Glasgow City Council has been fined £150,000 for losing two laptops which held personal details of more than 20,000 people.
The Information Commissioner’s Office (ICO) fined the council over the loss of two laptops, but also discovered during the investigation another 74 unencrypted laptops have gone missing.
The two laptops were stolen from council offices in May of last year as they were not locked away securely at the end of the working day.
One of the stolen laptops contained information on 20,142 individuals, including bank details of 6,069 people.
Glasgow City Council had already been issued an enforcement notice for breaching the Data Protection Act after an unencrypted memory stick with personal data was lost three years ago.
The investigation found out that the council had issued its staff with unencrypted laptops after having problems with the encryption software. According to the ICO most of these devices were later encrypted, however it found a further 74 unencrypted laptops missing, with at least six known to be stolen.
Ken Macdonald, the ICO’s Assistant Commissioner for Scotland, said: “How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief. The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people’s details have been compromised.”
Read more on IT for government and public sector
Hackney Council could be forced to answer questions about IT security training after Psya ransomware
Ministry of Justice in the dock for catalogue of serious data breaches
Publicly accessible biometric database highlights key failings
Is encryption one of the required HIPAA implementation specifications?