Councils Breach Data Protection Act
posted by Mark Boardbent | 09.07.2010
Three UK councils have breached the Data Protection Act after losing the personal details of thousands of children.
The Information Commissioner's Office (ICO) said the London Borough of Barnet, West Sussex County Council and Buckinghamshire County Council had shown a "poor regard" for protecting confidential information.
Sally-Anne Poole, enforcement group manager at the ICO, said the cases highlighted a lack of awareness about data security and poor training standards. She said: "It is essential that councils ensure the correct preventative safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children. A lack of awareness and training in data protection requirements can lead to personal information falling into the wrong hands."
Councils Data Breaches
The ICO detailed the data lost by the councils. Barnet lost information about more than 9,000 children after unencrypted CDs and a memory stick were stolen from the home of a member of staff who had downloaded the data without permission. The employee had received no training about data handling and no procedures were in place that would have prevented an unauthorised download taking place, according to the ICO.
West Sussex lost information about an unknown number of children and families after an unencrypted laptop was stolen from the home of a member of staff. Here again, the employee concerned had not received proper data protection or IT security training. The ICO said 2,300 unencrypted laptops were thought to be in use by the council. Lastly, a Buckinghamshire social work employee lost personal data, contained in a plastic wallet, about two children at Heathrow airport.
Council Data Losses
These are just the latest cases of the ICO investigating data losses at councils. West Berkshire Council was last month found in breach of the Data Protection Act after losing USB memory sticks containing the information of disabled children and young people. Highland Council, St Alban's City and District Council, Wigan Council and Warwickshire Council have all this year found themselves being investigated by the ICO.
The ICO said the three latest incidents are particularly concerning because they involved the details of children, and because there was a lack of training in data protection that led to two of the incidents occurring. The ICO has requested the three councils sign a formal undertaking that they will make their staff aware about data protection and policy on data storage and use. Barnet and West Sussex are to give their staff training on data protection and IT security, while Barnet - which had received a warning about data policy before, faces an audit before next April.
Companies providing Data Security
Companies providing IT Security