Heathrow Airport Limited has been hit with a fine of £120,000 after a USB lost by an employee was found by a member of the public. It was then handed to a national newspaper, with copies being made of all the data before it was handed back.
The USB contained 76 folders and over 1,000 files, none of which were password protected. Although only a small percentage could be classed as personal and sensitive data, that small percentage was a big concern given their nature.
Airport security is notoriously high profile, whilst seen as a small headache when travelling, we all understand the importance of it. Surely, with security so ingrained in the DNA of airport processes, this should be extended to the handling of data. However, it transpired after the ICO investigation that only 2% of the 6,500 strong-workforce had been trained in data protection.
So, other than the obvious improvements in training, what else could have been done to prevent this? After all, many of us are guilty of misplacing a USB (hopefully, not in a case as severe of this).
One option is to go down the same route as IBM and ban USB sticks completely. This is quite a common move with plenty of tools available to support the enforcement of this.
You can ensure that only the relevant people have access to sensitive data. This should be common practice as part of a wider data protection policy. However, with this comes the challenge of understanding your entire data estate.
Fortunately, there are tools available to support in this. Namely, RiskView. This tool is designed to simplify the analysis of your data estate and associated risks. It is being used right now across a variety of industries, covering a broad scope of data protection. To learn more, check out RiskView today and arrange your free trial or schedule a demo.View More Articles
- 15th July 2019Third Party Data Protection
- 10th July 2019Two Fines in Two Days – ICO Plans to Fine Marriot £99m
- 10th July 2019ICO Issues A Record Fine for BA
- 2nd July 2019Do You Have True Visibility of Your Data?
- 18th June 2019Reduce Your Exposure to a Data Breach
- 15th May 2019Organisations Relationship with Cybersecurity and their Workforce – In Scope
- 9th May 2019Subject Access Requests
- 1st May 2019Data Discovery
- 26th April 2019Defence In Depth
- 23rd April 2019IT Systems Impact On Staff Wellbeing