Helping businesses improve their cybersecurity and achieve a range of compliance standards including:-
- Payment Card Industry Compliance Data Security Standard (PCI DSS),
- SOC 1, 2 and 3
- ISO 27001, 27701, 9001, etc
- Cloud Security, e.g. FedRAMP and CSA,
- NIST based including DFARS, CMMC, ITAR, etc
- Privacy, e.g. GDPR, CCPA, etc
- Healthcare, e.g. HIPAA and HITRUST
A highly successful Sales, Marketing, and Business Development professional with over 36 years of experience in the IT Industry. View my LinkedIn profile here http://uk.linkedin.com/in/bfpennington Receive my regular IT Security and Compliance tweets @bfpennington – www.twitter.com/bfpennington.
Why not subscribe to the email service that will notify you of new posts to the blog. The subscribe button is just on the right. All the views expressed are mine and may not be those of my employer.
Brian Pennington 
17/12/2017 at 8:19 am
Thursday 20 July 2017
ShareShareShare
Sutton Council apologises for data breach
File with names of benefits recipients was mistakenly published on website
The London Borough of Sutton has admitted that it mistakenly published the names of a group of people receiving benefits on its website.
Mistakes abstract – pencil over wordThe council has publicly apologised for the data breach and said it has begun to cooperation with the Information Commissioner’s Office (ICO) on an investigation.
A report in the Sutton Guardian says the London borough’s breach involved the inadvertent publication of monthly files listing people who receive payments of more than £500 for disability, adoption, fostering, day care respite and special needs on the council’s website. Hundreds of people were named in the files along with the amounts they receive.
The data was inadvertently posted in early June and again on a fresh spreadsheet last week. It was discovered on Monday 17 July, following which the files were quickly removed and the names and payments redacted before reposting.
Council statement
Sutton issued a statement on the incident that said: “Sutton Council was made aware of a potential data breach involving the inadvertent publication of the names of individuals in receipt of payments from the council. No other personal information has been released.
“We immediately removed the data in question upon discovering this breach. As part of our agreed internal policies we are carrying out an investigation and are in contact with the ICO. We will of course do everything we can to help the ICO should they wish to make further enquiries.
“We are sorry this has happened and want to reassure residents we take matters such as these seriously. We are reviewing our processes to take all steps necessary to avoid any instance such as this happening again.”
The revelation comes shortly after Newcastle City Council’s apology for a mistake in which it attached a spreadsheet with details of adoptive families to an emailing.
LikeLike
31/01/2014 at 9:18 pm
Really appreciate you sharing all of those great resources for PCI! Are you familiar with any of these webinars? ~ http://www.blackstratus.com/resources/webcasts-and-podcasts/ Some good ones in there, would love your take on the talk from Tracy Hulver.
Thanks!
LikeLike
19/08/2013 at 2:49 pm
Brian can you please contact me on neil.morgan@citadeldss.com best regards Neil
LikeLike
09/10/2012 at 11:01 am
Great read on PCIDSS and privacy legislation.
Keep up the good work Brian.
LikeLike
03/10/2011 at 8:29 am
Brian can you caontact me on martin.dixon@nccgroup.co.uk. Kind regards, MD
LikeLike
12/09/2011 at 10:36 am
Hi
very good read.
LikeLike