When many organizations think of high-profile data breaches, it's often the large server warehouses, storing terabytes of information that come to mind. But much smaller storage devices can also result in hefty fines, as was exhibited by a recent flash drive theft. According to ZDNet columnist Karen Friar, the Greater Manchester police faced fines of more than £150,000 due to the loss of serious crime data stored on a portable drive.

Friar also noted that the information on the drive was unencrypted, making it easy for the thief to view those records. An investigation by the Information Commissioner's Office revealed additional lax data security practices, as many officers regularly used unprotected flash drives. Although the police force had been issued portable drives that utilized data encryption software, officers replaced the secure storage devices once they had been filled.

"This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine," said David Smith, ICO Director of Data Protection. "It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action."

As Smith's comments suggest, if the data on the drive had been encrypted, the thief would not have had access to the information, mitigating much of the risk posed by the incident.