Home News Contact Press Links


and help them preventing identity theft occurring

The ID-Security.org Manifesto on
ID Security and Prevention of Data Loss

As yet another lapse in data handling procedures is highlighted with a lost laptop from the British Ministry of Defence (MOD). Data held on the laptop includes passport, National Insurance numbers and bank details. The laptop was taken from a car.

In the same week another data blunder occurred near Exeter airport when a bundle of papers were found showing copies of passports, peoples banking details and benefit claims.

Here we present a number of data handling procedures that should be adhered to to prevent personal information getting in to the wrong hands:

  1. Make it against company policy to transport data between computers using removable media including USB Pen Drives, external hard drives, CDR and DVDR drives.
  2. Do not allow company PCs access to websites that have access to a web ftp facility, so allowing data to be uploaded to the internet on to a persons personal webspace.
  3. Log access to all files which could be used to access personal data.
  4. Do not allow database files, or text files to be stored and (or) transported between buildings using laptops.
  5. Only keep a single occurrence of a database to be stored centrally, with backups stored in a secure location using audited tracking procedures.
  6. Only allow employees limited access to files that he or she requires. This can be achieved through a users rights using built in security of the operating system. Track all access to these files.
  7. Access to data should only be allowed over a secure connection within the companies network.
  8. If using a laptop to access the data, then a connection should be made to the server holding the data using a terminal session. It should not be possible to download the data to the laptop from the secure session.
  9. Databases should be owned or sponsored by a designated person. This person would be responsible for allowing access to the data, and should be aware of anyone who has access to it.
  10. If a subset of the data is required then this data should be signed for with a person who has overall ownership of the data.
  11. Access to data should be allowed through a designated sponsor.
  12. Owners of the data should be able to allow data access at specific times of the day using auditing and tracking software.
  13. Any data  that is printed out should not leave the building where it was printed, once used it should be shredded or incinerated beyond use.
  14. If removal of printed data from the building is required, then this should be signed out from the data's owner, and signed back in once finished with.

Data security is of utmost importance when dealing with banking information and large amounts of personal detail.

Governments must take great care of our personal information, and not let it get into public view - if it does then the result can be nothing short of catastrophic for the individuals concerned. With the recent news stories regarding various departments within the British Government about millions of items of data we should be particularly wary of what data is held about us.

We can all do something which will help minimise our risks of online fraud and ID theft.

Using the following articles will greatly assist in helping you come to terms and alleviate the online menace of Identity Fraud and data misuse.

ID-Security.org  have articles and information which cover many aspects of Identity Fraud and data security which will help you protect your information and also recover if you become the victim of this crime:

How to Prevent Your Mail Being Used in Identity Theft - Find out what to do if you are affected by someone else obtaining a credit card with your name.

Make it Hard for People to Easily Obtain your Details - Get information on what the fraudsters are doing to find personal information about yourself, if you make it harder you will prevent the possibility of credit identity theft prevent.

Recovering from Identity Fraud - Details on what to do, should you become the victim of this awful crime with computer identity theft.

How to use online payment services safely - Use your credit card online only when you know that you are safe to do so. Make sure that you can spot the tell tale signs of a fraudulent site which is only set up to obtain your details.

Be able to Spot Fake Emails from your Bank - Not all emails are legitimate ones, make sure that you aren't a victim of an online Phisher whose only job in life is to make yours a penniless one.

Don't get Skimmed - Even when using your credit cards in shops and gas stations your details can be stolen by crooks who skim your card and steal your credit card information and PIN numbers and use them for credit card fraud.

Be Careful When you use the Phone - People will ring you at home pretending to be your bank or lender and will try to get details off you regarding your banking activities.

Social Networking Safety Information - Sites such as Bebo, Myspace and Facebook are great, however they make rich pickings for thieves looking for personal information with which identity fraud could be committed.

Global Phishing Attacks by Online Fraudsters - Phishing is on the increase, and agencies are doing all that they can to counteract it.

Identity Fraud in the News - Find out all the latest news on Identity Fraud and Identity Identity Security.

The UK Data Protection Act 1998 - What does it mean in plain English?

Identity Theft and ID Security Glossary of Terms - Get to know the what the latest terms and words mean.

 

 

 

 


Keep your Personal Data Safe