BAA Limited which owns and operates the U.K.'s largest airport, Heathrow, has been admonished by the country's privacy watchdog for a litany of blunders that led to a Heathrow employee losing a USB memory drive containing highly sensitive information in central London (Oct 2017) where it was later discovered by a member of the public. The individual later viewed the contents of the memory stick on a public library computer. One of the gravest missteps was that the data contained on the device was neither password protected nor encrypted.
Subsequently the individual handed the stick to the Sunday Mirror, who in turn made a complete copy of the sticks contents before returning the USB to Heathrow Limited. The failure to encrypted and password protect the device was in violation of Heathrow’s own data protection protocols. In demonstrating the severity of the breach the Sunday Mirror ran a story titled “Terror threat as Heathrow Airport security files found dumped in the street," noting that the information included "the exact route the Queen takes when using the airport and security measures used to protect her."
On 15th October the Information Commissioner's Office announced that it had fined BAA Limited and Heathrow Airport Limited £120,000 under the Data Protection Act 1998, in effect at the time of the breach and now replaced by GDPR.
"Data protection should have been high on Heathrow's agenda. But our investigation found a catalog of shortcomings in corporate standards, training and vision that indicated otherwise," says Steve Eckersley, the ICO's director of investigations. "Data protection is a boardroom issue, and it is imperative that businesses have the policies, procedures and training in place to minimize any vulnerabilities of the personal information that has been entrusted to them."
Does your business handle customer information like names, dates of birth and financial details?
Could your business handle the costs and inconvenience of an ICO investigation?
Insurance can cover the costs associated with an investigation. Contact us on firstname.lastname@example.org and we would be only too happy to assist you.