Warwickshire County Council has landed in hot water with the Information Commissioner's Office (ICO) after the theft of two computers and the loss of a memory stick containing personal data.
The ICO found the council in breach of the Data Protection Act and ordered chief executive Jim Graham to sign a formal undertaking to ensure that portable devices used to store personal data are encrypted.
Staff will also be made aware of the council's policy for storage of personal data. The council will implement other security measures to ensure that personal data is protected.
The ICO said the stolen laptops, which held sensitive personal information of pupils and staff from two schools, were not encrypted and not physically secured.
The council also reported a separate incident to the ICO, involving the disappearance of an unencrypted memory stick holding a small amount of personal data relating to children attending an education centre.
Sally-anne Poole, head of enforcement and investigations at the ICO, said it is essential that organisations ensure the correct safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children.
"A lack of awareness of data protection requirements can lead to personal information falling into the wrong hands," she said.