Locks and Security News: your weekly locks and security industry newsletter
17th April 2019 Issue no. 453
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Encryption: the options available and how you can use them
If you have ever thought about the need for encryption but don't fully understand the different options available to you, the ICO's Group Manager for Technology, Simon Rice, has published a new blog to help you on your way www.ico.org.uk
The Data Protection Act (DPA) requires organisations that are storing personal information electronically to have appropriate measures in place to keep the information secure. If the loss of this information would cause damage and distress to those affected then we expect the information to be encrypted. If it isn't, then an organisation is not keeping the information secure and leaving themselves open to possible enforcement action.
Simon's blog provides an introduction into the different types of encryption available and how you can make them work for your organisation.
We have already issued penalties totalling £700,000 to organisations who have failed to properly encrypt their data. Getting encryption wrong can be a costly business, but one that can be easily resolved.
Small businesses warned about importance of encryption after latest penalty
A recent monetary penalty has served as a timely reminder to small businesses about the importance of encryption.
The penalty of £5,000 served on the Wembley-based loans company Jala Transport Limited, followed the theft of an unencrypted hard drive from the business owner’s car while it was stationary at a set of traffic lights in London. The drive included the personal information of all of the company’s approximately 250 customers including details of their names, dates of birth, addresses, the identity documents used to support the loan application and details of the payments made. The fine would have been much higher had it not been for the limited financial resources available to the company.
Our office advises organisations that they must encrypt information stored on portable devices where the loss of the data could lead to those affected suffering damage and distress.
Commenting on the case ICO Head of Enforcement, Stephen Eckersley, explained: “While the circumstances of this case are unfortunate, if the hard drive had been encrypted the business owner would not have left all of their customers open to the threat of identity theft and would not be facing a £5,000 penalty following a serious breach of the Data Protection Act.”
16th October 2013