The information Commissioner's office has found the British
Council in breach of the Data Protection Act for losing an
unencrypted disk containing personal data of more than 2,000
employees.
The disk was lost in December 2008 while being transported by a
courier service employed by the British Council, which reported the
data breach to the ICO.
Data on the disk included trade union membership and bank
account details, which the ICO said could cause significant
distress to the individuals concerned.
The British Council has acknowledged that it did not take any
measures to safeguard the personal data on the disk.
The British Council has signed a
formal undertaking to take reasonable measures, including disk
encryption, to keep personal information safe in future.
The ICO has ordered a number of organisations to sign
undertakings following breaches of the Data Protection Act.
Organisations include two
NHS trusts, the
Home Office, Department of Health, Foreign and Commonwealth
Office and Orange Personal Communications Services.