Ely, England, 28 November 2011 – ITGovernance Ltd, the one-stop-shop for information security and data protection compliance products, is reminding organisations that failure to encrypt confidential data, stored on USB sticks and laptops, is a breach of the Data Protection Act (DPA).
A recent report from Big Brother Watch uncovered ‘more than 1,000 incidents across 132 local authorities, including at least 35 councils which have lost information about children and those in care’. A total of 435 of these cases involved the loss or theft of unencrypted USB sticks, laptops or mobile devices.
Speaking to the SCO Online, the ICO’s Acting Head of Enforcement, Sally Anne Poole, stated that the ICO’s position on encryption is clear:
“All personal information – the loss of which is liable to cause individuals damage and distress – must be encrypted. This is one of the most basic security measures and is not expensive to put in place – yet we continue to see incidents being reported to us. This type of breach is inexcusable and is putting people’s personal information at risk unnecessarily”.
Data protection and compliance experts, IT Governance, recommend the use of the CESG-approved SafeStick which is an enterprise-level secure USB with encryption hardware. It is the preferred government and enterprise USB stick, and the one chosen by the UK's National Health Service (NHS), with over 1 million already in use.
The SafeStick makes it easier for organisations to ensure that their confidential data is protected. It includes lockdown protection and remote wipe, so confidential data will never be exposed. Moreover, any personal information saved on it is protected, as required by the DPA.
The encryption function of the SafeStick is also in line with the ISO27001 control A.10.7.1. It specifically deals with management of removable media and any organisation implementing this control must (amongst other things) use encrypted memory sticks.
Organisations can order the SafeStick online here: www.itgovernance.co.uk/products/3641. Bulk volumes can be purchased directly from the friendly and helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make purchases with a purchase order either by telephone, or by e-mail to firstname.lastname@example.org.