Highly sensitive data kept on an unencrypted device.
The Greater Manchester Police Force has been fined £120,000 after a security breach in which a USB stick containing the details of more than one thousand people under criminal investigation was lifted from an officer’s home.
As The Register reports, the personal details were kept on an unencrypted USB stick with no password protection. The device – which was owned by a member of the Serious Crime Division – was kept in a wallet which was stolen during a break-in at the officer’s home.
Data held on the stick included the contact details of 1,075 people investigated by the force’s drugs squad over 11 years.
David Smith of the Information Commissioners Office (ICO) that issued the fine underlined the severity of such a data breach, endemic to a force where a similar incident in September 2010 had taken place.
The expert highlighted the need for such high-profile corporations and organisations to take control of their data and enforce safe data protection practices and introduce encryption and extra security to their systems.
"This was truly sensitive personal data, left in the hands of a burglar by poor data security," he said. "The consequences of this type of breach really do send a shiver down the spine.
"It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action."
Such security breaches can be avoided with electronic document storage kept in the cloud. Only authorised devices would be able to access the data, while multiple users would be able to manipulate and add to such a database.
And as one Google expert told a conference this week, in-cloud storage is in fact safer than in-house records storage solutions. "I believe that cloud computing, compared to most organisations [and] what they’re doing today, is probably more secure," said Google Enterprise security director Eran Feigenbaum.