It has been reported* that 19 members of staff at Derbyshire police have breached data protection rules by accessing information they were prohibited from seeing. Paul Ayers, VP EMEA, of data security expert Vormetric has made the following comments:
“All too often with these incidents, the security threat presented by those already on the inside is frequently an afterthought. While recent headlines have been awash with stories of nameless, elusive hackers, the Derbyshire police case demonstrates that there is a risk from internal users abusing access control privileges. In this case, police officers were not only in breach of their code of conduct but have also undermined public confidence in their work.
“Any organisation handling sensitive information needs to deploy security solutions that both manage the access rights of privileged users inside and outside of the database and also enable them to gather security intelligence around what is happening to that data. The best practice for database security includes encryption combined with database activity monitoring (DAM). Any organisation, regardless of function, required to balance security with compliance needs to take a ‘defence in depth’ approach to data security.”