Data security breaches lead to ICO action

A raft of organisations across both the public and private sector have been required by the Information Commissioner’s Office to sign up to higher standards of data protection and security in the last month.

Parcel service UPS has signed an undertaking to assure the ICO that personal information will be kept safely following the loss of an unencrypted, password-protected laptop in October 2008. The device was stolen from an employee and not recovered. It contained payroll data on 9,150 UK-based employees, including names, addresses, dates of birth, national insurance numbers, salary and bank details. Precautionary measures have been put in place for all affected staff.

Mick Gorrill, Assistant Information Commissioner, says: “Password-protected laptops are not secure. I urge all organisations to restrict the amount of personal information that is taken off secure sites. I am pleased that UPS has encrypted its laptops and smartphones and I urge other organisations to follow suit.”

Similar undertakings have had to be made by three local authorities. Sandwell Metropolitan Borough Council lost data on children in its care via an unencrypted, non password-protected memory stick. London Borough of Suttom suffered several data losses, including a paper file about individuals receiving social care, two thefts of unencrypted laptops and a mis-delivered package of documents.

Wigan Council saw a laptop stolen holding personal information on 43,000 children in its schools. East Cheshire NHS Trust has also had to sign an undertaking after pages from an Accident and Emergency register were found in a garden following an office move when documents were left in an open skip.


    Leave a comment