Heathrow fined £120,000 for data breach

Posted by On October 10, 2018 0 Comment

Heathrow

Heathrow Airport has been fined £120,000 after a member of staff lost a memory stick containing ‘sensitive personal data’, which was later found by a member of the public.

Reports at the time of the loss last October claimed this included the Queen’s security and travel arrangements, although this has not been confirmed.

The Information Commissioner’s Office, which imposed the fine, said the USB stick, which contained more than 1,000 files, was not encrypted or password-protected.

The ICO said a small number of files on the stick contained ‘sensitive’ information, including a training video that revealed the names, dates of birth and passport numbers of 10 people.

The personal data of up to 50 Heathrow security personnel was also on the memory stick.

ICO director of investigations Steve Eckersley told the BBC: “Data protection should have been high on Heathrow’s agenda. But our investigation found a catalogue of shortcomings in corporate standards, training and vision that indicated otherwise.”

The ICO said that the memory stick had been passed on to an unnamed national newspaper. At the time it was found, the Mirror reported that it had been found in a West London street by a member of the public who viewed its contents at a local library and discovered information that included a timetable of patrols used to guard the airport, routes and safeguards for Cabinet ministers and foreign dignitaries, and the route used by the Queen when travelling to and from the airport, the exposure of which could have posed a threat to national security.

However, the ICO said the scope of its investigation was to look at personal data only. It said that only 2% of Heathrow’s 6,500 employees had been trained in data protection.

A Heathrow spokeswoman said: “Following this incident, the company took swift action and strengthened processes and policies.

“We accept the fine that the ICO have deemed appropriate and spoken to all individuals involved.

“We recognise that this should never have happened and would like to reassure everyone that necessary changes have been implemented, including the start of an extensive information security training programme which is being rolled out company-wide.”

source: Travel Mole