A council that used encrypted memory sticks has been handed a reprimand from the Information Commissioner’s Office (ICO) after an employee’s struggle to use the technology resulted in data being lost on an unsecured replacement drive. A council that used encrypted memory sticks has been handed a reprimand from the Information Commissioner’s Office (ICO) after an employee’s struggle to use the technology resulted in data being lost on an unsecured replacement drive.According to a release put out by the ICO, Cambridgeshire County Council lost a stick containing case and meeting notes relating to least six ‘vulnerable adults’ in the council’s care, which it reported to the organisation last November.The highly unusual dimension to this case is that the non-encrypted memory stick had only been used after an employee “encountered problems” using the encrypted one handed out by the Council.The nature of the problem has not been revealed but underlines the problems organisations can encounter when using potentially complex technologies such as encryption.If passwords are forgotten, procedures need to be in place to receive a new one quickly. If the drive fails for a technical reason, staff need to have a convenient fallback that doesn’t involve simply using an unsecured replacement.“While Cambridgeshire County Council clearly recognise the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check their data protection policies are continually followed and fully understood by staff,” said the ICO’s enforcement group manager, Sally Anne-Poole.In fact the council had undertaken an internal campaign to promote the use of encryption shortly before the loss.The Council has escaped more serious action by signing up to a public undertaking to improve procedures although it is not clear how this differs from those in place at the time of the drive’s loss. The case will probably be glossed over by companies that sell products in this field but admins will be well aware of the underlying issues. Encryption can secure data but it can be a complex and time-consuming technology to manage in real-world situations. Related content news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Android Security Mobile Security news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities opinion Cybersecurity professional job-satisfaction realities for National Cybersecurity Awareness Month Half of all cybersecurity pros are considering a job change, and 30% might leave the profession entirely. CISOs and other C-level execs should reflect on this for National Cybersecurity Awareness Month. By Jon Oltsik Oct 03, 2023 4 mins CSO and CISO Careers Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe