The BBC has confirmed that a laptop and several memory sticks containing the names, addresses and mobile phone numbers of children, as well as dates when families were planning to go on holiday has been stolen from a staff vehicle. The BBC has since informed the parents of those affected, and is currently reviewing internal security procedures across its programmes.
Jamie Cowper, Director of Marketing EMEA at data protection expert PGP Corporation, has made the following comments:
So the BBC has become the latest public body to fall foul of poor data security policies and again, it is children who are at risk of having their personal information exploited or misused.
Its certainly surprising that, with so many cautionary examples of data loss to draw upon, the BBC has still suffered this breach. Previous incidents should have served as a warning and to call a review of organisational security policies now is unfortunately a case of closing the stable door after the horse has bolted.
If there were any lessons to be learned from HMRC, its that data stored on removable media be it CDs or USB sticks is just as susceptible to loss or theft, and should by no means be forgotten when it comes to enforcing corporate data security policies.
If organisations are to continue to support mobile working without impacting on employee freedom or putting data at risk, then existing security policies must be extended beyond laptops to include removable media. That way, staff looking to download corporate data can only do so if they have been authorised and the data will remain encrypted during transmission ensuring that if and when devices such as memory sticks do go missing, the data on board remains secure.