More emphasis should be placed on ensuring data encryption tools are deployed and the chances of human error are reduced rather than just relying on fines to stop data breaches.
That advice from Databarracks comes just days after Glasgow City Council was fined £150,000 for losing two unencrypted laptops adding to the many recent examples of public sector bodies that have failed to look after data.
But fines on their own are not acting as a deterrent, according to Oscar Arean, technical operations manager at Databarracks, who argues for more effort to be put in on the technology and user education fronts.
“The incident involving Glasgow City Council is quite staggering, and it is concerning to think that the public’s personal information can be mishandled in such a careless manner. When reading into the details behind the loss, it’s clear that fundamental mistakes were made that were very easily avoidable," he said.
Arean wondered just how so much information was allowed to be stored on unencrypted laptops and said that there should have been checks in place that prevented that situation from occurring.
“The focal point must now be to ensure incidents like this do not happen again, starting off by
addressing the systems and tools in place. If you are able to copy large numbers of records onto
mobile devices or laptops, then you are making it far too easy for similar episodes to occur again
and again," he added "Incidents and breaches of this nature have been occurring for years, and
lessons never seem to be learnt. Controls need to be implemented in order to prevent large numbers
of records being copied onto laptops in the first place.”