The loss of personal data by the West Berkshire Council once again proves that employees will always be the weakest point in any security system, says Chris McIntosh, chief executive of encryption firm Stonewood.
The Information Commissioner's Office (ICO) found the council in breach of the Data Protection Act (DPA) for losing an unencrypted USB stick containing personal information about children and young people.
The ICO found that unencrypted devices, in operation before the council introduced encrypted memory sticks in 2006, were still being used by members of staff.
Organisations must make sure that they cannot breach security even inadvertently through use of rigorous protocols and automated technology to ensure that, for example, unencrypted USB sticks are correctly recalled, said McIntosh.
"While the organisation as a whole may know the value of encrypted data, it is imperative that not only do the workers know this, but that there is no opportunity whatsoever for sensitive data to be unencrypted at any point in its life," he said.
The council has been identified as the second most prolific local authority in the country in its use of data gathering powers granted by the Regulation of Investigatory Powers Act (Ripa).
"The fact that this is its second reported loss of sensitive, unencrypted data in six months is more than a little ironic," said McIntosh.
"Considering the council's willingness to gather information on its citizens, you might expect that nothing would be left to chance when protecting that information," he said.