Peapod Consulting responds to HM Revenue & Customs potential breach of personal data Wednesday 21 November 2007 PDF Print Bracknell (UK), 21 November 2007 : Peapod Consulting, a GSS company, described the news that 25 million people’s personal details have gone ‘missing’ from HM Revenue & Customs (HMRC) as inevitable. Just yesterday, Peapod voiced its concern following the news last week from the Information Commisioner’s Office that nine out of ten adults worry that organisations are failing to keep their personal information secure. For them, this news couldn’t have come at a worse time. Robin Hollington, Director of Consulting for Peapod (UK) Ltd, has been working in the IT Security arena for over 10 years. During this time he has provided indispensable advice to organisations on how to protect sensitive data, from personal customer records to sensitive business plans and confidential financial results. Additionally, Peapod has been carrying out security reviews as bespoke consulting assignments for more than five years to check organisations’ defences are impenetrable. Robin made the following initial statement : “It’s pointless everyone pointing fingers now and placing the blame on a junior clerk, so let’s not jump on the bandwagon and throw mud at HMRC for the sake of it. They have a massive duty of care, which has been breached, but then so do lots of people. Whilst it is not acceptable to be losing data of this nature, HMRC are not the only large organisation to lose client data as there have been other high profile losses – like Nationwide Building Society and TKMaxx. How many companies’ back up tapes have been stolen from the back of vans that are never made public? “Despite the potentially devastating short term implications of the incident, the real cost of the breach will be the long term damage done to the implicit trust with which Britons have been prepared to hand over their personally identifiable data and bank details. When the CDs eventually turn up, who is to say whether they have, or haven’t, been copied? The opportunistic thief can then wait one, two, three or even ten years to exploit the data – long after this incident is forgotten. This is a long term, potentially never ending problem and what is needed now is vigilance by everyone for any unusual account activity. But then, we’ve been doing this already, haven’t we? “For the government a more demonstrable response is required. It needs to act swiftly or it can consider its headline national identity card policy and the NHS Patient Record initiatives dead in the water. It could even find itself paying the ultimate price at the next elections as an increasing sceptical public seeks a safer pair of hands in which to place the reins of power. That said it will not fix the problems overnight. No organisation of this size does. We know there are relatively simple solutions to the problem, technically. However the issue is normally with people and procedures. "Information leakage from within and low-tech unauthorised disclosures are two major causes for concern, as are lack of management awareness, staff education relating to the use of removable media, working outside of the secure office environment etc., the list goes on. Although professional security experts have been advocating cohesive physical, information and technical security controls for many years, the holistic view is still all too often rejected and the culture of "someone else's problem" is very much prevalent. Government Departments often mandate suppliers are certified to ISO 27001 (the best practice Standard for Information Security), this is a wake up call to practice what they preach. Adoption of the standard need not be a costly exercise. “I’m sure HMRC has policies in place that should have prevented this crisis in confidence but if these policies are not communicated to every member of staff, or are enforced, then they are not worth the time they took to write. Additionally, there are simple, cost effective solutions available that could have force encrypted this data as soon as it was passed outside the secure environment, in this instance downloaded to a CD. “The lessons on offer in the wake of this disaster are clear, and show absolutely that all entities, public and private, in possession of personally identifiable data about UK residents must regard this unfortunate occurrence as a massive accelerant in their endeavours to ensure the sustainability of the confidentiality, integrity and availability of their critical information assets. “Information security assurance can no longer be dismissed by business leaders as an afterthought, but must be treated as a cornerstone of any organisational strategy by any enterprise serious about remaining in business as a going concern in the 21st century. “By adopting a sound organisational security policy that is effectively communicated to every member of staff, ensuring compliance is embedded in operational processes, implementing a regular audit programme and insisting on technical compliance testing of your internal and internet facing IT infrastructure, as well as testing staff are adhering to these processes and policies - all aspects covered by the ISO 27001 standard - you stand the best chance of minimising the likelihood of a security breach." - ends - About Peapod Consulting Peapod (a GSS Company) has provided Internet and information security solutions since 1995. Innovative in its approach, Peapod partners best-in-class vendors to identify and solve security threats and issues. As these have increased in both their subtlety and severity over the years it has built on existing partnerships and introduced new technologies and a range of independent consulting services to help its customers meet the evolving challenges of today. The marketplace has long moved on from just security to what Peapod now calls unified corporate governance. This covers all aspects of information security and assurance, regulatory and legal compliance, business continuity and privacy. Peapod is in a perfect position to help all types of organisation achieve many aspects of unified corporate governance through the deployment of technology, frameworks or independent consulting advice and services through its Consulting division. The merged GSS/Peapod has over 2000 clients across both the private and public sectors, GSS/Peapod has staff with the required levels of accreditation and qualifications to convince most new business clients that Peapod is not just a company they can safely do business with today but also one that they can forge a partnership with for many years to come. In September this year Peapod merged with Global Secure Systems with the vision to become the Most Respected Information Security Partner and Trusted Advisor in our ever changing world. More information about Peapod and its services is available at http://www.peapod.co.uk. Press Contact : Dulcie McLerie / Kieran Cahill Strategic PR Tel: 01494 434434 Email: dulciem / email@example.com This press release was distributed by ResponseSource Press Release Wire on behalf of Strategic Public Relations Ltd in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.