It seems with every week that passes there is another breach of data confidentiality. Recently customer data from 2,000 Barclays’ customers was presented to the Mail on Sunday on a memory stick by an anonymous source. Apparently another 25,000 people’s information was also available to purchase.
Clearly it is worrying when one of the world’s premier banking institutions cannot keep its customers personal data safe. This leaked data includes passport & national insurance numbers, money and health information, which in the wrong hands could have damaging ramifications.
The Information Commisioner’s Office (ICO) will now commence investigations into this data breach, with severe repercussions likely. The ICO have the power to levy fines up to £500,000 for organisations who don’t take appropriate measures to secure and protect data of this nature.
During the process senior stakeholders from Barclays are also required to sign full disclosure agreements regarding the incident, so the public will be kept abreast of developments with what went wrong . Rather unattractive media attention, I’m sure you’d agree.
While it can be difficult to guard against an insider physically taking the information, there are steps that institutions can take to ensure their customer data is well protected. Many organisations use process governance, audit trails and restrict employees’ use of external data storage mediums to reduce risk.
At the very least, organisations can reduce the danger of data confidentiality breaches, as well as the loss of sensitive data by ensuring their data is securely encrypted and remotely backed up. If this is executed correctly and encryption keys are used it is very difficult for malevolent parties to gain access to customer data.
While there is a prevailing attitude amongst some financial institutions that in-house IT management is better equipped to deal with the unique challenges of the financial sector, incidents like this can prove how this isn’t the case. Managed service providers are experts at managing the encryption and backup of data at their secure data centres and work with companies to make sure these practises support overall business goals.