The recent USB data breach at Heathrow airport raises important issues around the security of vulnerable IT assets – especially when it comes to disposal.
The General Data Protection Regulation, or simply GDPR, strengthens the data rights of all EU residents. However, it also increases the potential fines organisations face for misusing data, and if there’s a breach of any personal data then fines will be issued.
Heathrow Airport was recently accused of a ‘catalogue of shortcomings’ and fined £120,000 by the Information Commissioner’s Office (ICO) over data protection failings. The ICO was concerned about a training video found on a lost USB data stick which exposed the details of Heathrow aviation security personnel and included full names, dates of birth and passport numbers.
The ICO’s director of investigations, Steve Eckersley, stated: “Data protection is a boardroom issue and it is imperative that businesses have the policies, procedures and training in place to minimise any vulnerabilities of the personal information that has been entrusted to them”.
The investigation took place after a member of the public found the USB stick which had been lost by a Heathrow employee last year. The leak became public knowledge when the stick was passed to a national newspaper, which took copies of the data before giving the stick back to the airport.
Mislaid and redundant IT equipment is a real threat to data protection. It holds masses of valuable data, some of which could give hackers access to your entire network. Blackmore Ricotech finds hundreds of flash drives still in USB ports of disposed IT equipment. We not only have processes to identify such unexpected risks after we have collected your assets, but also provide a secure solution for data destruction on such equipment.
It’s easy to forget about vulnerable, removable equipment like USB memory sticks, especially when there are now so many portable IT devices. However, for your security, this needs to be managed effectively if you’re to avoid losing sensitive data or facing fines under GDPR.
A number of standard remedial actions were taken by Heathrow once it was informed of the breach. However, the ICO’s investigation found that only two percent of their workforce had received data protection training, and it had widespread use of removable media with ineffective prevention of personal data being downloaded.
Blackmore Ricotech eliminates the risk of sensitive data getting into the wrong hands once an asset has been collected. We are the chosen secure ITAD (IT Asset Disposal) partner the NHS and other public sector agencies. To find out more about our role and your responsibilities under GDPR visit:
To find out how BLACKMORE RICOTECH can manage your secure IT disposal, get in touch. Call 0800 880 3678 today
If you would like to be kept up to date with changes to Data Protection or WEEE legislation, together with other important information that could affect your business, why not subscribe to our newsletter service? Rest assured, we will not share your information with anyone else and you can unsubscribe at any time. To stay informed, simply enter your email address and click the SUBSCRIBE button.