The British Council has been told to clean up its act by the Information Commissioner's Office (ICO), after losing a disc containing a trade union membership list.
The disc was lost in January by a courier and originally said to contain bank and insurance details. The ICO revealed it actually contained personal data on 2,000 trade union members in addition to bank details.
While the British Council claimed at the time of the breach that the disc was secure and required special equipment to access, the ICO noted that the disc was in fact unencrypted.
The ICO has requested that the British Council sign an agreement to improve its security measures, including immediately encrypting all portable data storage devices.
Mick Gorrill, assistant Information Commissioner, said in a statement: "The British Council proactively reported the breach to the ICO and took immediate remedial action which demonstrates its understanding of the seriousness of this data loss."
A British Council spokesperson told IT PRO that it always aims to meet or exceed the data protection act. "The British Council is committed to implementing the requirements of the UK Government's Data Handling Review."
Click here to read some of the lessons the British Council should have learned from previous public data breaches.
-
LaunchDarkly to "double down" on observability with Highlight acquisitionNews Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
-
Samsung Galaxy Tab S10 FE reviewReviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
