It was announced last week that the Information Commissioner’s Office (ICO) had fined the insurance company Royal Sun Alliance £150 000 for the loss of a hard drive containing names, addresses and bank account details of 60 000 customers. The device was stolen from RSA’s offices in West Sussex but it is not known whether the theft was carried out by a member of staff or not, and it has never been recovered.
A statement from the ICO said:
“When we looked at this case we discovered an organisation that simply didn’t take adequate precautions to protect customer information. Its failure to do so has caused anxiety for its customers not to mention potential fraud issues….There are simple steps companies should take when using this type of equipment including using encryption, making sure the device is secure and routine monitoring of equipment. RSA did not do any of this and that’s why we’ve issued this fine.”
Once again, this incident emphasises that having appropriate policies and procedures in place, and understood by staff, if a critical part of information security management. For more information on information security and ISO 27001, go to our “What is Information Security” page.