Network Endpoint Security News - Watch Your End

The UK Information Commissioner is to be given sweeping new powers to fine those in Whitehall and private companies who deliberately or recklessly lose confidential personal information, Jack Straw, the justice secretary, disclosed yesterday.
The level of fines, which is still being negotiated, could in the worst cases run to millions of pounds.

Straw is also considering a ban on the sale of information from the electoral register, after more than 1,600 complaints to the information commissioner about the online misuse of people’s details. They included a police officer whose family’s name and address, along with a map to their house, appeared on a website, along with details of somebody who had been a victim of identity fraud.

Richard Thomas, the Information Commissioner, has said the ready availability of so much personal information is a threat to privacy, and sometimes to security.

A new survey released by the IT Compliance Policy Group has pointed to a direct link between an organization’s success at IT and corporate compliance and the number of security breaches they suffer.

According to the research, which looked at 2,000 different companies, those with 10 or more audit deficiencies will have at least 12 data security breaches in the year. Companies with two or fewer compliance deficiencies annually are likely to have two or fewer data losses or thefts in the same time period, according to the report

News emerged yesterday of two separate data losses that will once more leave UK Goverment agencies red-faced. In Northern Ireland, the Driver & Vehicle Agency (DVA) admitted that it had lost 6,000 driver records on two discs being sent to the agency’s headquarters in Swansea. The DVA confessed that the data had not been encrypted and included details of 7,685 vehicles and more than 6,000 vehicle keepers.

The data includes the keeper’s name, address, registration mark of the vehicle, chassis number, make and colour.

In a separate incident Finance Secretary John Swinney will today tell MSPs how a package containing details of 200 people went missing temporarily. The package containing pension benefit statements was lost after being sent from the Scottish Public Pensions Agency to NHS Greater Glasgow on October 26.

Following the data loss debacle at Her Majesty’s Revenue and Customs in the UK, the government has admitted that it will consider revising the 1998 Data Protection Act in an effort to ensure such a large-scale security breach does not happen again.

The Ministry of Justice has now confirmed that the review - to be carried out by information commissioner Richard Thomas and Mark Walport, director of medical research charity the Wellcome Trust - will consider whether there should be changes to the way the Data Protection Act works.

The incident has also prompted calls for a review of proposed information sharing legislation, which would enable government agencies to share more data about UK citizens.

The UK’s Information Commissioner, Richard Thomas, has described the lack of security measures put in place by banks, government departments and other bodies as “frankly horrifying”. He has called on those at the top to be accoutable for the IT secruity measures across their wider organizations.

In the past 12 months, the Information Commissioner’s Office (ICO) has dealt with more than 24,000 complaints and prosecuted 16 individuals and organizations. According to the ICO’s annual report, more than a third of complaints concern a likely data breach.

Organizations currently under investigation by the ICO include top high-street banks, retail giants and telecoms providers.