The London Borough of Barnet has been slapped with a £70,000 fine by the Information Commissioner’s Office (ICO) after paper records containing sensitive information were stolen, along with a laptop.
The laptop was encrypted, preventing any further loss of data, but the ICO has called on the council to enact more organisational measures to prevent accidental losses occurring again and for paper records to be stored separately from computers.
The subsequent ICO investigation found that the council had an information security policy and had provided some guidance to its staff on handling sensitive papers, but the measures failed to explain how that information should be kept secure.
This is not the first time that Barnet has attracted the attention of the ICO. In June 2010 it signed an undertaking after an unencrypted, non-password protected USB stick containing the sensitive personal information of more than 9,000 children and their family members was stolen from the home of a council employee.
The employee had downloaded data onto the device without any authorisation in place, although it was later revealed that no training or security was in place to prevent this happening. The council introduced a paper handling policy following the incident, but this was not in place at the time of this latest loss.
“The potential for damage and distress in this case is obvious. It is therefore extremely disappointing the council had not put in place sufficient measures in time to avoid this second loss,” said Simon Entwisle, the ICO’s director of operations. “While we are pleased that Barnet Council has now taken action to keep the personal data they use secure, it is vitally important that organisations have the correct guidance in place to keep sensitive paper records taken outside of the office safe. This includes storing papers containing sensitive information separately from laptops.”
The ICO recently announced that the organisers of the London Marathon were to face an investigation after the home and email addresses of participants were accidentally posted on the event’s official website. The watchdog has had problems of its own to deal with though, after it became the target of a DDoS attack from Anonymous splinter group the ATeam.
What do you know about privacy? Find out with our quiz!
Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…
While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…
Shares in Donald Trump’s social media company rose about 16 percent after first day of…
Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…
More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…
IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…