Halkyn Security Blog
Specialist Security & Risk Management Consultants

Posts tagged Data Protection

Staysure security breach leads to ICO Fine

Staysure insurance fined for failing to have any security policies.

The Information Commissioner’s Office announced on 24 Feb 2015 that it had levied a monetary penalty of £175,000 against the holiday insurance company Staysure. The fine came about as a result of Staysure suffering a security breach on their website which exposed more than 100,000 customer records and led to more than 5,000 customers having their credit […]

Read More

Prison Service in NI Warned over Data Breach

Prison Service warned over data breach

The prison service in Northern Ireland has been warned by the ICO over another data breach. The ICO press release is available online: http://ico.org.uk/news/latest_news/2014/prison-service-warned-after-maze-records-sold-at-auction-18062014 This incident relates to the Prison Service auctioning off a cabinet containing records from the Maze prison. Interestingly, this breach took place in 2004, when the Northern Ireland Office was responsible, but nothing […]

Read More

Physical security is important for data protection

Physical Security Assessment Form - Free Download

Physical security has always been a cornerstone of any Information Security program. As a topic, it is covered by every major security standard. Most have entire sections dedicated to physical security: ISO27001:2013 has A.11 “Physical and Environmental Controls“ The SoGP has CF3.3 “Sensitive Physical Information” and CF19 “Physical and Environmental Security” PCI-DSS Requirement 9 mandates […]

Read More

DPA Registration is important if you want to avoid a fine

DPA - follow the law or risk a fine

Here in the UK, the Data Protection Act (DPA) has been law for 14 years now (the act is dated 1998 and commenced in 2000). Despite this, there are some organisations who are not aware of their obligations to comply, even when it is clear they are handling data which would be protected under the […]

Read More

Data protection needs good physical security

Data protection needs good physical security

Data protection is frequently in the news as organisations more become aware of just how important it is to their business. Unfortunately all too often data protection measures focus on the technical aspects, overlooking the basic need for good physical security controls. Technical controls, such as encryption & access management are important for data protection […]

Read More

December DPA Breach Fines

Payday loan companies need to be aware of the DPA and PECR.

The run up to Christmas 2013 has shown that the Information Commissioners Office is still busy fining organisations and individuals for breaches of the Data Protection Act (DPA). In December two new civil monetary penalties were issued with a total of over £175,000. Both cases highlighted the value of being proactive and implementing good security […]

Read More

Encryption – it is your responsibility

Encryption – it is your responsibility

Encryption is important. This has always been well known, and with the recent revelations about PRISM and related Government monitoring of communications, people have become understandably more interested in the topic. However, keep in mind the fact that doing encryption wrong is worse than not doing it. In recent years it has become more and […]

Read More

Sensitive data should not go by fax!

Fax Machines - out of date and insecure

You may want to check your calendars again. Even though we are now well into the 21st century, it seems that some organisations are still sending sensitive data by fax machine – and not just the NHS (who were fined £55,000 for the inevitable breach). It seems banks, who really should know better, cant help […]

Read More

Governance failure costs £45,000

Telesales can be effective at promoting your business but you need good governance in place to make it work for you.

A breakdown of internal governance processes has led to the Information Commissioner’s Office (ICO) issuing a civil monetary penalty (fine) on Tameside Energy Services Ltd, a Manchester based company claiming to offer a range of energy improvements and making heavy use of cold-call sales tactics. Showing a growing tendency to fine private companies, the ICO reported […]

Read More

Fax machines – not suitable for sensitive data

Fax Machines - out of date and insecure

It seems some technologies are hard to get rid of and it seems that people are still using fax machines to send data despite them being slow, cumbersome, unreliable and, most importantly, insecure. As it is 2013, it should go without saying that fax machines are not an appropriate mechanism to send anything sensitive and […]

Read More

Lack of Laptop Encryption costs City Council £150,000

The Information Commissioner’s Office (ICO) has announced today that it has fined Glasgow City Council £150,000 following the loss of two laptops because neither had any encryption software applied. The fine follows an incident where two laptops were stolen from Council offices during refurbishment. To complicate matters, the Council had already been made aware of […]

Read More

Passwords are not bad, just dont trust vendors

Passwords are not bad, just dont trust vendors

Passwords are in the news again, with yet another headline crying out for the death of the password and claiming that everyone should move to two factor authentication (2FA) for all their online activities. As with all these claims, it is worth looking at them in greater detail before we give up on of the […]

Read More

4 steps for schools to improve their information security

4 steps for schools to improve their information security
Read More

Another lack of encryption leads to a Data Protection Act Fine

NHS & Healthcare Security - Sensitive data needs proper protection.

On Friday, 15 Feb 13, the Information Commissioner’s Office (ICO) announced that the UK Nursing and Midwifery Council (NMC) had been fined £150,000 for a breach of the data protection act. (It is worth bearing in mind that the NMC has recently raised the registration fees for Nurses to £100 per year) It seems that […]

Read More

ICO fines text spammers nearly £500,000

ICO fines text spammers nearly £500,000

Last week the ICO reported that the directors of a company heavily engaged in spam texting (sending unsolicited commercial messages to people via their mobile / cellular phone) have been fined significant sums of money – this is the first action from the ICO using new powers granted in January 2012. This was an investigation […]

Read More

Recent Tweets Recent Tweets