IE 11 is not supported. For an optimal experience visit our site on another browser.

Personal data on thousands left behind in pub

If you're carrying around sensitive information about tens of thousands of individuals, it's probably best not to leave it lying around in a bar during a drinking binge.
Dinner and drink at an English country pub. Be careful to not leave anything behind.
Dinner and drink at an English country pub. Be careful to not leave anything behind.Sean Whitton
/ Source: SecurityNewsDaily
By By Paul Wagenseil

If you're carrying around sensitive information about tens of thousands of individuals, it's probably best not to leave it lying around in a bar during a drinking binge.

But that's exactly what happened in London recently, said Britain's Information Commissioner's Office (ICO), the government body that deals with digital privacy and data protection.

A contractor working for Lewisham Homes, a non-profit "social housing" company that manages state-subsidized rental properties in south London, had copied information on 20,000 of his firm's tenants onto a USB flash drive.

Also on the drive, which was not encrypted or password-protected, were details of 6,200 tenants managed by Wandle Housing Association, a similar organization — plus the numbers of 800 tenant bank accounts.

Sometime in March, according to an apology posted by Lewisham Homes, the hapless contractor went out for a pint or three at a local tavern. When he finally left the pub, the USB drive stayed behind.

The drive was later found and turned over to police.

"Saving personal information on to an unencrypted memory stick is as risky as taking hard copy papers out of the office," Sally-Anne Poole, acting head of enforcement at the ICO, said in a press release. "Luckily, the device was handed in and there is no suggestion that the data was misused. But this incident could so easily have been avoided if the information had been properly protected."

As for the unnamed contractor, he "was in breach of our Data Protection procedures," Lewisham Homes said in its apology, "and as a result of this breach (he) has now been dismissed."

Security experts suggest that any data that could be used to steal people's identities should always be properly encrypted and password-protected, no matter what kind of digital media it's stored on.

Drinking experts suggest that patrons leaving an establishment at the end of an evening should always conduct a quick inventory of their belongings before staggering out the door.

 

By Paul Wagenseil