in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

UK Mobile Security: Glasgow City Council Assessed £150,000 Penalty

The Glasgow City Council has been slapped with a £150,000 monetary penalty for violating the Data Protection Act.  It's the culmination of an investigation that started when two laptop computers, neither of them protected with mobile device security like AlertBoot laptop encryption software, were stolen.

The original burglary was reported around June 2012, with a follow-up report in September where it was revealed that over 700 computers had been lost in a period of five years.

News of the latest penalty also reveals some eyebrow-raising facts.

Ignoring Security

At a certain level, it's not surprising that Glasgow City Council has been penalized with £150,000.  Consider the following: 
  • Over 700 computers lost between 2008 and 2012 (inclusive).
  • According to the BBC, "employees who used the laptops had asked for them to be encrypted".
  • The council had been warned about the situation and the breach of the council's won security policies but had done nothing.
  • They can't account for 74 laptops.
  • They were issued with an enforcement notice in 2010.

With so many boneheaded moves, is it a wonder that the UK's Information Commissioner's Office (ICO) came down hard on the council?  While the ICO has the legal authority to assess monetary penalties of up to £500,000, its largest penalty to date has been £250,000.  If memory serves, the current fine of £150,000 is the second highest and has been assessed on a couple of other organizations besides the Glasgow City Council.

Obviously, the use of disk encryption software, on a timely basis, i.e., not after the entire world was made aware of the council's scandalous data protection practices, would have prevented the situation from arising.

The total cost of the data breach, I should note, is not only the fine but includes other, less tangible expenditures as well, such as (1) all the time and energy expended in investigating this matter by the ICO, (2) the same by the Glasgow City Council employees (probably in their IT department), and (3) the loss of reputation and trust by Glasgow citizens.  Obviously, this is not meant to be an exhaustive list.

Tracking Inventory Via Encryption

It may be an unconventional way of doing it, but keeping track of device inventory, including laptop computers and personal mobile devices like smartphones and tablets, can be successfully done with security software.

How? you might ask.  The answer lies in the AlertBoot central console.  The online management system includes a customizable reporting engine that keeps track of the security status for all devices as well as their audit log.

As noted, it's a bit unconventional.  However, it kills two birds with one stone: you have laptop encryption in place, to prevent data breaches, and you also get an easy method for auditing and keeping track of devices with sensitive data, which in turn allows you to easily be in compliance with national, company, and professional regulations.
Related Articles and Sites:
http://www.bbc.co.uk/news/uk-scotland-glasgow-west-22807593
http://www.dailymail.co.uk/news/article-2337301/Council-fined-150-000-loss-76-unencrypted-laptops-containing-personal-data-bank-accounts-20-000-people.html
http://www.ico.org.uk/enforcement/~/media/documents/library/Data_Protection/Notices/Glasgow-city-council-monetary-penalty-notice.ashx
 
<Previous Next>

Continuing 5th Amendment Saga: Judge "Rules" That Suspect "Doesn't Need" To Decrypt Hard Drive

PRISM Revelation Does Not Automatically Mean Slower Growth For All Cloud Services

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.