Cryptzone believes ICO financial penalties against two councils are unnecessary
Grant Taylor, VP of the IT threat mitigation specialist, comments, "There really is too much of this sort of thing going on across local government and allied agencies. People who handle highly sensitive personal information need to understand the real weight of responsibility that comes with keeping that data secure"
The Cryptzone VP went on to say that, whilst assisting staff with the correct training and having the right security policies in place is clearly a given, protecting data in the public sector is also about using some common sense.
Considering whether open or secure email is the appropriate communications medium, checking and double checking that the right recipients will receive the information - and measures like encryption and data minimisation - should be routine in all aspects of local government interactions, he explained.
Taylor says that, against this backdrop, he hopes these penalties send a clear message not just to those working in the social care and allied sectors, but any organisation dealing with sensitive personal information.
"The bottom line here is that the Information Commissioner takes this sloppiness seriously - and so should you. We've had more than 18 months of warnings against public sector bodies and that approach has not worked, monetary penalties are a regrettable measure of last resort," he said.
When public sector cuts threaten the quality of patient care, it becomes even more difficult to get IT security expenditure approved. However it is time that organisations woke up to the fact that IT security is the responsibility of everyone across all departments. When staff don't fully understand the correct IT policies and procedures and management ignore it when mistakes are made, the cost to organisations is much higher than the measures that would have avoided these ICO fines in the first place.
For more on Cryptzone: http://www.cryptzone.com
For more on the ICO monetary penalties against councils: http://bit.ly/rFis3m
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Was ist OPSEC?
Unter OPSEC (Operations Security) versteht man im IT-Umfeld die Summe von Prozessen und Strategien zum Schutz kritischer Daten. OPSEC basiert auf fünf iterativen Teilprozessen, die es nacheinander zu durchlaufen gilt. Ursprünglich stammt der Begriff OPSEC aus dem militärischen Bereich.Weiterlesen