Feeds

Insurance giant rapped on knuckles over DPA breach

Amicus in doghouse over stolen, unencrypted laptop

Top three mobile application threats

Insurance firm Amicus Legal has been put on notice for breaches of the Data Protection Act, after it failed to protect sensitive customer data on a laptop that was subsequently stolen.

The laptop, privately owned by a contracted consultant, contained an estimated 100,000 unencrypted customer records. The sensitive data held on the machine in plain text included details of legal advice.

The Information Commissioner’s Office (ICO) has obtained a legal undertaking from Amicus Legal that it will ensure proper protection of sensitive data is maintained in future. For example, Amicus has promised to use encryption on portable computers and USB sticks.

Breaches to the agreement could result in enforcement action by the ICO. In a statement, the data privacy watchdog said the case illustrated that firms are responsible for the security practices of their contractors.

Sally-Anne Poole, head of enforcement & investigations at the ICO, said: "This case was serious because it involved the data of 100,000 customers, including sensitive information relating to legal advice. This breach illustrates that even though a contractor lost the data, it is the data controller (Amicus Legal Ltd) which is responsible for the security of the information. It is vital that personal information is handled properly and in compliance with the Data Protection Act."

"Since November 2007, 161 data security breaches have been reported to the ICO by the private sector. We urge all CEOs and their senior management teams to take personal responsibility for treating data protection as a corporate governance issue affecting the whole organisation. They have to make sure that safeguarding the personal information of customers and staff is embedded in their organisational culture." ®

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.