Heathrow Airport Limited has been hit with a fine of £120,000 after a USB lost by an employee was found by a member of the public. It was then handed to a national newspaper, with copies being made of all the data before it was handed back.
The USB contained 76 folders and over 1,000 files, none of which were password protected. Although only a small percentage could be classed as personal and sensitive data, that small percentage was a big concern given their nature.
Airport security is notoriously high profile, whilst seen as a small headache when travelling, we all understand the importance of it. Surely, with security so ingrained in the DNA of airport processes, this should be extended to the handling of data. However, it transpired after the ICO investigation that only 2% of the 6,500 strong-workforce had been trained in data protection.
So, other than the obvious improvements in training, what else could have been done to prevent this? After all, many of us are guilty of misplacing a USB (hopefully, not in a case as severe of this).
One option is to go down the same route as IBM and ban USB sticks completely. This is quite a common move with plenty of tools available to support the enforcement of this.
You can ensure that only the relevant people have access to sensitive data. This should be common practice as part of a wider data protection policy. However, with this comes the challenge of understanding your entire data estate.
Fortunately, there are tools available to support in this. Namely, RiskView. This tool is designed to simplify the analysis of your data estate and associated risks. It is being used right now across a variety of industries, covering a broad scope of data protection. To learn more, check out RiskView today and arrange your free trial or schedule a demo.
14 February 2019
Phishing Scams – An Evolving Threat
11 February 2019
Phishing Indicators - An Infographic
28 January 2019
Transparency and Consent
13 December 2018
`Tis the Season for... GDPR? Pt.2
10 December 2018
Marriott - A Data Breach
03 December 2018
Tis` the Season for...GDPR? Pt.1