Separate to the loss of disks containing the bank account details of child benefit recipients in the UK, the loss covers details available from a large number of websites and includes account numbers, PINs, and the three-digit security code on the reverse of credit and debit cards, thus enabling them to be used online and over the telephone. There is currently a well-known scam in operation to obtain the three-digit security code from individual card holders, and once these are known the card details become available for sale online.
While many of these disclosures will be as a result of individuals not being sufficiently careful with their personal details and subsequently falling prey to social engineering scams, others will undoubtedly be as a result of breaches of the Data Protection Act by British organizations. The act states that anyone who processes personal information must comply with the eight principles that the data is: fairly and lawfully processed; processed for limited purposes; adequate, relevant, and not excessive; accurate and up-to-date; not kept for longer than is necessary; processed in line with your rights; secure; and not transferred to other countries without adequate protection.
Of perhaps even greater concern is the fact that some of these breaches will have been unintentional - organizations that are unaware that they are not compliant with, in this case, the Data Protection Act. However, ignoring any legislation or regulations is not an option. Organizations have a range of options to meet the IT demands of compliance. They can �do-it-yourself� in-house, utilizing existing or contract skills to create a bespoke solution for the organization; implement solutions created by software vendors, along with a level of services to help the implementation; or let a third party provide all, or part, of the technology and service, for a fee.
Each has its attractions and benefits, and conversely each has associated risks and costs. The correct choice will be specific to the individual business. The compliance agenda is a major opportunity to drive organizational change and improvement, and it places IT management at the center of the organization and demonstrates the value of the effective management of information. The role of IT management in compliance is not just to ensure that the business stays within the law, but to support fellow managers and others, in improving business processes and procedures.
Source: OpinionWire by Butler Group (www.butlergroup.com) 'End Intelliext
Sign up to our weekly newsletters for the latest industry news & comment.