Learn about some of the simple errors people have made when handing their confidential data, this presentation was based on a Shredded Neat piece of research into blunders from the last 20 years, it is meant to be lighthearted!
2. Data - Why worry ?
• DPA introduced 1984
• Administered by ICO
• April 2010 new powers to
issue DP ‘Notices’ and pursue
through courts
• 13,802 cases last year
• 372k registered under DPA
• 58 spot audits in 2013/13
UK Data Losses
Shredded Neat Limited
3. What could it cost me?
• ICO levied £4.25
million in fines on 40
organisations
• Average fine £106k
• FCA/FSA £7.77
million on just 7
organisations
• ICO Max fine £500k
and FCA unlimited
UK Data Losses
Shredded Neat Limited
4. Our Own Survey
• Looked at recorded
prosecutions over 20
years, plus:
• Internet search of
major data breaches
• Press and media
researched
• Pulled together our
own statistics and
case studies
UK Data Losses
Shredded Neat Limited
6. Secure Paper Losses
• Paper in use since 1495
• Digitisation presents challenges
dealing with redundant archives
• Cloud archiving has specific
problems in terms of security
• Documents still carried to and
from work on various forms
transport
• Unshredded documents often
put in general waste
UK Data Losses
Shredded Neat Limited
7. Benji the Bin Man
• Benjamin Pell made a living
going through rubbish
• Professional Muckraker
• Drove round London in Hi-Vis
emptying bins into his vehicle
• Prominent firms and people
targeted, paid by newspapers
• Police found 200,000
documents in his shed after
his arrest!
UK Data Losses
Shredded Neat Limited
9. Portable Data Media
• Seagate devised 1st HDD in
1980, 5Mb, by 2013, latest PCs
4Tb
• Or from 5 novels to a library with
4m books
• Mem.sticks 1st used 1980s, can
hold 128 Gb, convenient to carry
– easy to lose!
• Mobiles 1990’s, 50% ‘smart’
25,000 stolen in London per
week
UK Data Losses
Shredded Neat Limited
10. West African News!
• Old pcs/laptops began arriving in Ghana
few years ago, Ghanaians welcomed
donations to help bridge digital divide.
• E-waste dealers set up shop close to port,
display 40ft containers they bought in UK
– HDDs salvaged are displayed at open-air
markets. Organized criminals comb through
HDDs for personal information to use in
scams.
• Totally outside UK regulation & contribute
to some of 217,000 ID fraud cases in the
UK.
UK Data Losses
Shredded Neat Limited
11. Where do losses occur?
• Paper losses from
offsite storage, during
office moves & blown
out of doors & windows
• Theft of high value
laptops/mobiles from
houses, trains & cars
• 50% of all losses in
transit occurred after
being in the pub or a
restaurant
UK Data Losses
Shredded Neat Limited
12. Inverness Police
• In 2000, hundreds of documents
found blowing across local tip
• Internal files on 126 cases incl.
bike thefts, drug offences and
serious sexual cases
• Defendants clearly identifiable
• Major inquiry launched by Police
• Member public sent bundles found
to the local newspapers
• Police unable to say how these
bypassed their procedures
UK Data Losses
Shredded Neat Limited
14. Most Common Threats
• Single or
compound threats
• Excl. misdirected
comms.
• Intentional e.g.
hacking or criminal
or accidental, when
an event occurs
and data falls into
other hands or
public domain
15. Reputational Damage
• In 2011 Oliver Letwin papped
on five separate days
• Dumped docs in waste bins in
St. James Park
• 100 documents retrieved by
the photographer
• Comprised briefing papers
and constituency mail
• MP and Minister of State in
Cabinet office – Nice one Ollie
16. Personal Liability
• Richard Jackson 2008
• Left files on Train out of
waterloo
• Contained Joint Intelligence
Committee report on Al
Queda & MoD report on
Iraq’s defence capabilities
• Commuter passed them to
the BBC
• Richard (Dick) fined £2500
and severely reprimanded by
Civil Service
17. Security what security?
• Former Home Secretary
David Blunket 2002
• Documents found outside
a Sheffield Pub
• Aerial Photo’s of his
home and detailed alarm
systems info & his usual
daily routine in papers
• Ex-soldier found the
papers and gave them to
S. Yorkshire Police
18. Graham Clements whoops!
• UK MD of Ischida Corp. Japan.
• Gives old Blackberry to his IT dept
to recycle
• Attends his 1st Board Meet to find his
Blackberry No1 item in agenda
• Data on it – Business Plans; bank
accounts; Corp info & his children
• Damaging publicity just averted by
fact the phone was recovered by
Glamorgan University who were
researching mobile phone abuses
19. Protect yourself!
• Ensure DPA complaint processes
• Resources needed often outside
scope smaller companies
• Secure storage of paper on site
• CRB check cleaners and FMCo
• Ensure all data containing media
controlled
• Encryption of data taken offsite
• Certification to BS15713
contractors not badges!