Compliance Guide:ICO (Information Commissioner's Office)
The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The Information Commissioner is appointed by the Queen and is responsible for administering the provisions of the Data Protection Act 1998 and the Freedom of Information Act 2000. If as an individual, or organisation you handle or record personal information about individuals, you have a number of legal obligations to protect that information. There have been numerous reports of laptop computers or storage devices such as USB memory sticks which contained personal information being stolen from vehicles, dwellings or left in inappropriate places. The Information Commissioner has formed the view that in future, where such losses occur and where encryption software has not been used to protect the data, regulatory action may be pursued. In November 2010 The Information Commissioner served two organisations with the first monetary penalties for serious breaches of the Data Protection Act. The first penalty, of £100,000, was issued to Hertfordshire County Council and the second penalty of £60,000, was issued to employment services company A4e for the loss of an unencrypted laptop which contained personal information relating to 24,000 people.
The ICO recommends that portable and mobile devices including magnetic media, used to store and transmit personal information, the loss of which could cause damage or distress to individuals, should be protected using approved encryption software which is designed to guard against the compromise of information.
Since encryption standards are always evolving, it is recommended that data controllers ensure that any solution which is implemented, meets the current standard such as the recommended FIPS 140-2 (cryptographic modules, software and hardware).
DESlock+ and the Data Protection Act.
DESlock+ is approved to FIPS-140-2 which will meet the needs of those organisations who are, or wish to store and process personal information. DESlock+ features such as full disk and removable media encryption along with the use of highly secure industry standard encryption algorithms will ensure data security for those using laptops and removable media such as USB memory sticks and portable hard drives.