News

ONR loses unencrypted USB memory stick

Published on 21 February 2012.

A memory stick belonging to the ONR has been lost in a data security breach.

An internal investigation has been launched following a data security breach at the Office for Nuclear Regulation (ONR).

The BBC reports how an employee lost an unencrypted USB pen drive that contained information about a nuclear site in north-east England.

Although the memory stick did not contain “significantly sensitive” data, it did feature a stress test safety assessment of the Hartlepool plant.

An ONR spokesman explained how a most of the details are now in the public domain and so the real issue is why the device contained the information.

“The use of unencrypted USB pen drives is not permitted by ONR for transporting documents with a security classification.

“An internal investigation has been undertaken by ONR,” the representative stated.

The ONR is an agency of the Health and Safety Executive and aims to protect society from the hazards of the nuclear industry by ensuring compliance with relevant legislation.

Posted by Otto Greenberg

WeeeCare wins Hampshire recycling contract

Published on 20 February 2012.

Hampshire County Council has announced WeeeCare as the new company responsible for WEEE recycling across the region.

The recycling of waste electrical and electronic equipment (WEEE) in Hampshire is to be dealt with by WeeeCare under a new contract.

According to letsrecycle.com, the local council has awarded the company a five-year deal to treat the WEEE collected at 26 household recycling centres in the county.

More than 7,500 tonnes of waste electrical items are expected to be handled by the organisation each year.

Councillor Mel Kendal, executive member for environment and transport, said: “We are pleased to be working with WeeeCare as their processes and commitment to responsible recycling match our own aspirations to ensure as much household waste as possible is recycled or reused.”

Among the items that will be collected are laptops, fridges, freezers, TVs and small goods like mobile phones.

Along with WEEE, WeeeCare deals with hazardous, chemical, packaging, battery, fluorescent tube, printing and dry cleaning waste products removed from homes and businesses.

Posted by Salma Davidson

ICO issues £80k fine to Cheshire East Council

Published on 17 February 2012.

Cheshire East Council has been prosecuted following a serious breach of the Data Protection Act.

Data security failures by Cheshire East Council have led to the body being issued with a £80,000 fine by the Information Commissioner’s Office (ICO).

The local authority was found to have been in serious breach of the Data Protection Act when an email containing sensitive information was circulated to 180 unintended recipients.

A council employee sent the original email from a personal account and outlined information about an individual working in the area, who the police force were monitoring.

Head of enforcement Stephen Eckersley acknowledged that it is “vitally important” for genuine concerns about people in the voluntary sector to be circulated to relevant parties.

However, he added: “A robust system must be put in place to ensure that information is appropriately managed.”

Elsewhere, the ICO recently fined Powys County Council £130,000 for releasing details of a child protection case to the wrong recipient after two reports were mistakenly mixed up.

Posted by Otto Greenberg

Laptop theft leads to fears of security breach

Published on 15 February 2012.

Customers of an Irish telecommunications company have been warned about a possible data security breach.

Irish company Eircom has warned of a potential data security breach after three laptops were stolen.

Unencrypted information was held on the devices putting a 6,845 customers’ details at risk.

Two laptops were stolen from the organisation’s Parkwest Offices in Dublin, between December 28th and January 2nd, with the third taken on December 19th from an employee’s home.

Eircom has claimed most of the data held on the devices were the names, addresses and telephone numbers of eMobile and Meteor customers.

However, other more sensitive information included passport and driving licence details needed to support applications.

Data protection commissioner Billy Hawkes criticised the company for being slow to inform the Irish Data Protection organisation of the breach.

“Our normal delay in getting reports in is 24 – 48 hours, which is our guideline for reports of such incidents,” he stated.

Eircom is the principal provider of fixed-line telecommunications services in Ireland.

Posted by Salma Davidson

ICO hands 2 councils £180k fine for security breach

Published on 14 February 2012.

A data security breach has led to two councils receiving a fine totalling £180,000.

Croydon Council and Norfolk County Council have been fined a total of £180,000 for data security breaches pertaining to the welfare of children.

The Information Commissioner’s Office (ICO) found the pair guilty of failing to keep highly sensitive details secure.

Head of enforcement Stephen Eckersley commented: “While both councils acted swiftly to inform the people involved … this does not excuse the fact that vulnerable children and their families should never have been put in this situation.”

A £100,000 penalty was handed to Croydon local authority after a bag of papers relating to the care of a child sex abuse victim was stolen from a pub.

Meanwhile, the disclosure of information about allegations of parental failure in a child’s welfare to the wrong recipient led to Norfolk County Council receiving an £80,000 fine.

The news comes after the Information Commissioner Christopher Graham recently reminded local authorities it is their responsibility to ensure they keep people’s personal details secure.

Posted by Otto Greenberg

ACPO announces launch of 3 cyber crime hubs

Published on 13 February 2012.

Three cyber crime hubs will be established in the East Midlands, north-west and Yorkshire and the Humber.

Cyber crime hubs are to be launched at three sites across the UK in a bid to tackle data security breaches.

The Association of Chief Police Officers (ACPO) announced the initiative, explaining how £30 million has been granted for the project by the government.

This will be delivered over a four-year programme aimed at improving national capability to investigate and combat this type of crime, which is viewed as a ‘tier one’ threat alongside international terrorism.

Regional e-crime co-ordinator for East Midlands deputy chief constable Peter Goodman commented: “We know that increasingly criminal networks are seeking to exploit cyber space for profit and we have a duty as police leaders to respond to protect individuals and communities.”

The hubs will be based in Yorkshire and the Humber, the East Midlands and the north-west.

Last week, the ACPO announced its support for Safer Internet Day 2012 and urged parents to monitor their children’s use of the web so they remained free from exploitation.

Posted by Salma Davidson

IC warns of data security breaches

Published on 11 February 2012.

The Information Commissioner has reminded councils of their obligation to protect people’s privacy.

Councils have been warned they have a legal obligation to ensure their data security is of a high standard, with this now more imperative than ever.

Information Commissioner Christopher Graham claimed the rules of the Data Protection Act are increasingly important as local authorities continue to work with community partners and share sensitive information.

“We must also consider the detrimental impact these breaches continue to have on the individuals affected. Disclosing details about someone’s social housing status can be upsetting and damaging for those affected,” he stated.

His comments come after it was reported by the Information Commissioner’s Office (ICO) that five councils recently breached data security by failing to keep personal information secure.

In order to reduce the likelihood of such incidents in the future, Mr Graham advised local authorities that guidance has been produced that will help local authorities to keep sensitive data private.

His comments follow a recent fine administered by the ICO to Midlothian Council for several security breaches.

Posted by James Rendell

O2 facing fine over data security breach

Published on 10 February 2012.

An investigation is underway to assess whether O2 breached the Data Protection Act.

An alleged data security breach could lead to phone operator O2 facing a fine of up to £500,000.

The mobile giant is accused of sharing its customers’ phone numbers with websites they visit and is being investigated by the Information Commissioner’s Office (ICO).

Following complaints made by consumers, O2 released a statement claiming the problem was caused by technical changes it made during routine maintenance.

With a spokesperson informing Mobile magazine the security breach was a one-off and has been addressed.

“We identified the cause of the issue, fixed it and we’re putting in place measures to ensure it doesn’t happen again,” the representative stated.

However, the incident is now being reviewed by the ICO and substantial costs could be brought against O2 if they are found guilty of breaching the Data Protection Act.

Personal data is classed as information which relates to living individuals who can be identified from the data, or from that and other facts, which includes any expression of opinion about the person.

Posted by Otto Greenberg

WEEE recycling event hailed a success

Published on 8 February 2012.

More than seven tonnes of WEEE recycling items have been collected at an event in West Sussex.

A waste electrical and electronic equipment (WEEE) recycling event has been described as a success.

West Sussex County Council deputy leader Lionel Barnard told the local Gazette he was impressed by how much was collected at the Selsey service site.

More than 500 small items weighing around three tonnes in total were collected, along with 200 old televisions, 35 large items – such as microwaves – and 50 kettles.

In total, 7.4 tonnes of WEEE was taken to East Beach Car Park by local residents, which is two-and-a-half times more than the 2.94 tonnes collected at the last event in November.

Mr Barnard stated; “I am really pleased at how well this collection event has progressed so far.

“We are confident the residents of Selsey will help us maintain our UK pacesetter status in recycling WEEE items.”

The news comes after Edie.net reported a recent study by the Waste and Resources Action Programme revealed WEEE recycling levels are up.

Posted by Salma Davidson

ICO reports data security losses by financial services firm

Published on 7 February 2012.

A financial services firm has admitted to losing personal data relating to 608 customers.

The Information Commissioner’s Office (ICO) has revealed a breach of data security has occurred at a financial services company.

E*Trade Securities, which has operations in the UK, Middle East and US, informed the body of the loss of 608 customers’ personal details.

It was discovered the information was missing after the firm was asked to retrieve archived documents held in a storage facility in April 2010.

However, after several attempts to find the files, E*Trade Securities informed the ICO that identification documents, proof of address and account application forms had been lost.

Head of enforcement at the ICO Steve Eckersley commented: “This case demonstrates how important it is to stipulate in writing how long personal information needs to be kept, how regularly it should be reviewed and when it can be securely destroyed.”

The news comes after Midlothian Council was recently fined for disclosing sensitive data relating to children and their carers to the wrong recipients.

Posted by Otto Greenberg