Published on : Tuesday, October 9, 2018
More than 1,000 files across 76 folders were viewed at a public library last year before being handed over to the Sunday Mirror.
The USB stick, neither encrypted nor password protected was found by a member of the public in Queen’s Park,west London.
The files reportedly had information related to security measures for the Queen’s protection at Europe’s busiest airport, the ID required to access restricted areas and the locations of CCTV camera and tunnels connected to the Heathrow Express.
It also had a training video that had personal data of 10 individuals expected to be involved in a particular greeting party along with the details of around 50 Heathrow security personnel.
Airport’s chief executive John Holland-Kaye subsequently told the MPs that security had not been compromised. While the ICO director of investigations Steve Eckersley that data protection should have been high on Heathrow’s agenda. As per the investigations there were shortcomings in corporate standards, training and vision that indicated otherwise.
Only 2% of the 6.500 strong work force were trained in data protection. It is imperative for businesses to have policies, procedures and trainings to reduce any vulnerabilities of personal information that has been entrusted to them.
There were concern related to removable media in contravention of Heathrow’s own policies and guidance. Ineffective controls preventing personal data from being hacked onto unauthorized or unencrypted media.
A number of remedial actions was carried out by HAL after being informed of the breach and the matter being reported to the police.
Only 2% of the 6.500 strong work force were trained in data protection. It is imperative for businesses to have policies, procedures and trainings to reduce any vulnerabilities of personal information that has been entrusted to them.