A recent report published by the Information Commissioner's
Office ("ICO") serves as a stark warning to consumers and
organisations to take better care of their data.
In December 2010, the ICO commissioned a computer forensics
company, NCC Group, to obtain 200 hard drives for inspection. These
were retrieved mainly from on-line auction sites and trade fairs.
An analysis of the devices has produced worrying results for data
protection. Half of the second-hand hard drives contained personal
or corporate data in 34,000 files, 11% of it being personal data.
At least six of the drives contained significant amounts of
personal data relating to the main user of the drive or employees
and clients of organisations. Documents found included scanned bank
statements, passports, CV's and medical details. This was
despite the fact that, in a number of instances, action had been
taken to delete the data from the hard drives. Alarmingly, the
forensic tools that were used to analyse the devices are freely
available on the internet, providing potential fraudsters with all
the tools they need at their fingertips.
The organisations involved have now put measures in place to
ensure that data is securely disposed of, with one company signing
an undertaking to introduce further improvements. However the ICO
have identified the ongoing concern that organisations and
individuals are not disposing of their data in a secure enough
Companies and consumers need to be aware of the measures
required to ensure that data does not fall into the wrong hands.
There is a very real danger of people becoming exposed to on-line
fraudsters simply because companies and individuals have not kept
themselves informed of the technical knowledge required to
adequately dispose of data; the simple pressing of a delete button
will not be enough.
The ICO's guidance on deleting data from devices can be
The material contained in this article is of the nature of
general comment only and does not give advice on any particular
matter. Recipients should not act on the basis of the information
in this e-update without taking appropriate professional advice
upon their own particular circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The date of the first binding vote by the Civil Liberties, Justice and Home Affairs Committee (LIBE) on the proposed General Data Protection Regulation (Regulation), which was initially planned for April-May 2013, has been postponed a second time.
Sam Allardyce recounted a humorous tale which re-enforced how important it is to have the right facts and figures at your disposal, and the importance of controls in establishing a trustworthy dataset.
The Court of Appeal has concurred with the High Court that the publication of private information relevant to an individual's character was justified where the public was entitled to consider his fitness for high public office.
When an organisation collects personal data about an individual, that individual has certain expectations about the purposes for which the data will be used.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”