Public bodies in data loss fiasco

Racing post office bare all for ICOThe public sector’s reputation for handling personal data has once again been dragged through the mud after two separate incidences of organisations losing highly sensitive information in their care.
Both Cambridgeshire County Council and The Identity & Passport Service (IPS) have been found in breach of the Data Protection Act after being investigated by the Information Commissioner’s Office, yet while they have been forced to sign undertakings, neither has had to pay a financial penalty.
Cambridgeshire County Council informed the ICO in November 2010 that an employee had recently lost an unencrypted memory stick containing personal data relating to a minimum of six vulnerable adults. The information included case notes and minutes of meetings relating to the individuals’ support and was saved on an unapproved memory stick. The device was used to store the information after the member of staff encountered problems using an encrypted memory stick that the council had previously provided free of charge.
Sally Anne-Poole, enforcement group manager at the ICO, said: “While Cambridgeshire County Council clearly recognises the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check their data protection policies are continually followed and fully understood by staff.”
Meanwhile the Identity & Passport Service lost the passport renewal applications of 21 individuals in May 2010. at the passport office that was responsible for processing the applications.
The missing details included the personal data of both the applicants and their counter-signatories. All of the individuals affected were informed and offered new passports and no complaints have been received. IPS is unaware of any damage having been caused as a result of the loss.

Related stories:
ICO fines send warning to brands
Brands ‘not trusted to hold data’

Print Friendly