RSS Alerts

Related Links

Related Stories

  • Six out of ten employees steal company data
    A study of US workers has revealed that six out of every ten employees surveyed stole company data upon leaving their job in the last year.
  • Heartland card payment system breach bigger than TJX?
    Reports are coming in that a New Jersey-based payment processor's IT systems have been compromised in what experts are calling the biggest payment card data breach ever.
  • Doctors encourage patients to opt-out after NHS data losses
    A letter for patients to use to opt-out of the English NHS’s nascent central database of medical records, written by doctors and medical privacy campaigners, has reached more than 200 000 downloads. Meanwhile, nine NHS trusts have admitted data breaches, in the wake of HM Revenue and Customs’ loss of 25 million people’s data.
  • UK government loses data on 25m Britons
    The UK government has lost personal data on every child in the country, as well as national insurance numbers and bank account details of parents and carers claiming child benefit, on two password-protected CDs sent through an internal mail service.
  • The ID card debate
    The latest news on ID cards – which saw Home Secretary Alan Johnson announce that holding ID cards should be a personal choice for British citizens – has kicked off the long-standing debate once again. Davey Winder takes a look at the pros and cons of the controversial initiative

News

Unauthorised local authority staff access to personal data is inevitable

17 August 2009

Reports in Computer Weekly that a number of local authorities are sacking or disciplining staff for viewing personal data on the Department for Work and Pension's Customer Information System (CIS) comes as no surprise, says Cyber-Ark, but merely serves to highlight the need for highly privileged access to this kind of data.

Mark Fullbrook, the IT security vendor, Cyber-Ark's European director, said that taking a data silo approach to personal data is now the best approach to allowing privileged access to information - as well as allowing the data to be shared between specific people on a carefully controlled and encrypted basis.

According to Computer Weekly, Cardiff Council has sacked a member of its staff for looking at personal CIS information on celebrities.

This was, said Fulbrook, probably an employee looking to expand their knowledge of celebrities beyond the confines of Hello magazine, but the staffer could also have sold the personal data on to a national newspaper.

As a result, he explained, the fall-out for the council could have been very bad.

"It's also quite worrying that Computer Weekly's research has revealed that staff at 34 local authorities incorrectly accessed data on the CIS between 2006 and 2009, but that only nine members of staff were actually dismissed", he said.

Clearly, added Fullbrook, these personal data incidents are 34 too many, but given the fact that local government employs 1.7 million full-time employees - one in 35 of the UK's population - rogue employee actions of this nature are inevitable.

This is why, he added, it is essential that effective privileged controls be placed on the viewing and exchange of CIS and personal data by local authorities across the UK, he explained.

And, he said, the technology required - centering on highly secure storage and privileged email-driven exchange of the data - now exists to control access to the large databases containing personal data such as the CIS.

"Our own Inter-Business Vault technology is a prime example of this, as it allows privileged access to the data, as well as allowing encrypted and auditable sharing of data between nominated members of staff as and when required", he said.

"There is simply no excuse for the UK's 430-plus local authorities not to use the technology that is available. And there are 1.7 million reasons for this", he added.

 

This article is featured in:
Application Security Compliance and Policy Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water