests to the four Wales forces: Dyfed-Powys Police, North Wales Police, South Wales Police, and Gwent Police. Three of the forces responded with details of the breaches, while South Wales Police refused to release information on the grounds that it would be too expensive to administer.

The breach at Gwent Police involved the loss in May 2007 of a data CD containing the details of 2,319 victims of crime. The data included names, addresses and contact details for victims of offences such as theft and burglary. The data CD was sent in a sealed envelope to a company who carry out satisfaction surveys on behalf of the force, but when the envelope was opened the CD was not there and subsequent searches failed to locate it. It is understood that the unmarked CD was password protected but press reports vary as to whether the data was encrypted.

North Wales Police revealed four incidents where staff had access to police computer systems without authorisation and six incidents of unauthorised or accidental disclosure of personal details. At Dyfed-Powys Police, it was revealed that sensitive information regarding a member of the public had been accidentally sent to an unrelated person after a paperwork mix up. The force also reported six separate incidents of employee computer misuse where staff had inappropriately accessed personal records, leading to the dismissal of one member of staff.

For a company to be compliant with the Data Protection Act, they must ensure that appropriate measures are taken to guard against unauthorised or unlawful access to or use of personal data. Speaking to the BBC, Assistant Information Commissioner for Wales Anne Jones said "We will be contacting the relevant authorities to establish the facts and where necessary, we will not hesitate to take enforcement action."

According to a recent report from Audit, Tax, and Advisory group KPMG there were 427 incidents of data loss in 2008 worldwide, affecting 92 million people. The KPMG Data Loss Barometer report also predicted that this figure would soar to 190 million in 2009. According to KPMG Partner Malcolm Marshall, "Data loss trends are set to increase through 2009. With increasing economic pressures creating budget constraints, companies will be more vulnerable to the risk of data loss and their consequences."

"We anticipate an increase in the number of malicious data theft attempts," he added. "The organisations that will be most severely affected are those who share most data with external providers and other third parties."

The breaches revealed by BBC Wales highlight the importance of strong and well enforced data security guidelines for any firm dealing with sensitive data. The guidelines should control the way in which staff access and use sensitive data and address the transport and management of data offsite to minimise the risk of theft or accidental loss. Steps should also be taken to carefully monitor employee computer use in order to swiftly detect incidents of unauthorised action. Where such actions are uncovered, firms must be sure to publicly enforce guidelines, which may involve calling in computer forensic experts to recover evidence of such actions that may be used in a court of law or employment tribunal.

About the Author

IntaForensics a BS EN ISO 9001:2000 registered firm providing Computer Forensics, Expert Witness, Mobile Phone Forensics, and Forensic Data Recovery to the Legal Sector, Police Forces, Local Authorities and Commercial organisations internationally. Visit Computer Forensics for further information.

Rate, comment or bookmark this article

Seed Newsvine

Bookmark this article in your preferred program

Comments

No comments posted.

Add Comment

HTML code

Popular Articles in this cathegory

1: Beware The Anti Virus Scanner Scam!

Certain anti virus programs are not what they seem to be. Some of them are nothing more than elaborate ways to steal precious personal information from the unwary. Do you know how to spot them?

2: Importance of Network Security System

In today's technologically advanced world, computers play a dominant role. No matter you are at work, in studies at college or school, or just enjoying a leisurely time in your home, it is certain that you may either switch on your computer or any other related state of the art devices. The importance of computer is further enhanced by increased usage of the internet.

Regardless of your business sector size of your company, employee theft has happened and will occur in the future. Theft can be in the form of proprietary information, data, company supplies (not a pen), cash, stock manipulation, and the list is endless. However there are some common covenants that should be in place. Policy and procedure is important to running a small business or multimillion dollar corporation. They are the rules of the road. There cannot be a more important set of guidelines than how employee theft is handled within the company. Here are some suggestions regarding employee theft awareness, investigations and prevention. All policies should be reviewed by a Human Resource professional and a Labor Attorney before implementation.

4: The Dirt On MySpace's & Facebook's Safety, Security & Privacy

The safety, security & privacy issues of MySpace and Facebook are closely examined and some disturbing trends are revealed.

5: Your Computer Is Running A Little Slow

A great way to find and remove spyware is to run a spyware detector and remover, because most spyware detection and removal software today offers a free scan to verify that you do or do not have spyware on your computer.

This article is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.