10 OCT 2018: Heathrow Airport has received a hefty fine after a staff member of staff lost a memory stick containing 'sensitive personal data' last October. The USB stick was later found by a member of the public. 

Unconfirmed reports at the time claimed information on the stick included the Queen's security and travel arrangements.

The Information Commissioner's Office, which imposed the £120,000 ($204,154) fine, said the USB stick, which contained more than 1,000 files, was not encrypted or password-protected.

The ICO said a small number of files on the stick contained 'sensitive' information, including a training video that revealed the names, dates of birth and passport numbers of 10 people.

It also contained the personal data of up to 50 Heathrow security personnel.

ICO director of investigations Steve Eckersley told the BBC: "Data protection should have been high on Heathrow's agenda. But our investigation found a catalogue of shortcomings in corporate standards, training and vision that indicated otherwise."

The ICO said that the memory stick had been passed on to an unnamed newspaper.

The Mirror reported that it had been found in a West London street by a member of the public who viewed its contents at a library and discovered information that included a timetable of patrols used to guard the airport, routes and safeguards for Cabinet ministers and foreign dignitaries, and the route used by the Queen when travelling to and from the airport, the exposure of which could have posed a threat to national security.

However, the ICO said the scope of its investigation was to look at personal data only. It said that only two percent of Heathrow's 6,500 employees had been trained in data protection.

A spokesperson for the airport said, "Following this incident, the company took swift action and strengthened processes and policies.

"We accept the fine that the ICO have deemed appropriate and spoken to all individuals involved.

"We recognise that this should never have happened and would like to reassure everyone that necessary changes have been implemented, including the start of an extensive information security training program which is being rolled out company-wide."

comments powered by Disqus