Barnet Council has admitted that a USB memory stick containing personal information relating to over 9000 children has been stolen.
The portable storage device was taken from a council worker’s home during a break-in and the contained data can be easily accessed by anyone as there is no encryption whatsoever.
Barnet Council has sent thousands of letters out to notify those affected and it has been reported that every child who attended a local school between 2006 and 2009 may be affected.
The council worker who was the victim of the burglary had also taken optical storage and a council-owned computer home, together with the USB memory stick. All of these items were taken during the break-in.
According to council regulations, all portable storage devices are required to be protected by some kind of encryption. Officials have admitted that the whilst the computer was fully protected, the data stored on the USB drive was not, which represents a breach of guidelines.
A wide variety of data was contained on the device, including information about the ethnicity of the pupils, their educational performance and their postcodes. Some entries also had the contact details of the pupil in question, including landline telephone number.
Barnet Council posted an apology on its website, in which it said that the threat posed by the leaked data is believed to be minimal. It also said that after talking with police advisers it understands that the criminals were not specifically targeting data storage devices, but simply anything that could be seen to have a high resale value.
The council has also said that it has reviewed its risk assessment relating to data security with help from police and those who work with children.
The biggest measure subsequently taken by the council has been to prevent the use of USB and other portable storage devices. This means that no staff will be able to transfer data onto unencrypted devices in the future and all of its networked laptops will continue to be properly encrypted.
