Joe Public received a double ‘slap-to-the-face’ in light of the news that Glasgow City Council has been fined £150,000 for losing two unencrypted laptops, according to Simon Bain, CTO of Simplexo.
The fallout means not only the loss of 20,000 members of the public’s personal data, including over 6,000 individuals' bank account details, but also the added insult of having to pick up the £150,000 fine.
Bain states that careless incidents such as this are incomprehensible, and ultimately, greater responsibility towards public data needs to be demonstrated by councils:
“The initial loss of the laptops demonstrated a complete lack of respect for the public and their personal information, and while the council was rightly reprimanded I can’t help but feel that the fine is simply a slap-in-the-face for the public, as they are the ones who will pick up the tab!
“It’s all well and good councils standing up and holding their hands up to say sorry but they are not the ones suffering. I’m sure that processes are being put in place to ensure this does not happen again but if truth be told how many chances do they need? The Information Commissioner’s Office (ICO) also identified that a further 74 unencrypted laptops had gone missing – this goes beyond unforgiveable and is in fact incredibly scary.
“Ultimately, a greater understanding of data security is needed. These organisations need to focus on the critical control points within their IT infrastructure and where vulnerable data within their systems lie. From this, processes need to be administered as to how data can be protected and how systems can be evaluated and tested to ensure they remain secure.”
Bain continued: “It’s clear to me that the current controls in place aren’t working. If you look at firewalls and tokens for authentication, they are easily by-passable – too much reliance is placed on them, with many firms failing to encrypt the data stored in online databases and laptops. To tackle this we’ve created a way for all database records to be fully encrypted while remaining searchable. This means that there are now no excuses for not having data, stored in your databases, encrypted.”
Bain concluded: “The focal point to consider in all of this, is that local councils and public sector organisations need to stop saying sorry for their mistakes and actually pay for them themselves. The fine issued by the ICO represents nothing more than a slap on the wrist. The public needs confidence that their data is protected and unfortunately, this is in short supply. Education, understanding and investment are essential.”