Tag Archives: Ms Poole

Further local government data losses emerge

The Information Commissioner’s Office (ICO) has taken action after data including private information relating to local children was lost by three separate councils around the UK.

Councils in Buckinghamshire, Barnet and West Sussex have been named and shamed by the ICO after they were found to be in breach of the Data Protection Act as a result of serious data loss incidents of which the ICO was made aware.

A portable storage drive and optical media packed with data pertaining to more than 9000 children in the borough of Barnet was stolen whilst under the care of a council employee. No form of encryption was used on any of the stolen devices and it was further revealed that not even a rudimentary password had been put in place, leaving the data completely exposed.

A laptop stolen from West Sussex County Council is known to have contained private information on children, although the council has been unable to determine just how many people have been implicated in this loss. Again the laptop was not encrypted.

In Buckinghamshire, a more traditional form of data loss was suffered when documents containing details relating to two children slipped through the fingers of the local authority.

The ICO’s Sally-Anne Poole said that it was unacceptable for local authorities to fail in their duty to secure data relating to children for whom they are responsible. She said data was particularly at risk during transportation, which is a point that has been reaffirmed with the most recent spate of data loss incidents.

Ms Poole blamed inadequate training for the various incidents and said that councils would need to properly protect data at all times using the appropriate measures.

Encryption expert Chris McIntosh said that the latest data losses that occurred within the framework of local government are symptomatic of the wider issues relating to inadequate protection that puts public data at risk of loss or theft.

Mr McIntosh acknowledged the fact that portable storage devices would continue to be lost and said that simple encryption can help to minimise the impact of human error when this does occur.

ICO tackles additional law enforcement data loss incident

The police service in Kent has been reprimanded by the Information Commissioner’s Office (ICO) after it was found to have breached regulations governing data protection in what will be the second data leak from a police organisation this month.

The Independent Police Complaints Commission (IPCC) was confronted by ICO representatives last week after it neglected to provide data following on from Freedom of Information requests in 69 separate incidents within the allotted timeframe. Now Kent Police have admitted to the ICO that personal data was lost as a result of poor loss prevention measures.

The ICO’s Graham Smith believes the case of the IPCC will be regarded by other public organisations as an example as to how sluggish action in the face of legal requests backed up by the Freedom of Information Act can have negative repercussions. Clearly this example has not been significant enough in its influence to pre-empt data related problems elsewhere in the organisation.

The latest incident of data loss involves the theft of documents which were removed from a vehicle used by a Kent Police officer as it was parked outside the home of a member of the public. The thief discarded the data and it was subsequently discovered by a concerned citizen and reunited with the authorities at the local police headquarters.

The ICO revealed that Kent Police carried out its own internal inquiry, which determined that the documents should have been transported in a high security briefcase and stored at the officer’s home in a specially designed safe. The officer in question had neither of these items available and so the inadequate security measures resulted in the personal information in question slipping into the wrong hands with relative ease.

The ICO’s Sally-Anne Poole said police organisations are required to adhere to specific security measures when data is in transit or storage and that these measures are tightened when the data in question is of a particularly sensitive nature. Ms Poole said that this incident was likely to be the result of inadequate staff training and managerial awareness as to the requirements.

West Berkshire Council suffers second data loss

An unencrypted USB stick used by staff at West Berkshire Council has been reported as missing to the Information Commissioner’s Office (ICO), representing the second incident of serious data loss from the authority in 2010.

An ICO source has confirmed that the missing USB device was not protected by encryption or any basic password system. It has also been revealed that the personal information stored on the drive relates to thousands of children living in the region.

Details on the device are known to include the physical and mental condition of the affected youngsters, along with their ethnic origin.

The council had been using encrypted USB drives for the past four years. However, the ICO said that devices pre-dating this security overhaul were still in use, and the missing drive is believed to be one of these older, unencrypted examples.

The ICO found that staff working for the council had not received the training necessary to properly protect the data in their care. It also said that the council was not monitoring data use or ensuring that it was in compliance with government regulations.

A spokesperson for the council said that its chief executive had committed to removing all unencrypted storage devices from circulation and ensuring that future devices cannot be accessed by third parties.

The ICO’s Sally-Anne Poole said that firms and organisations of all types need to take greater precautions when using portable storage solutions, as unencrypted devices cannot protect the data they store in any way, and can easily fall into the wrong hands if lost or stolen.

Ms Poole said that the ICO was pleased with the council’s commitment to changing its policies and tightening its data security relating to portable devices and that the ICO had been suitably convinced that such an event could not easily occur again.

Although the council has reported the loss to the ICO and undertaken the necessary changes, it has not made public information as to how or where the USB drive was misplaced.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal