Following the news that a Thames Valley police officer has been sentenced for leaking confidential material including witness statements to his father, Justine Cross regional director at Watchful software commented below.
Justine Cross, Regional Director at Watchful Software:
“The police officer sentenced for sending confidential police material to his father demonstrates the need for much tighter controls on how data is managed.
“Police have a duty to ensure that all investigative information is kept safe, especially when it concerns vulnerable people at risk of violence. Fortunately, this leak seems to be a case of mere bravado, but it could a corrupt officer supplying witness details to dangerous criminals. As it is, the leak has already caused unnecessary distress for those involved, as well as a substantial financial cost for the force.
“All forces must place greater emphasis on education campaigns to ensure all employees are fully aware of data policies and the impact of bad practice. Alongside this, more advanced security and data loss prevention policies such as information rights management and role-based access controls should be standardised across all forces.
“Data should be classified by order of importance automatically when it is created, and access should be restricted to a minimum of users. The most sensitive data should be labelled so that it cannot be moved or copied at all, preventing it from being externally emailed or copied to a USB.
“If data is encrypted against access from unauthorised users or prevented from being moved from the network, the chances of sensitive data being leaked, either accidentally or maliciously, will be greatly reduced.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.