Embed Size (px)
Citation preview
Firms ‘Are Not Adequately Protecting Their Data’
Facebook.com/storetec
Storetec Services Limited
@StoretecHull www.storetec.net
Ignorance with regard to encryption technologies means many businesses are mishandling sensitive information.
That is according to Simon Rice, group manager at the Information Commissioner's Office, who wrote in a blog post that many organisations are failing to adequately protect the data they hold on people, with a lack of knowledge about encryption services the crux of the matter.
He stated that it is a relatively straightforward way of protecting sensitive information and urged forms to follow this route if the loss of data were to have an adverse effect on the individuals involved.
Mr Rice suggested that many firms believe the basic level of protection will suffice in the majority of incidents, something which is not true.
"A common misconception is that just requiring users to log in to a device or service with a username and password provides an equivalent level of protection to encryption. This isn't the case," he wrote on the blog.
He went on to point out that passwords and PINs are not equal alternatives to encryption, adding that these can easily be bypassed by those with adequate knowledge.
The writer then went on to discuss exactly what encryption is, revealing that it uses complicated mathematical algorithms to protect sensitive data.
"This hides the underlying data and prevents any inadvertent access to, or unauthorised disclosure of, the information," Mr Rice wrote.
Businesses have a number of encryption software solutions available to them, including full disk encryption and individual file encryption, the expert noted.
Mr Rice concluded by stating that fines totalling £700,000 have been issued in three recent cases where encryption was not employed.
The ICO stated in an update last year that in cases where laptops containing personal information that have been stolen or left in inappropriate places without adequate encryption software, regulatory action is one of the options on the table.
As well as encryption software, personal information also needs to be managed in line with the organisation's security management procedures.
Storetec News/Blogs. "http://www.storetec.net/news-blog/firms-are-not-adequately-protecting-their-data" Firms ‘Are Not Adequately Protecting Their Data’. Aug 30, 2012.
Storetec.
