Information Commissioner welcomed for action against firm that failed to protect customer data

Reports of the Information Commissioner's Office (ICO) taking action against a company for failing to protect its customer data should be a wake-up call on the need for encryption.

Andrew Kahl, senior vice president of operations and co-founder of Credant Technologies, claimed that the ICO's action against a Kent-based insurance company for failing to protect data on around 2,100 of its policy-holders, reminds the industry of the need to encrypt private data, whether at rest or on the move.

Kahl said: “The firm blamed the data breach - which involved data going back as far as ten years - on a lack of staff training and poor data handling procedures, but the reality is that all firms need to adhere to IT security policies involving encryption of staff and customer's personal data.

“In addition, companies also need to enforce those encryption security policies using suitable IT systems. These systems act as an audit safeguard and can save companies money and embarrassment in the longer term.”

He also stated that he agreed with the ICO's comments that the case is a reminder that the appropriate safeguards should be in place to protect personal information and is very timely.

“The bottom line to all of this is that companies need to take care when handling private data. Data needs to be encrypted and the good news is that the technology required to do this need not cost the earth," said Kahl.

Sign up to our newsletters