Soca's online child protection centre beefs up data encryption following ICO investigation

The Child Exploitation and Online Protection Centre of the UK's Serious Organised Crime Agency (SOCA) has improved security around personal data sent from its website.

The Information Commissioner's Office launched an investigation after a tip-off that information submitted using the online form on the Child Exploitation and Online Protection Centre (CEOP) website was not encrypted.

The security oversight meant that the personal details would have been vulnerable while they were being transmitted to CEOP's servers.

The Information Commissioner's Office (ICO) investigation found the data link had been insecure for several months after the launch of the new CEOP website. But the ICO found no evidence of any attempt to access the data.

The privacy watchdog said the Serious Organised Crime Agency (SOCA) had taken action to improve the CEOP website to secure the personal information it handles.

The ICO's acting head of enforcement, Sally Anne Poole, said organisations must make sure personal data transmitted electronically is adequately protected.
"We are pleased that CEOP and SOCA have taken action to make sure that all of the information sent in by members of the public remains secure," she said.

Peter Davies, chief executive officer of CEOP, and Trevor Pearce, director general of SOCA, signed a joint undertaking to ensure CEOP's website is regularly tested, so the personal data they process remains secure and potential weaknesses are immediately identified.

The ICO has published guidance on the security measures organisations should have in place when storing personal information electronically.

nb : computerweekly