Cryptzone believes ICO financial penalties against two councils are unnecessary

Göteborg, (PresseBox) - Cryptzone understands why the Information Commissioners Office deems it necessary to impose fines against North Somerset Council and Worcestershire County Council after staff at both authorities sent highly sensitive personal information to the wrong recipients. However, says Cryptzone, this action would be unnecessary if councils were putting the right security controls in place and taking action when policy violations take place.

Grant Taylor, VP of the IT threat mitigation specialist, comments, "There really is too much of this sort of thing going on across local government and allied agencies. People who handle highly sensitive personal information need to understand the real weight of responsibility that comes with keeping that data secure"

The Cryptzone VP went on to say that, whilst assisting staff with the correct training and having the right security policies in place is clearly a given, protecting data in the public sector is also about using some common sense.

Considering whether open or secure email is the appropriate communications medium, checking and double checking that the right recipients will receive the information - and measures like encryption and data minimisation - should be routine in all aspects of local government interactions, he explained.

Taylor says that, against this backdrop, he hopes these penalties send a clear message not just to those working in the social care and allied sectors, but any organisation dealing with sensitive personal information.

"The bottom line here is that the Information Commissioner takes this sloppiness seriously - and so should you. We've had more than 18 months of warnings against public sector bodies and that approach has not worked, monetary penalties are a regrettable measure of last resort," he said.

When public sector cuts threaten the quality of patient care, it becomes even more difficult to get IT security expenditure approved. However it is time that organisations woke up to the fact that IT security is the responsibility of everyone across all departments. When staff don't fully understand the correct IT policies and procedures and management ignore it when mistakes are made, the cost to organisations is much higher than the measures that would have avoided these ICO fines in the first place.

For more on Cryptzone: http://www.cryptzone.com

For more on the ICO monetary penalties against councils: http://bit.ly/rFis3m

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Was ist OPSEC?

Un­ter OPSEC (Ope­ra­ti­ons Se­cu­ri­ty) ver­steht man im IT-Um­feld die Sum­me von Pro­zes­sen und St­ra­te­gi­en zum Schutz kri­ti­scher Da­ten. OPSEC ba­siert auf fünf ite­ra­ti­ven Teil­pro­zes­sen, die es nach­ein­an­der zu durchlau­fen gilt. Ur­sprüng­lich stammt der Be­griff OPSEC aus dem mi­li­täri­schen Be­reich.

Weiterlesen

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.


I want to subscribe to the gratis press mail and have read and accepted the conditions.