Heathrow was required to pay a fine amounting to £120,000 after an employee lost a memory stick that contained dozens of the personal information of employees.
The details of a maximum of 50 security personnel, and 10 other people’s names, passport numbers, dates of birth, were exposed on the said memory stick. It was found by a member of the public.
The information was not encrypted as the person was able to view it at their local library prior to sharing the said information with a national newspaper.
Upon the investigation of the Information Commissioner’s Office (ICO), a UK data watchdog, it discovered that only two percent of the 6,500-strong workforce of Heathrow had gone under a training for data protection.
The head of investigations at the ICO, Steve Eckersley, stated: “Data protection should have been high on Heathrow’s agenda. But our investigation found a catalogue of shortcomings in corporate standards, training and vision that indicated otherwise.”
He added: “Data protection is a boardroom issue and it is imperative that businesses have the policies, procedures and training in place to minimise any vulnerabilities of the personal information that has been entrusted to them.”
The ICO also slammed the “widespread” use of Heathrow of memory sticks. It said that the practice contravened the own policies and guidelines of the airport.
A spokesperson for the airport said that it had taken speedy action in order to strengthen the processes after the breach.
They continued: “We accept the fine that the ICO have deemed appropriate and spoken to all individuals involved.”
They added: “We recognise that this should never have happened and would like to reassure everyone that necessary changes have been implemented including the start of an extensive, information security training programme which is being rolled out company-wide.”
They concluded: “We take our compliance with all laws extremely seriously and operate within the stringent regulatory and legal requirements demanded of us.”