ICO Slams Rochdale For Data Loss

Rochdale Council has been found guilty of breaching the Data Protection Act by losing data on more than 18,000 residents, it has been revealed.

An investigation by the Information Commissioner’s Office (ICO) found that the loss, which occurred in May when a finance department employee at Rochdale Metropolitan Borough Council loaded the data onto an unencrypted memory stick and lost it, was the result of insufficient data protection practices.

Data still lost

The device, which has not been recovered, contained information already in the public domain including residents’ names, addresses and details of payments to and by the council, but no bank account details.

The Commission investigation found that that the council failed to provide employees with  adequate data protection training, and encrypted memory sticks, even where it was known that these would be used to process personal data. Despite this, the ICO has not served the council with an enforcement notice or fined it, but rather signed an undertaking of agreed actions to implement changes to its policies by 31 March 2012.

Unacceptable

“Storing the details of over 18,000 constituents on an unencrypted device is clearly unacceptable. This incident could have been easily avoided if adequate security measures had been in place. Our investigation uncovered a number of failings at Rochdale Metropolitan Borough Council – that’s why we will follow up with the council, to ensure they’re doing everything they can to prevent this type of incident happening again,” said acting head of enforcement, Sally Anne Poole .

“This was not an isolated incident,” adds Christian Toon, Head of Information Security Europe for Iron Mountain, “Other public sector organisations have recently been found guilty of being in breach of the Data Protection Act. Information on the move outside the company is always at risk unless it is properly encrypted and protected from human error.  This requires more than just technology; it requires the development and active implementation of robust information management policies, supported by staff training and self-regulation.”

The ICO has produced guidance on the security measures that organisations should have in place when storing personal information electronically.

Iris Cheerin

Recent Posts

TikTok Sued By US States For Allegedly Harming Children

Legal headache deepens for TikTok in US, after a number of states file lawsuits alleging…

12 mins ago

Canadian Crypto Expert Denies He Is Satoshi Nakamoto

After HBO documentary names Canadian crypto expert Peter Todd as Bitcoin inventor – but he…

1 hour ago

Google Confronts Break-Up Threat From US DoJ

US Department of Justice mulls asking judge to force Google to sell parts of its…

6 hours ago

US Supreme Court Rejects X’s Trump Appeal

US Supreme Court declines to hear appeal from X, formerly Twitter, over nondisclosure order attached…

1 day ago

US Judge Orders Google To Allow Android App Store Competition

US federal judge orders Google to undertake wide range of measures allowing third-party app stores…

1 day ago