After numerous warnings from the Information Commissioner’s Office, it was only a matter of time before fines would be issued for a breach or loss of data – a County Council and an employment agency are the first to feel the hit.

Hertfordshire County Council has been ordered to pay a fine of £100,000 for revealing details of a sex abuse case to a member of the public, and employment agency A4e has been fined £6,000 for losing a laptop which contained the unencrypted details of thousands of people.

Hertfordshire’s fine is for information revealed through fax messages, rather than more modern technology. On two occasions, the council sent faxes to the wrong recipients, revealing personal details of two sex abuse cases.

Meanwhile, a worker at Sheffield-based A4e had a laptop stolen from his home, where he had been working on records of 24,000 people who used legal advice centres in Hull and Leicester. The data was unencrypted, and the thief made an attempt to access it. A4e reported itself to the ICO, and notified people whose data might have been compromised.

As a leading IT security service provider, Imerja is ideally placed to help your business reduce this risk; from encryption of removable media such as laptops and mobile phones, to a fully monitored and managed service to ensure your network is protected around the clock, contact Imerja to see how we can help.

A recent report from Quocirca “You sent what? Linking identity and data loss prevention to avoid damage to brand, reputation and competitiveness“ revealed that 64 per cent of UK businesses are failing to use Data Loss Prevention products, ranking the UK behind France, Italy and Ireland.

Part of the difficulties facing companies is that there’s no starting point for the data that needs to be protected. “There are big discrepancies between industries,” said Quocirca director Bob Tarzey, “particularly related to the way that they perceive what data needs to be protected. For example, Finance is particularly interested in recognising personally identifiable data, while manufacturing companies are interested in securing intellectual property.”

Tarzey said that organisations should have a “compliance vision” in place. “Our survey showed that many organisations struggled with compliance.” He added that while governments and industries had put various compliance regimes in place. According to the report, organisations should be moving to a compliance-oriented architecture (COA) to help would help alleviate the problem of data loss and misuse.

Frost and Sullivan have written a white paper on the Check Point DLP solution which provides businesses with innovative technology that prevents intentional and unintentional breaches and educates employees to help prevent future incidents. You can read the whitepaper on the Imerja website.

From Tuesday 6 April, the Information Commissioner’s Office (ICO) will get enhanced powers to fine organisations up to £500,000 for serious breaches of the Data Protection Act. Previously the maximum fine was a paltry £5,000. The tougher measures will be imposed alongside compulsory audit notices to central government departments found culpable for data breaches. The new powers for the UK’s privacy watchdog are designed to deal with serious personal data breaches that arise through negligent behaviour. Precautions an organisation had previously applied as well as the circumstances of a breach will be taken into account in deciding a fine.

Revised guidelines state that the most severe fines will be imposed in cases where the “data controller has seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress”.

The enhanced powers for the ICO were approved by parliament three months ago. However a recent survey found that two thirds of 500 city workers (65 per cent) are still blissfully unaware that they could cost their organisation £500K if their actions cause a “deliberate or negligent” breach of personal data. The study, sponsored by Cyber-Ark Software, found that employers are often doing little or nothing to inform workers of important changes in UK data privacy rules.

The survey found that 64 per cent of those quizzed carry customer data on mobile devices, with only 12 per cent using encryption to protect data from prying eyes in the event of a loss. A further 50 per cent of mobile devices are protected only by basic password defences, and 38 per cent store sensitive data without any protection at all.

Check Point has recently written a white paper on the subject, you can view it on the Imerja website.