Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

giovedì 16 febbraio 2012

Third ICO fine in per week after sensitive information widely distributed by webmail

The Information Commissioner's Office (ICO) has issued a 3rd fine in two days to a council.

After fines were issued on Monday to Croydon Council (£100,000) and Norfolk County Council (£80,000) for separate cases of lost personal details, the ICO has now issued a very good of £80,000 to Cheshire East Council after an email with sensitive details was sent to the inaccurate person.

According to the ICO, the "serious" breach of the knowledge Protection Act occurred in May 2011 when a council employee was asked to alert local voluntary workers to a police force's concerns about a person who was working within the area.

However, in place of sending an email via the council's secure system, the worker sent it to the local voluntary sector co-ordinator via her personal email account because the co-ordinator didn't have access to the secure system.

The email contained the name and an alleged alias for the person in addition information regarding the troubles the police had about him. This was forwarded by the co-ordinator to 100 intended recipients.

Also, because the email didn't have any clear markings or advice on the way it was to be treated, the recipients interpreted the wording of the message to intend that they too should forward the e-mail to other voluntary workers. This meant that the e-mail was sent to 180 unintended recipients; an try to recall the e-mail resulted in 57 per cent of the recipients confirming they had deleted the knowledge.

Stephen Eckersley, head of enforcement on the ICO, said: “While we appreciate that it is very important for genuine concerns about individuals working inside the voluntary sector to be circulated to relevant parties, a sturdy system need to be installed place with the intention that information is appropriately managed and punctiliously disclosed.

“Cheshire East Council also did not provide this actual employee with adequate data-protection training. The highly sensitive nature of the ideas and the necessity to restrict its circulation must have been made clear to all recipients.”



Pubblicato da alle 09:07

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)