News

East Lincolnshire Council issued penalty after losing children’s personal data

Clare McDonald

The Information Commissioner's Office (ICO) has served an £80,000 penalty to East Lincolnshire Council for losing sensitive data about hundreds of children with special educational needs.

The data went missing when a special educational needs teacher left an unencrypted memory stick containing the data unattended. She later returned to the computer to find the memory stick gone. The USB stick went missing in July 2011, and has never been recovered.

130906_cs0553.jpg

The data stored on the missing device included personal information about 286 local children. Details about their health, home environments and addresses were on the USB stick.

A report on the incident by East Lincolnshire Council confirmed many of the individuals affected would suffer ill health as a result of the data loss.

The council introduced a policy in April 2011 to ensure portable devices were encrypted, but it failed to ensure devices already in use prior to the policy met  encryption guidelines.

ICO head of enforcement Stephen Eckersley said: “Organisations must recognise that sensitive personal data stored on laptops, memory sticks and other portable devices must be encrypted. North East Lincolnshire Council failed to do this by delaying the introduction of a policy on encryption for two years and then failed to make sure that staff were following the policy once it was finally implemented.”

Eckersley said other organisations should heed this as a warning of the consequences of failing to comply with data protection regulations.

Last month, the ICO warned small businesses to make sure they encrypt customer data after a sole trader in Wembley was fined for losing a password-protected but unencrypted hard disk containing personal and financial details of 250 customers.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy