Banking data stolen after laptop theft at local authority
Glasgow City Council has been slapped with a £150,000 fine after two unencrypted laptops containing personal details of over 20,000 people were stolen.
Bank account details of 6,069 individuals were stored on one of the laptops.
An investigation by the Information Commissioner’s Office (ICO) found that on 28 May last year two laptops were stolen from the Glasgow City Council offices during a refurbishment.
One laptop was locked up in its storage drawer and the key placed in the drawer where the second laptop was kept. But that second drawer was left unlocked, meaning the thief could easily get access to both.
One contained the council’s creditor payment history file, listing personal information of 20,143 people, including the bank data.
The ICO later found another 74 unencrypted laptops appeared to have been lost, with at least six known to have been stolen.
“Glasgow City Council was issued with an enforcement notice back in 2010 after a similar incident where an unencrypted memory stick was lost,” said Ken Macdonald, the ICO’s assistant commissioner for Scotland.
“To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow.”
A Glasgow City Council spokesman said the data loss “should not have happened”. “The council co-operated fully with the Information Commissioner’s Office and wrote to everyone potentially affected to advise them of the data loss,” he added.
“The ICO acknowledges there is no evidence that any bank accounts have been targeted, that the council immediately informed it of the theft and that we carried out significant remedial action.”
Are you a pedant on privacy? Try our quiz!