The UK Information Commissioner's Office (ICO) recently announced that it has issued an undertaking to News Group Newspapers Limited (NGN). An ICO undertaking commits an organisation to a particular course of action in order to improve its compliance with data protection rules. NGN publishes some of the UK's most popular newspapers including The Times, The Sun and The Sunday Times. The ICO investigated the media group following reports that part of the website of The Sun newspaper had been hacked, and customers' personal data leaked on the internet, in July 2011. The investigation exposed alleged weaknesses in NGN's management of its IT network and also revealed that, although NGN did have information governance policies in place, they had not been followed. NGN has agreed with the ICO that NGN will: (1) ensure that all staff are aware of NGN's policy for the storage and use of personal data and are trained on how to follow the policy; (2) improve technical security controls so that similar incidents are prevented; (3) monitor compliance with data protection policies going forward; and (4) implement measures to ensure that customer data is regularly cleared in line with a defined retention and disposal policy.
TIP: The terms of the agreement between NGN and ICO provide guidance for other companies subject to UK law about how to manage their IT networks. Such companies should ensure that they have strong security policies and procedures in place and that employees are aware of these policies and trained on their requirements.