ICO takes education union ATL to task over data losses

The Information Commissioner's Office (ICO) has found the Association of Teachers and Lecturers (ATL) in breach...

The Information Commissioner's Office (ICO) has found the Association of Teachers and Lecturers (ATL) in breach of the Data Protection Act.

The ATL lost a laptop and memory stick containing the personal details of over 6,000 members of the education union.

No details of members’ bank accounts or other financial details were held on the laptop or memory stick, the union said.

Both devices, which were password protected but not encrypted, were lost or stolen while an ATL member was packing his car.

ATL general secretary Mary Bousted has signed an undertaking to ensure that all portable storage devices used for personal details are encrypted by 28 February 2010.

Organisations should prevent staff from downloading large amounts of personal data, said Sally-Anne Poole, head of enforcement at the ICO.

"It is vital that portable devices are encrypted if they are used to store personal information," she said.

In January, the ICO warned that organisations may face tougher sanctions if they fail to report security breaches that later come to light.

Firms that incur serious data breaches could be fined up to £500,000 when new statutory guidelines come into force on 6 April.

According to the ICO, over 800 data security breaches have been reported in the past two years.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.