Information Commisioner's Office action against insurance firm

ICO action against insurance firm reminds us that encryption is now needed for all private data, says CREDANT Technologies.

July 2009 (Eskenzi PR) - Reports that the Information Commissioner's Office (ICO) has taken action against a Kent-based insurance company for failing to protect data on around 2,100 of its policy-holders reminds the industry of the need to encrypt private data, whether at rest or on the move, says CREDANT Technologies.

According to Andrew Kahl, the endpoint data protection specialists Senior Vice President of Operations & Co-founder, the insurance firm, part of Lloyds, lost an unencrypted disk holding the data, and has been instructed by the ICO to sign a `formal undertaking' to enhance its data protection methods.

"The firm blamed the data breach - which involved data going back as far as ten years - on a lack of staff training and poor data handling procedures, but the reality is that all firms need to adhere to IT security policies involving encryption of staff and customer's personal data," he said.

"In addition, companies also need to enforce those encryption security policies using suitable IT systems. These systems act as an audit safeguard and can save companies money and embarrassment in the longer term," he added.

Kahl went on to agree that the ICO's comments that the case is a reminder that the appropriate safeguards should be in place to protect personal information is very timely.
We are now 20 months on since the Inland Revenue famously lost a CD- ROM containing the details of around 15,000 pension holders in the post between its Tyneside operation and an Edinburgh office, he explained.

Since that time, countless reports of data breaches and thefts have hit the headlines, again and again.

"The bottom line to all of this is that companies need to take care when handling private data. Data needs to be encrypted and the good news is that the technology required to do this need not cost the earth," he said.

For more on the ICO's action against the Kent-based insurance company:

For more on CREDANT Technologies: