Skip over navigation

Council takes action after losing personal data



    Date:
    4 Jun 2010

    Print friendly version

    West Berkshire Council is taking remedial action after the Information Commissioner’s Office (ICO) found it in breach of the Data Protection Act (DPA) following the loss of a USB stick containing the sensitive personal information of children and young people.

     

    The memory stick, which was unencrypted and not password protected, contained, among other things, information relating to the ethnicity and physical or mental health of the children. The ICO found that unencrypted devices, in operation before the council introduced encrypted memory sticks in 2006, were still being used by members of staff. Further enquiries revealed staff had not received appropriate training in data protection issues and monitoring of compliance with the council’s policies was found to be inadequate. This is the second data security incident reported by West Berkshire Council within six months.

     

    Nick Carter, Chief Executive of West Berkshire Council, has now signed a formal ‘Undertaking' to ensure that portable and mobile devices used to store and transmit personal data are encrypted. Staff will also be made fully aware of the council’s policy for the storage of personal data and receive appropriate training on data protection and IT security issues.

     

    Sally-anne Poole, Enforcement Group Manager at the ICO, said:

     

    “It is essential that organisations ensure the correct safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children. A lack of awareness and training in data protection requirements can lead to personal information falling into the wrong hands. I am aware that staff have been provided with encrypted USB sticks since 2006 but older devices were not recalled. I am pleased that the council has now taken action to prevent against further data breaches.”

     

    The ICO has issued a Guide to Data Protection which includes tips for avoiding wrongful disclosure to help minimise the risks of security breaches occurring.

     

    Related topics:

    Add a comment


    Send me an email-alert when someone comments in this discussion:

    Please remember that your name and comment will be visible to all users of the Network, and that we may edit or remove comments without notice. Terms and conditions


    This document is for general guidance and research purposes only, and does not purport to give professional advice. Please check the date at the top of the article; the Workplace Law Network retains historic articles for general research.

    Related content

    Support from Workplace Law