Today a report published by U.K.’s Information Commissioner’s Office (ICO) highlighted the data protection challenges and privacy risks agencies face when dealing with sensitive personal information. While the ICO’s study was limited to the foster care system, their findings highlight the importance of protecting sensitive personal information across all social services.
Risks and Penalties
- Highly sensitive personal information concerning foster carers and looked after children is routinely emailed between agencies and local authorities for the purpose of arranging foster care placements without encryption. The lack of such safeguards increases the risk that the information could be inappropriately accessed.
- The majority of agencies visited did not encrypt mobile devices used to process, store or transport personal data. This included items such as laptops and USB sticks. If lost or stolen, any such devices containing sensitive personal data could be easily accessed.
- Fostering agencies often require carers to provide them with updates about looked after children but they do not provide secure methods such as VPNs by which to do this. Sensitive personal information is therefore processed on home computers and stored in the ‘cloud’ in ISP or webmail accounts (Hotmail, Gmail etc.).
- Some agencies allow their staff to carry out work involving sensitive personal data on their home computers instead of providing appropriate remote access to their network, an encrypted memory stick or a work issued encrypted laptop on which to save their work.
- Adequate data protection/information security training is not provided by agencies to their staff.
John-Pierre Lamb, ICO Group Manager in the Good Practice team, said, "The worst breaches of the Data Protection Act can lead to a monetary penalty of up to £500,000, but when you consider the sensitivity of the information this sector is responsible for, the human cost could be far more significant.”
How to Get Compliant
Nowhere is the need for privacy more important than in protecting personal information about children in need and the foster families who help them. Minimizing this threat doesn’t necessarily mean rigid, cumbersome security measures of the past. A few best practices that could prevent a breach of this nature:
- Secure sensitive documents: Using a DRM solution like FileOpen RightsManager allows you to grant permission to only certain users. If one of those users accidentally forwards the document to the wrong person, it can’t be opened or viewed. Moreover, DRM enables you to instantly revoke access to a previously authorized recipient, if necessary, or even to one of their devices if misplaced or stolen.
- Enforce usage and retention policies: Advanced DRM solutions allow you to control exactly how a recipient uses your document, adding layers of security to the most sensitive documents. Restrict or expire privileges on a need-to-know basis. Different organizations, and levels within them, can be granted unique sets of permissions on the same document.
- Apply detailed watermarks: As a final measure of security, watermarks can ensure the traceability of sensitive documents by overlaying key information about the user, such as their name, date, time, printer and location. Watermarks can provide the “smoking gun” in determining where and when a document was leaked, and aid authorities in enforcing compliance with privacy regulations.
- Enable secure, but uncomplicated access: At the core of any failed security initiative is an overly complex, hard-to-use solution. FileOpen eliminates such hurdles with the FileOpen Viewer, which provides access to protected documents through Web browser with no plugins or desktop software required. It also provides Android or iOS user’s access on their smartphones and tablet through native applications.