Rochdale Council has been found guilty of breaching the Data Protection Act by losing data on more than 18,000 residents, it has been revealed.
An investigation by the Information Commissioner’s Office (ICO) found that the loss, which occurred in May when a finance department employee at Rochdale Metropolitan Borough Council loaded the data onto an unencrypted memory stick and lost it, was the result of insufficient data protection practices.
The Commission investigation found that that the council failed to provide employees with adequate data protection training, and encrypted memory sticks, even where it was known that these would be used to process personal data. Despite this, the ICO has not served the council with an enforcement notice or fined it, but rather signed an undertaking of agreed actions to implement changes to its policies by 31 March 2012.
“Storing the details of over 18,000 constituents on an unencrypted device is clearly unacceptable. This incident could have been easily avoided if adequate security measures had been in place. Our investigation uncovered a number of failings at Rochdale Metropolitan Borough Council – that’s why we will follow up with the council, to ensure they’re doing everything they can to prevent this type of incident happening again,” said acting head of enforcement, Sally Anne Poole .
“This was not an isolated incident,” adds Christian Toon, Head of Information Security Europe for Iron Mountain, “Other public sector organisations have recently been found guilty of being in breach of the Data Protection Act. Information on the move outside the company is always at risk unless it is properly encrypted and protected from human error. This requires more than just technology; it requires the development and active implementation of robust information management policies, supported by staff training and self-regulation.”
The ICO has produced guidance on the security measures that organisations should have in place when storing personal information electronically.
Legal headache deepens for TikTok in US, after a number of states file lawsuits alleging…
After HBO documentary names Canadian crypto expert Peter Todd as Bitcoin inventor – but he…
Supreme Court clears X to resume access in Brazil, after high profile clash between top…
US Department of Justice mulls asking judge to force Google to sell parts of its…
US Supreme Court declines to hear appeal from X, formerly Twitter, over nondisclosure order attached…
US federal judge orders Google to undertake wide range of measures allowing third-party app stores…