The Information Commissioner’s Office (ICO) has found two London housing bodies in breach of the Data Protection Act, after a bloke left a memory stick containing details of over 20,000 tenants of Lewisham Homes and 6,200 tenants of Wandle Housing Association in a local pub.
Nearly 800 of the records belonging to Lewisham Homes contained tenants’ bank account details, the ICO revealed, after the datastick was found and handed to the police.
“Saving personal information on to an unencrypted memory stick is as risky as taking hard copy papers out of the office,” said Sally-Anne Poole, acting head of enforcement ICO.
“This incident could so easily have been avoided if the information had been properly protected.”
Mark Fullbrook of insecurity outfit Cyber-Ark, reckons sing a memory stick to transport sensitive information "may be convenient but it’s certainly not secure."
He added: "Ultimately, data will always need to move beyond the four walls of an organisation. That’s not going to change. So firms need to rethink their existing practices and ensure that the same high level of security used within the organisation is used to defend its information in the outside world.”
The ICO decided not to fine the two bungling housing companies after they agreed encrypt such devices from now on.
There was no restriction mooted aimed at keeping employees out of the pub.