UK Police Fined For Using Unencrypted Memory Sticks

An anonymous reader writes "The Information Commissioner's Office has filed a suit for £120,000 against the Greater Manchester Police because officers regularly used memory sticks without passwords to copy data from police computers and work on it away from the department. In July 2011, thousands of peoples' information was stolen from a officer's home on an unencrypted memory stick. A similar event happened at the same department in September 2010. 'This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine,' said ICO deputy commissioner David Smith."

*facepalm*

[girlintraining]

Yes, a fine against the police department will certainly show them! Oh wait.. isn't it the taxpayers who pay for their budget... sooo, wouldn't that mean the taxpayers will wind up paying for this? Some of them, twice even -- once for the loss of data, and again when they have to pay for it with their next tax return (admitedly, mere fractions of a pence, but it's the principle of the thing). That seems like a terribly effective method of teaching those officers not to leave sensitive data around! Far more effective, I think, then suspending one without pay or additional training how how to properly handle sensitive information.

Re:What's the solution (for Linux)?

[Bert64]

Remove the usb-storage module, or blacklist it so that it cannot load.

Other classes of usb device have their own modules, which you can either leave alone or remove at your leisure if you want to use them (printers etc)...

You could also just disable the automount service, then no removable media will get mounted and you would need root in order to access it manually.

It's actually much easier than the various hoops people jump through to try and implement the same on windows.