Another UK council has been forced to admit to an incidence of data loss from within and this time the victims implicated in the breach are hundreds of disabled citizens from in and around Wigan.
The council was in the news back in September 2009 after it revealed the loss of personal data pertaining to over 43,000 local children. At the time the authorities said that they would be taking the threat of data loss and security seriously in the future as a result of the breach, but the latest occurrence has caused sceptics to question whether the measures have gone far enough.
Reports in local papers from the Metro region of Wigan said that private information of more than 200 disabled patients was lost when a USB memory stick was misplaced. There have been unconfirmed rumours that the device was left on a train by a council employee.
Sources say that the device did not store any financial data, but that employment details, NI numbers and names were all lost along with the USB memory stick. These could be used by criminals to build false identities and commit fraud against those affected by the loss.
Encryption expert Chris McIntosh said that Wigan Council had so far failed to instil in its staff the importance of data security when dealing with portable storage and revealed that the lost device was unencrypted and thus totally vulnerable.
According to Mr McIntosh, the council already has policies in place that ensure laptops used by employees are properly encrypted, but this regimen needs to be extended to all devices that can access its networks and download personal records.
Wigan Council has said that following the most recent data loss it will be rolling out encryption products across all of its storage media, although that the lessons of 2009 are having to be relearned again in 2010 is not a particularly positive sign.
The Information Commissioner’s Office (ICO) said that it is currently investigating the latest data loss in Wigan and will act accordingly once a full picture has emerged. An ICO spokesperson warned that the confidence of people around the UK could be lost if councils continue to fail when it comes to data protection.