Companies must ensure that, if the data does need to be collected and stored, that it is protected with strong encryption. Often this is seen as a stumbling block because it has traditionally required extensive customisations to accommodate the use of this encrypted data at every step along the way. Luckily this is no longer an issue with the advent of the new Format Preserving Encryption standard which greatly simplifies the process of protecting the data throughout its entire lifecycle, and thereby mitigating the risk of privacy breaches and the associated costly fines.
Voltage Security on British Pregnancy Advice Service data breach fine
- Talking Point
- Posted On
Following last week's news that the British Pregnancy Advice Service was fined £200,000 after a serious breach of the Data Protection Act revealed thousands of people’s details to a malicious hacker, Brendan Rizzo, technical director EMEA, Voltage Security writes:
"Organisations need to fully understand the responsibility that is intrinsically and automatically linked with their collection of any sensitive data. When the job of implementing an information gathering system falls to an outsourced contractor, the contractor's goals can lean towards the immediate deliverable of getting this information from the end user to the company, without enough attention being paid to the lifecycle of how this sensitive data will be used, stored and ultimately deleted. The responsibility of making sure the data is protected remains firmly with the company collecting the data however. They are the ones that must ensure that any such systems have adherence to the Data Protection Act, and therefore the protection of the end user, in mind at every step from design to delivery and ongoing operational use.