Yesterday BBC news reported that a memory stick containing highly sensitive information about an ongoing police operation had been stolen from the home of a Greater Manchester Police officers’ home.
The memory stick was stolen from the officers’ home in Oldham, and the big question on every ones lips is, was the memory stick encrypted? BBC news suggests that it may have not been password protected and thus the chances of it being encrypted were slim.
Assistant Chief Constable Garry Shewan said that they were taking the matter incredibly seriously and commented:
“I also want to make it clear that any suggestion this memory stick contained lists of names of people who ‘tipped off’ police is inaccurate.”
“We know what is on the device because the officer has told us, and so far we have only had to speak to one member of the public whose personal information may have been compromised.”
However, whilst the policeman in question has been suspended and a frantic operation is underway to recover the memory stick, an underlying issue must be addressed: why in the first place was the memory stick taken home by the officer?
Data protection is an issue for every organisation, and none more so the police force. It is imperative that organisations not only ensure they have effective information security and data protection systems, but also that staff are trained in data protection. The human factor is often one of the biggest contributors to data breaches, loss and theft.
Every UK organisation has to comply with the Data Protection Act. Failure to do so, and breaches of the DPA can result in huge fines – up to £5000,000, brand damage and loss of business.
At IT Governance we offer a fantastic online training course for all employees who process personal information in their daily job.
Reduce your risk of a data breach by increasing DPA awareness amongst your staff.