Bord Gáis implements new security regime after major data breach

6 Nov 2009

Encryption is to be deployed on all Bord Gáis laptops and workers are to receive classroom training and awareness on data protection following an investigation on the loss of laptops containing details of 75,000 customers.

In June last year, four laptops were stolen from Bord Gáis offices in Dublin, just months after the semi-State launched a competing electricity product and attracted 75,000 new customers in mere weeks.

The Data Protection Commissioner immediately launched an investigation.

In recent days, Bord Gáis said it accepted the findings of the Data Protection Commissioner and outlined the steps it has taken to tighten up security.

The semi-State said it has completed the encryption process on all laptops and has reviewed and implemented changes to the sales management system, including removing inactive users and placing control of user access to within the Bord Gáis IT department on a strict “essential business” basis.

An acceptable usage policy and agreement using “best in class principles and practices” for information security has been provided to all Bord Gáis workers who will also attend classroom training on data security.

These follow recommendations by the Data Protection Commissioner calling for an immediate review of access to data and systems within Bord Gáis and an appropriate data governance structure be put in place.

Further steps being taken by Bord Gáis include the appointment of an Information Risk Officer who will report directly to the head of Internal Audit & Risk.

The internal training taking place at Bord Gáis cover: internal user security (email, internet, passwords), laptop and mobile device security, data classification, data handling and data protection physical security incident security response.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years