Out-Law / Your Daily Need-To-Know

Ofcom 'disappointed' over employee's data misuse

Out-Law News | 11 Mar 2016 | 4:05 pm | 1 min. read

Ofcom has informed broadcasters about the "misuse" of their data by a former employee.

The UK's telecommunications regulator said that it had become aware of "an incident involving the misuse of third-party data by a former Ofcom employee" on 26 February.

According to media reports, a broadcaster notified Ofcom that one of its new employees, a former Ofcom staff member, had offered to hand over TV company information he had downloaded from Ofcom systems before leaving the organisation. The Guardian reported that the broadcaster's senior management did not exploit the information but instead told Ofcom about the incident.

An Ofcom spokesperson said: "On 26 February we became aware of an incident involving the misuse of third-party data by a former Ofcom employee. This was a breach of the former employee’s statutory duty under the Communications Act and a breach of the contract with Ofcom."

"Ofcom takes the protection of data extremely seriously, and we are very disappointed that a former employee has chosen to act in this manner. The extent of the disclosure was limited and has been contained, and we have taken urgent steps to inform all parties," they said.

A recent study by cyber insurance provider Beazley found that there was a rise in the proportion of data breach incidents stemming from hacking or malware attacks in 2015 compared to the previous year. It said 32% of all data breach incidents it analysed had stemmed from hacking or malware last year, up from 18% of incidents in 2014.

However, despite that trend cyber risk expert Ian Birdsey of Pinsent Masons, the law firm behind Out-Law.com, said that organisations still need to take steps to mitigate the risk of data breaches being caused by staff, whether inadvertently or deliberately.

"The Ofcom breach highlights why organisations need to invest in IT security to prevent such incidents where practicable, whilst also preparing for breaches including rehearsing how they should respond," Birdsey said. "No organisation can be 100% secure, which is now generally accepted. The Beazley study also highlighted the recent significant rise in ransomware based breaches, which is a trend we have noticed from breaches we have managed over the last 12 months."