The UK Government’s former Information Commissioner, Richard Thomas, was recently interviewed by SC Magazine. It makes a very interesting read, especially on what Thomas describes as “politicians, senior civil servants and managers … not understanding the technologies and the risks.”

It also gives an insight into plans to introduce stronger powers for the Information Commissioner’s Office, such as increased notification fees for data breaches for larger organisations, new powers of inspection and much stronger sanctions against companies that have experienced breaches.

New sanctions are also planned to be introduced from next year when ‘a company or government department deliberately or recklessly ignore data protection requirements, and cause serious harm, then they will face a civil penalty’. Thomas explains that this will affect anyone who is a data controller, and there are over 300,000 of them in the UK.

All the more reason for organizations to evaluate their approach to portable data security – and take appropriate action to secure critical information.

A new report has confirmed what we already suspected:  2008 was the worst year yet for data losses and breaches. 

 The US-based Identity Theft Resource Center (ITRC) has announced there were 646 data breach incidents reported in 2008, a 47% increase over 2007, which was the previous record for the most breaches in a single year.

 The ITRC believes the increase is partly a result of wider use of unsecured USB drives and other portable storage media.  These were the biggest type of incident, accounting for 135 breaches - more than the 91 hacking incidents, or the 95 cases of accidental distribution of data publicly on the Internet.

 Many of these breaches could have been prevented, simply by using secure memory sticks with mandatory encryption to protect data on the move.  And ‘insider’ breaches - where employees take data for unauthorised use - can be tracked and quickly addressed with the right type of centralised management software.

 Is it too much to hope that 2009 will see a reduction in data breaches, for a change?

 Leading US networking title Network World has published its list of hot technologies to watch in 2009.  Number 3 in the list is data protection, with the article warning that “IT executives need to make data security a requirement every step of the way.”

 The article also points out that companies “in today’s world of mobile workers, teleworkers, and thumb drives … they need to focus on protecting data wherever it is.“  

This protection is a key feature of our range of secure USB flash drives - they make data security mandatory, so that users cannot interfere with, or turn off, the encryption.  It’s always on, removing any doubt over whether mobile data is protected in the event of loss or theft. 

 After the huge data losses of 2008, it’s no surprise that tighter data security is a hot area right now.  And SanDisk’s secure flash drives make security easy to enforce and deliver.

Fraudsters are offering details of 21 million German bank accounts for $15 million, according to a recent investigative report.

 Reporters for German magazine WirtschaftsWoche (Economic Week) managed to obtain a CD containing 1.2 million accounts after a face-to-face meeting with criminals in a Hamburg hotel. 

 The bank details were apparently stolen to order for the criminal gang by call centre employees, and smuggled out on personal USB flash drives - a situation that can be controlled with the right USB security in place.

With the right USB security policies, USB encryption, and management software in place, this type of activity could have been identified early, as the software keeps a log of files copied to and from all USB drives. 

 This in-depth audit trail would help to quickly detect the source of these data leaks, so that appropriate action can be taken.

 You’ll already know that the UK has led the world this year in high-profile data losses and leaks, especially from Government departments and their contractors. 

 These losses, from stolen laptops, unsecured USB flash drives and more, are neatly summarised here, and serve as a reminder of how easy it is for a data leak to happen.

 The leak that grabbed my attention was the loss of the details of all 84,000 prisoners in the UK on a USB flash drive.  The data was unencrypted - a large oversight, given the nature and sensitivity of the data.

 It could have been so easily avoided using a secure USB flash drive.  And would have given the organisation a ‘get out of jail free’ card in the event of the drive being mislaid.