UK Police Fined For Using Unencrypted Memory Sticks

An anonymous reader writes "The Information Commissioner's Office has filed a suit for £120,000 against the Greater Manchester Police because officers regularly used memory sticks without passwords to copy data from police computers and work on it away from the department. In July 2011, thousands of peoples' information was stolen from a officer's home on an unencrypted memory stick. A similar event happened at the same department in September 2010. 'This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine,' said ICO deputy commissioner David Smith."

Why are they even using USB flash drives?

[TWX]

Shouldn't they build or buy a system that allows employees to remote in? I work for a school system, and the school resource officers (which are city police officers) just VPN into their network from ours, so that they don't have to physically transport anything. Many of them even use computers provided by us instead of their highly-ruggedized but massively obsolete laptops...

Re:Why are they even using USB flash drives?

[Froggels]

"School resource officers (which are police officers)"

How orwellian can you get?

Sneakernet?

[bmo]

Really?

In 2012?

copy data from police computers and work on it away from the department.

Really? Aren't there such things as encryption and networks and the data staying on the bloody server?

--
BMO

Re:remoteing systems cost more then takeing data h

Remote terminals come out of the capital budget, virus removal comes out of the operations budget.

Standard...

[Bert64]

The problem is that there is simply no standard for encrypted removable storage... It seems every vendor of "encrypted" flash drives ships their own proprietary, usually windows-only binaries on the stick which may or may not work, and may or may not require various levels of privilege in order to install, and may or may not be full of all manner of security holes.
Pity the poor consultant carrying a windows laptop that contains all these various encryption drivers installed because he never knows what proprietary encryption scheme the next client will be using.

USB storage is a good standard, you can plug such a device into almost anything and it will be mounted and read... What we need is a similar standard for encrypted storage where you can plug it into almost anything, enter a password and it mounts without having to install any non standard drivers.

Very Common Problem

[GumphMaster]

Back in the 90s my home in Canberra (Australia's capital and a government town) was burgled. The first, and I mean very first, thing the police asked on arrival was, "I there any classified information involved?" I was standing there in my Air Force uniform, so I guess it was a reasonable question. Nothing I was working at the time could even remotely be considered safe to take home, encrypted or not, so the answer was a no-brainer. I guess I was dismayed that the event was common enough that the automatic response had kicked in though. Some things, it seems, don't change.

Re:*facepalm*

[mjwx]

Yes, a fine against the police department will certainly show them! Oh wait.. isn't it the taxpayers who pay for their budget... sooo, wouldn't that mean the taxpayers will wind up paying for this?

Yes, an organisation that collects fines for the taxpayer has levied a 12,000 pound fine against an organisation that is funded by the taxpayer.

The greater Manchester police will now have to apply for additional (taxpayer) funding to cover the additional cost of paying a fine to the taxpayers.

All of this should have been explained in the documentary Yes Minister.