The great ICO sweepstakes starts here ...
can I take
1) derisory fine
2) nothing really bad
Personal data linked to 1,000 Customer Delivery Services staff at HP was accidentally emailed to an external third party yesterday. Insiders told us that HP CDS sent the entire employee payroll's info – which contained National Insurance numbers, addresses and salaries – to an unknown party yesterday by accident. An HP …
Try a stunt like that where I work, and it would have been spiked by the outgoing mail filter, which has some very clever rules.
Of course if HP aren't using an outbound mail filter, it does question their competence in the area of advising other people about IT security.
"It is understood that the incident was caused by human error, but HP has processes in place to prevent these types of outcomes, and it is not known why the person did not follow them."
Which is why you take precautions to prevent human error from causing major problems. Like Data Leakage Protection between your internal and external connections. Something that detects things like National Insurance Numbers and PAN details in an email and blocks it from being sent outside the company without additional authorisation.
FFS Exchange 2013 has some of this built in already, its not hard you know!!!
HP were never the greatest in terms of process or reliable technical interaction. However, of late they appear to be in complete meltdown. Systems are a shambles. They've just allocated dedicated account managers for 2 men and a dog SMBs trying to compete with their channel partners. Had some HP chap begging me last week to let him bid for two desktops in one of my accounts. Basically copying their nemesis channel rip-off strategy.
Agree that the ICO is completely toothless. HP will wave their "look at how many people we employ in the UK" knickers at the Department for Business Innovation and Skills and they'll tell them what fine / warning will be acceptable to them.