Information Security Bulletin

UK Bank Fined GBP1M For Loss of Data on Laptop

19 Feb 04:56

The UK Financial Services Authority has fined a UK financial company, Nationwide, GBP980,000 for failing to protect information after the theft of a laptop from an employee's home last year. Additionally, it has cost the Nationwide a significant amount of money to inform customers of the risks the theft had exposed them to.

The shocking fact is that whereas sensitive personal data used to be stored on central mainframe computers many companies and other organisations, private and public, now distribute this information on laptops without giving it a thought, and treats the information with carelessness. Robert Ellis Smith wrote an articles about this for Forbes Magazine (URL below), based on disclosure information from the USA, where organisations losing data are in many instances forced to disclose the fact, together with some details.

In the UK banks and other large organisations recently expressed considerable resistance to similar legislation in the UK, stating that it would unnecessarily scare users away from doing business on the Internet. Disclosure may scare users away but in view of the enormous breaches (that we hear very little about in the UK but which are probably as bad as in the USA) people appear to have some justification in staying away from electronic processing of their personal information when they can.

Large organisations do not do anything to curb their own autonomous behaviour unless forced through legislation, and there is no reason to believe they will start to take their customers' data security seriously if not forced to do so.

Nationwide got off with a small fine (compared to the size of the company and the offence) but it is positive that the FSA with this ruling shows the way forward. The fact is that it is easy and cheap to protect information on a laptop - use encryption software, plug in an ID token and go! Good encryption software is readily available, both open source and commercial, from companies like e.g. Utimaco and Aladdin.

Related links: (Open in a new window.)
www.forbes.com/columnists/2006/09/06/laptops-hall-of-shame-cx_res_0907laptops.html

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe?

Download a free sample copy!

Download the much quoted October 2005 Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Legal Issues
Of Trojans, Cheerleaders and Cuckoos…
Jon Colombo

Web Security
Web 2.0 vs. Web 1.0 – Security Standpoints and Challenges
Shreeraj Shah

Computer Forensics
Trends In Disk Drives and Data Transfer Speed
Steven Branigan