Security Technology News - July 2010
Councils Breach Data Protection Act
Posted by Security Technology News's UK Correspondent on 09/07/2010 - 15:20:00
Three UK councils have breached the Data Protection Act after losing the personal details of thousands of children.
The Information Commissioner's Office (ICO) said the London Borough of Barnet, West Sussex County Council and Buckinghamshire County Council had shown a "poor regard" for protecting confidential information.
Sally-Anne Poole, enforcement group manager at the ICO, said the cases highlighted a lack of awareness about data security and poor training standards. She said: "It is essential that councils ensure the correct preventative safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children. A lack of awareness and training in data protection requirements can lead to personal information falling into the wrong hands."
Councils Data Breaches
The ICO detailed the data lost by the councils. Barnet lost information about more than 9,000 children after unencrypted CDs and a memory stick were stolen from the home of a member of staff who had downloaded the data without permission. The employee had received no training about data handling and no procedures were in place that would have prevented an unauthorised download taking place, according to the ICO.
West Sussex lost information about an unknown number of children and families after an unencrypted laptop was stolen from the home of a member of staff. Here again, the employee concerned had not received proper data protection or IT security training. The ICO said 2,300 unencrypted laptops were thought to be in use by the council. Lastly, a Buckinghamshire social work employee lost personal data, contained in a plastic wallet, about two children at Heathrow airport.
Council Data Losses
These are just the latest cases of the ICO investigating data losses at councils. West Berkshire Council was last month found in breach of the Data Protection Act after losing USB memory sticks containing the information of disabled children and young people. Highland Council, St Alban's City and District Council, Wigan Council and Warwickshire Council have all this year found themselves being investigated by the ICO.
The ICO said the three latest incidents are particularly concerning because they involved the details of children, and because there was a lack of training in data protection that led to two of the incidents occurring. The ICO has requested the three councils sign a formal undertaking that they will make their staff aware about data protection and policy on data storage and use. Barnet and West Sussex are to give their staff training on data protection and IT security, while Barnet - which had received a warning about data policy before, faces an audit before next April.
Companies providing Data Security
Companies providing IT Security
Recently Added News
Two men apparently guilty of hacking into classified US Army and Microsoft computer systems are now in the US FBI's hands
Engineers in Britain have developed a robotic mannequin destined to help advance the next generation of chemical weapons-resistant military clothing
New tightened-up arms control measures have now been ratified by 31 UN member states, paving the way for them to take force later on in 2014
The US Transport Security Administration (TSA) has proposed 14 ways to make US airports more secure in the wake of 2013's officer shooting incident