The Information Commissioner's Office (ICO) has found the London
Borough of Sutton in breach of the Data Protection Act.
The ICO found that Sutton Council had lost sensitive data about
children and adults receiving social care in four separate
incidents in the past two years.
The data was stored on two unencrypted laptops that were stolen,
a paper file that was misplaced and a package of documents lost by
a courier service.
Paul Martin, chief executive of Sutton Council, has agreed to
ensure that portable and mobile devices used to store personal data
are encrypted.
The council has also agreed to ensure security measures are
adequate to protect personal information and to raise staff
awareness of data protection.
"We have started a programme of training to ensure all of our
staff who have access to personal data are fully aware of the
importance of keeping it safe," he said.
Sally-anne Poole, head of enforcement and investigations at the
ICO, called on all organisations to implement the appropriate
safeguards to ensure personal details are stored and processed
securely.
Sutton Council has signed an
undertaking to assure the ICO that personal data will be kept
securely in future.