Glasgow City Council Fined For Security Lapses

  /     /     /  
Publicated : 22/11/2024   Category : security


Glasgow City Council Fined For Security Lapses


Stolen laptops and repeated cases of unencrypted data top the list of the City of Glasgows security failings.



The organization that safeguards data privacy in the U.K., the
Information Commissioners Office
(ICO) has slapped a £150,000 ($232,000) fine on the
Glasgow City Council
for failing to adequately protect citizens data. The ICO has levied the penalty on Scotlands second city using its powers of enforcement under the 1998 Data Protection Act.
The judgment centers on the May 2012 theft of two unencrypted laptops from some of the councils offices, which were in the process of being refurbished. The security breach occurred when an employee placed a key to a safe area into the drawer of a colleague, leaving both devices unprotected long enough to be purloined. One of the devices contained the names, addresses, and in some cases, bank account data, for more than 20,000 individuals.
[ Could the U.K.s recently vetoed communications monitoring law help prevent crime? Read
Will Britain Revive Its Snoopers Charter?
]
This data was unencrypted due to problems with Glasgows security software, but the ICO maintains that the city should not have allowed its IT supplier to hand out unencrypted laptops to employees. It also points out that staff had asked for -- but not been given -- better-protected laptops, and that managers were aware of a series of recent thefts in the offices. (In fact, an astonishing 74 laptops had gone missing in addition to the one containing sensitive data.) Finally, the ICOs judgment cites the distress suffered by individuals whose personal information was exposed.
The ICO has now served Glasgow with an enforcement notice requiring it to carry out a full audit of all IT assets used to process personal data. It must also arrange for all of its managers to receive appropriate asset management training, and carry out a full check of all of its devices each year and maintain a complete, up-to-date asset register.
How an organization can fail to notice that 74 unencrypted laptops have gone missing beggars belief, remarked Ken Macdonald, the ICOs assistant commissioner for Scotland. The fact that these laptops have never been recovered and no record was made of the information stored on them means we will probably never know the true extent of this breach, or how many peoples details have been compromised.
According to the ICO, Glasgow has had a history of security problems. In 2010, it was issued with an enforcement notice after an unencrypted memory stick was lost. Macdonald said, To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow.
The council should be held to account, he added. The penalty goes some way to achieving that.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Glasgow City Council Fined For Security Lapses