Heathrow Airport Limited has been hit with a fine of £120,000 after a USB lost by an employee was found by a member of the public. It was then handed to a national newspaper, with copies being made of all the data before it was handed back.
The USB contained 76 folders and over 1,000 files, none of which were password protected. Although only a small percentage could be classed as personal and sensitive data, that small percentage was a big concern given their nature.
Airport security is notoriously high profile, whilst seen as a small headache when travelling, we all understand the importance of it. Surely, with security so ingrained in the DNA of airport processes, this should be extended to the handling of data. However, it transpired after the ICO investigation that only 2% of the 6,500 strong-workforce had been trained in data protection.
So, other than the obvious improvements in training, what else could have been done to prevent this? After all, many of us are guilty of misplacing a USB (hopefully, not in a case as severe of this).
One option is to go down the same route as IBM and ban USB sticks completely. This is quite a common move with plenty of tools available to support the enforcement of this.
You can ensure that only the relevant people have access to sensitive data. This should be common practice as part of a wider data protection policy. However, with this comes the challenge of understanding your entire data estate.
Fortunately, there are tools available to support in this. Namely, RiskView. This tool is designed to simplify the analysis of your data estate and associated risks. It is being used right now across a variety of industries, covering a broad scope of data protection. To learn more, check out RiskView today and arrange your free trial or schedule a demo.View More Articles
- 12th September 20192019 on track to be the “worst year on record” for data breach activity
- 10th September 2019Leaving the EU: Brexit and GDPR
- 9th September 2019Data Breaches: Did you know?
- 5th September 2019What should you do if your data has been breached?
- 3rd September 2019GDPR was just the beginning
- 14th August 2019The dangers of Subject Access Requests
- 12th August 2019Is GDPR now being taken more seriously?
- 5th August 2019The financial impact of Subject Access Requests
- 1st August 2019DDC AS Launches SmartRedact
- 31st July 2019Don’t be blindsided by your organisations handling of data