European Data Protection Digest

ICO: Fines Show Lack of Security Culture in Organisations

DATA PROTECTION—UK

November 8, 2012

Infosecurity Magazine reports the Information Commissioner’s Office (ICO) has levied more than £2 million in fines to public-sector organisations and is concerned that repeat offenses, such as a recent Stoke-on-Trent breach, indicate the lack of “a culture among staff whereby everyone takes their responsibilities seriously and effective data handling becomes second nature.”  One expert says organisations need “to rethink their approach to information security and take care to classify and protect data itself according to the sensitivity of that information,” while another expert outlines the importance of building privacy into NHS electronic health record systems. Meanwhile, an Abergavenny hospital is reminding employees about its policies for posting photos online after a patient’s family complained about a photo posted to Facebook.
Full Story