A teachers union has been slapped on the wrist by the Information Commissioner's Office after it lost a laptop and memory stick holding data on over 6,000 of its members.
The devices held "sensitive personal data" - though none of it was financial - on 6,282 of the The Association of Teachers and Lecturers (ATL) union's members.
ATL has been ordered by the ICO to encrypt all its portable devices after the unencrypted laptop and stick went missing from the car of one of its staff members.
Aside from being forced to encrypt such devices, the ATL must also review its data policies, ban users from storing personal data on memory sticks, and better educate staff.
Sally Anne-Poole, head of enforcement at the ICO, said: "I encourage organisations to prevent staff from downloading large amounts of personal data."
"It is vital that portable devices, including laptops and memory sticks are encrypted if they are used to store personal information," she added in a statement. "Staff members should not be allowed to keep people's personal details, especially sensitive personal information, on their own memory sticks."
The ICO has pushed for the ability to fine organisations up to 500,000 for data breaches, but at the moment tends to just require data storage changes to prevent losses from reoccurring.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
-
Cyber attacks have rocked UK retailers – here's how you can stay safeNews Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
