The Information Commissioner’s Office (ICO) has taken action after data including private information relating to local children was lost by three separate councils around the UK.
Councils in Buckinghamshire, Barnet and West Sussex have been named and shamed by the ICO after they were found to be in breach of the Data Protection Act as a result of serious data loss incidents of which the ICO was made aware.
A portable storage drive and optical media packed with data pertaining to more than 9000 children in the borough of Barnet was stolen whilst under the care of a council employee. No form of encryption was used on any of the stolen devices and it was further revealed that not even a rudimentary password had been put in place, leaving the data completely exposed.
A laptop stolen from West Sussex County Council is known to have contained private information on children, although the council has been unable to determine just how many people have been implicated in this loss. Again the laptop was not encrypted.
In Buckinghamshire, a more traditional form of data loss was suffered when documents containing details relating to two children slipped through the fingers of the local authority.
The ICO’s Sally-Anne Poole said that it was unacceptable for local authorities to fail in their duty to secure data relating to children for whom they are responsible. She said data was particularly at risk during transportation, which is a point that has been reaffirmed with the most recent spate of data loss incidents.
Ms Poole blamed inadequate training for the various incidents and said that councils would need to properly protect data at all times using the appropriate measures.
Encryption expert Chris McIntosh said that the latest data losses that occurred within the framework of local government are symptomatic of the wider issues relating to inadequate protection that puts public data at risk of loss or theft.
Mr McIntosh acknowledged the fact that portable storage devices would continue to be lost and said that simple encryption can help to minimise the impact of human error when this does occur.
