Print
Send to friend
RSS feedsHM Revenue and Customs, the body that so shamed the government earlier this year when it lost two CDs containing sensitive personal data, has reprimanded 600 members of its staff for similar issues over the last three years, according to comments made in the House of Commons.
Over the same period of time the body has had some eleven meetings with the Information Commissioners Office as the result of data security 'incidents', according to MP Jane Kennedy, who is secretary to the Treasury.
In 2005 the HMRC took action against 238 members of staff, in 2006 the number dropped to 180, and last year, Kennedy admitted, 192 staff, out of a total of some 90,000 were, "disciplined or dismissed for inappropriate access to personal or sensitive data."
Kennedy added that the HMRC has introduced new, much more stringent controls over the transfer of bulk data over the same period.
Vendors were quick to point out that there were readily available technical solutions to these and other, similar problems, many of which negate the risk altogether. "You cannot force employees to stop accessing sensitive data - people are only human and mistakes are going to be made. What organisations need is technology that makes the most of centrally managed IT policies and user-based remediation, so only employees with certain levels of authority can manipulate certain data," said Brian Spector, general manager of document management control software provider Workshare's content protection group.
See also:
Fundamentals of security and business continuity are being ignored, says BT 23 Apr 2008
While malicious attacks tend to grab the headlines, the prime causes of data breaches are usually more mundane 24 Apr 2008
Joint Committee on Human Rights criticises "lax standards" 14 Mar 2008
New solution from Applied can limit data loss 10 Mar 2008All Privacy & Data
del.icio.us
Digg this
reddit!
