How not to send secret data: British police are losing key evidence again

Mission: you have to urgently provide the experts with a record of interrogation of victims of sexual violence. How will you do this? The Greater Manchester County Police Department chose a registered letter. As a result, unencrypted DVDs with testimonies were lost at the post office, and officers have already cashed 150,000 for the second time. pounds fines from the British equivalent of GIODO. The Anzena company specializing in data protection reminds you how to properly care for the security of resources.

There are at least several ways to securely transfer sensitive data. Reason suggests that if the distance is not deadly, this kind of information should be delivered in person. In turn, by sending them over the network, it is worth using the dedicated VPN protocol. In any case, high-risk data should be encrypted, which will protect them against unauthorized access by unauthorized persons. The Manchester police disregarded these standards by sending carriers with unencrypted files ... by mail. When giving justice to the Royal Post Office, it is worth mentioning that the police could use a special parcel, where each parcel delivery from hand to hand requires the signature of the person collecting the parcel. They did not even do this by simply choosing one of the cheapest options.

Shocking negligence came to light when the recordings did not reach their destination: the Serious Crimes Section of the National Agency for Crime. This department deals with the identification of serial killers and rapists in the early stages of the investigation ... Of course, when he has evidence to work on. When they were missing an alarmed institution, ICO (the British equivalent of the Inspector General for Personal Data Protection) began an investigation, the findings of which bristled on the head of many British citizens. It turned out that the unlucky department sent in this way sensitive testimony from 2009, and after the data leak reported in 2015 allegedly "stopped" to do this use the mail service.

According to a Big Brother Watch report from 2016, 100 security breaches have been reported on the Manchester police account in the last four years. Unfortunately, the officers did not draw any conclusions from their previous mistakes, and as a result of that, again breaking the regulations of the Data Protection Act in force in the Isles, the police for the second time collected a fine of 150,000. pounds. For the second time, because in 2012, the same penalty was given for the loss of USB sticks with sensitive data.

Finally, it is worth quoting the words of Sally Anne Poole, an ICO representative commenting on the decision on the fine: " When people talk to the police, they have the right to expect that the information given to the officers will be treated with extreme caution ". Although this statement concerns a specific public service, its meaning can be extended to the whole phenomenon of entrusting data to external entities. Every customer and network user has the right to expect that his information will be stored and transported in the right way. Encryption tools, DLP solutions to protect sensitive data from leakage and modern backup products will help you. Without the latter, in the event of a major failure, there may be no longer what to protect. In the case of a smaller one, the evidence may not reach the judge. Both cases are worth avoiding.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.