Both Cambridgeshire County Council and The Identity & Passport Service (IPS) have been found in breach of the Data Protection Act after being investigated by the Information Commissioner’s Office, yet while they have been forced to sign undertakings, neither has had to pay a financial penalty.
Cambridgeshire County Council informed the ICO in November 2010 that an employee had recently lost an unencrypted memory stick containing personal data relating to a minimum of six vulnerable adults. The information included case notes and minutes of meetings relating to the individuals’ support and was saved on an unapproved memory stick. The device was used to store the information after the member of staff encountered problems using an encrypted memory stick that the council had previously provided free of charge.
Sally Anne-Poole, enforcement group manager at the ICO, said: “While Cambridgeshire County Council clearly recognises the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check their data protection policies are continually followed and fully understood by staff.”
Meanwhile the Identity & Passport Service lost the passport renewal applications of 21 individuals in May 2010. at the passport office that was responsible for processing the applications.
The missing details included the personal data of both the applicants and their counter-signatories. All of the individuals affected were informed and offered new passports and no complaints have been received. IPS is unaware of any damage having been caused as a result of the loss.
To leave a comment please register – it takes less than a minute and is free of charge. You will also get our weekly email update The DM Report (to opt out contact firstname.lastname@example.org). If you are an existing user, please log in. If you have forgotten your log-in details please email email@example.com to get them reset!