Heathrow Airport Limited has been hit with a fine of £120,000 after a USB lost by an employee was found by a member of the public. It was then handed to a national newspaper, with copies being made of all the data before it was handed back.
The USB contained 76 folders and over 1,000 files, none of which were password protected. Although only a small percentage could be classed as personal and sensitive data, that small percentage was a big concern given their nature.
Airport security is notoriously high profile, whilst seen as a small headache when travelling, we all understand the importance of it. Surely, with security so ingrained in the DNA of airport processes, this should be extended to the handling of data. However, it transpired after the ICO investigation that only 2% of the 6,500 strong-workforce had been trained in data protection.
So, other than the obvious improvements in training, what else could have been done to prevent this? After all, many of us are guilty of misplacing a USB (hopefully, not in a case as severe of this).
One option is to go down the same route as IBM and ban USB sticks completely. This is quite a common move with plenty of tools available to support the enforcement of this.
You can ensure that only the relevant people have access to sensitive data. This should be common practice as part of a wider data protection policy. However, with this comes the challenge of understanding your entire data estate.
Fortunately, there are tools available to support in this. Namely, RiskView. This tool is designed to simplify the analysis of your data estate and associated risks. It is being used right now across a variety of industries, covering a broad scope of data protection. To learn more, check out RiskView today and arrange your free trial or schedule a demo.View More Articles
- 22nd November 2019Why Aren’t HR Managers Prioritising Employee Data Security?
- 14th November 2019Thousands Of Drivers’ Social Security Numbers Exposed In Data Breach
- 11th November 2019Multinational Cyber Security And Defence Company Suffers Insider Data Breach
- 14th October 2019Data: Defining or Divisive
- 12th September 20192019 on track to be the “worst year on record” for data breach activity
- 10th September 2019Leaving the EU: Brexit and GDPR
- 9th September 2019Data Breaches: Did you know?
- 5th September 2019What should you do if your data has been breached?
- 3rd September 2019GDPR was just the beginning
- 14th August 2019The dangers of Subject Access Requests