Feeds

Insurance giant rapped on knuckles over DPA breach

Amicus in doghouse over stolen, unencrypted laptop

3 Big data security analytics techniques

Insurance firm Amicus Legal has been put on notice for breaches of the Data Protection Act, after it failed to protect sensitive customer data on a laptop that was subsequently stolen.

The laptop, privately owned by a contracted consultant, contained an estimated 100,000 unencrypted customer records. The sensitive data held on the machine in plain text included details of legal advice.

The Information Commissioner’s Office (ICO) has obtained a legal undertaking from Amicus Legal that it will ensure proper protection of sensitive data is maintained in future. For example, Amicus has promised to use encryption on portable computers and USB sticks.

Breaches to the agreement could result in enforcement action by the ICO. In a statement, the data privacy watchdog said the case illustrated that firms are responsible for the security practices of their contractors.

Sally-Anne Poole, head of enforcement & investigations at the ICO, said: "This case was serious because it involved the data of 100,000 customers, including sensitive information relating to legal advice. This breach illustrates that even though a contractor lost the data, it is the data controller (Amicus Legal Ltd) which is responsible for the security of the information. It is vital that personal information is handled properly and in compliance with the Data Protection Act."

"Since November 2007, 161 data security breaches have been reported to the ICO by the private sector. We urge all CEOs and their senior management teams to take personal responsibility for treating data protection as a corporate governance issue affecting the whole organisation. They have to make sure that safeguarding the personal information of customers and staff is embedded in their organisational culture." ®

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.