This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.bbc.co.uk/news/business-45785227

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
Heathrow fined £120,000 for data breach Heathrow fined for USB stick data breach
(35 minutes later)
Heathrow Airport has been fined £120,000 by the Information Commissioner's Office for "serious" data protection failings.Heathrow Airport has been fined £120,000 by the Information Commissioner's Office for "serious" data protection failings.
It comes after a staff member lost a USB stick last October containing "sensitive personal data", which was later found by a member of the public.It comes after a staff member lost a USB stick last October containing "sensitive personal data", which was later found by a member of the public.
Reports at the time claimed this included the Queen's security and travel arrangements, although the ICO would not confirm this.Reports at the time claimed this included the Queen's security and travel arrangements, although the ICO would not confirm this.
Heathrow said it regretted the breach.Heathrow said it regretted the breach.
The Information Commissioner's Office (ICO) said the memory stick, which contained 76 folders and more than 1,000 files, was not encrypted or password-protected.The Information Commissioner's Office (ICO) said the memory stick, which contained 76 folders and more than 1,000 files, was not encrypted or password-protected.
It said only a small amount of files contained "sensitive" information, including a training video that exposed the names, dates of birth and passport numbers of 10 people. Personal data of up to 50 Heathrow aviation security personnel was also revealed.It said only a small amount of files contained "sensitive" information, including a training video that exposed the names, dates of birth and passport numbers of 10 people. Personal data of up to 50 Heathrow aviation security personnel was also revealed.
However, a report in the Mirror newspaper at the time suggested the breach had also posed a risk to national security.However, a report in the Mirror newspaper at the time suggested the breach had also posed a risk to national security.
It reported a man had found the memory stick on a West London street and viewed its contents at a local library, discovering information including:It reported a man had found the memory stick on a West London street and viewed its contents at a local library, discovering information including:
The ICO confirmed the memory stick had been passed on to an unnamed national newspaper.The ICO confirmed the memory stick had been passed on to an unnamed national newspaper.
However, it would not comment on the national security claims, saying that the scope of its investigation had been to look at "personal data" only.However, it would not comment on the national security claims, saying that the scope of its investigation had been to look at "personal data" only.
Steve Eckersley, ICO director of investigations, said: "Data protection should have been high on Heathrow's agenda. But our investigation found a catalogue of shortcomings in corporate standards, training and vision that indicated otherwise."Steve Eckersley, ICO director of investigations, said: "Data protection should have been high on Heathrow's agenda. But our investigation found a catalogue of shortcomings in corporate standards, training and vision that indicated otherwise."
Action takenAction taken
The ICO added that only 2% of the airport's 6,500-strong workforce had been trained in data protection.The ICO added that only 2% of the airport's 6,500-strong workforce had been trained in data protection.
Heathrow also declined to comment on the national security claims.Heathrow also declined to comment on the national security claims.
However, a spokeswoman said: "Following this incident, the company took swift action and strengthened processes and policies.However, a spokeswoman said: "Following this incident, the company took swift action and strengthened processes and policies.
"We accept the fine that the ICO have deemed appropriate and spoken to all individuals involved."We accept the fine that the ICO have deemed appropriate and spoken to all individuals involved.
"We recognise that this should never have happened and would like to reassure everyone that necessary changes have been implemented, including the start of an extensive information security training programme which is being rolled out company-wide.""We recognise that this should never have happened and would like to reassure everyone that necessary changes have been implemented, including the start of an extensive information security training programme which is being rolled out company-wide."