The Information Commissioner has issued two local councils with fines after they sent highly sensitive personal information to the wrong recipients.
Worcestershire County Council was fined £80,000 after an incident in March and North Somerset Council £60,000 after a series of incidents in November and December of last year. In both cases the councils had appropriate policies and procedures in place, however they had both failed to ensure that staff had received relevant staff training.
Christopher Graham, the information commissioner commented:
“It is of great concern that this sort of information was simply sent to the wrong recipients by staff at two separate councils…. There is too much of this sort of thing going on across local government. People who handle highly sensitive personal information need to understand the real weight of responsibility that comes with keeping it secure.”
In a period where public spending is in decline, you cannot afford to be hit with a fine of up to £500K! For cost-effective avoidance, look no further than the IT Governance DPA Staff Awareness e-learning Course:
|DPA Staff Awareness e-Learning
|This DPA Staff Awareness e-learning course is the most cost-effective way to ensure your staff know their DPA responsibilities and how to handle sensitive information.|
As data breaches and data incidents are often caused by individuals, regardless of the security systems you have in place, staff training is essential. The fantastic DPA staff awareness e-Learning Course is non-technical and a quick and effective means of delivering staff DPA training.
- Provide a consistent message to all staff
- Teach your staff about the key concepts of the DPA
- Retain records of completion and training
- Systematically train everyone at a low individual cost
Don’t run the risk of a huge fine from the ICO.
Recent research has also shown that 25.9% of data breach cases, which led to the ICO extracting an undertaking from the organisation concerned, was a result of lost or stolen USB devices that were unencrypted. You should replace all USB sticks within your organisation with Safestick – a hardware encrypted USB stick that is CESG-approved.