The ICO lists the actions that it takes against organizations that it deems to be in breach of the Data Protection act. This also serves as a useful source of statistical information which this blog entry briefly explores. There are a number of different actions that the ICO can take.
- Monetary Penalty Notices,
- Enforcement Notices
Overall StatisticsFor 2012 here are the overall statistics.
Total for Action
|Nr for Web
|Monetary Penalty Notices||24||1|
There were 62 incidents of which 5 relate to websites. Given the number of online applications that process personal information, 5 seems to be a remarkably small number.
Here is a high level overview of the web application incidents.
- 6th August: Sensitive personal information relating to 1,373 employees was published on the website.
- 1st March: Disclosure of personal information in training materials published on its website
- 17th April: a web design error that created the potential for unauthorised access to individual’s personal data
- 18th April: Two data security incidents which relate to the unauthorised disclosure of personal data on the data controller’s website.
- 30th November: A private area on the website was accessible to members of the public
The Rest of the IncidentsThe rest of the cases are made up of a mixture of the usual suspects:
- Information being sent to the wrong recipient.
- Paper files left in waste bins.
- Unencrypted memory sticks.
- Hard drives not securely erased at end of life.
It is worth taking a look at the ICO website taking actions page to get a feel for the kind of problems that exist. There is no real pattern. Website issues are only a small proportion of the overall numbers. It shows how difficult it can be for a security manager to put a comprehensive security program in place.
Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot
In fact your creative writing abilities have inspired me to start my own blog now. Really blogging is spreading its wings rapidly. Your write up is a fine example of it.Software Application Development CompanyReplyDelete