Information Commissioner's Office Hands Out More Fines

Two weeks ago the ICO announced that it had fined a senior barrister £1000 for failing to keep clients’ sensitive personal information secure.  The ICO explained that the barrister had kept sensitive information on 250 clients on a home computer without using any encryption.  Then, during an update of software on the computer, files were automatically backed up on-line, where they were temporarily visible to search engines.  There are clear lessons here for other small businesses, but it would appear that large organisations also have issues.  A few days later the ICO announced that it had fined Norfolk County Council £60 000 for leaving social work case files in a cabinet that they disposed of – the files were discovered by a member of the public who bought the cabinet in a second-hand shop!  Once again, this example highlights that information security is not just about electronic data.