Tom Morrison returns with his quarterly review of the world of information law
The Information Commissioner’s Office (ICO) has again made clear that it is not optional to encrypt personal data held on any portable storage device. Nevertheless, many businesses, charities and public sector organisations are either deliberately or unwittingly allowing the continued use of unencrypted devices. It would be a bit of a pun to say that encryption is key to data security, but it has for some time been clear that it is likely that you will be found to be in breach of principle seven of the Data Protection Act 1998 if you lose an unencrypted device containing personal data. Unfortunately, Greater Manchester Police (GMP) was reminded of that by finding itself on the wrong end of a £150,000 fine.
Based on the reported facts, it was a bit of a slam dunk for the ICO. A drugs squad detective took a memory stick home and kept it safe in his wallet. Sadly, his home was broken into and his wallet—along with the memory stick—was stolen. The memory stick contained details of