A teachers union has been slapped on the wrist by the Information Commissioner's Office after it lost a laptop and memory stick holding data on over 6,000 of its members.
The devices held "sensitive personal data" - though none of it was financial - on 6,282 of the The Association of Teachers and Lecturers (ATL) union's members.
ATL has been ordered by the ICO to encrypt all its portable devices after the unencrypted laptop and stick went missing from the car of one of its staff members.
Aside from being forced to encrypt such devices, the ATL must also review its data policies, ban users from storing personal data on memory sticks, and better educate staff.
Sally Anne-Poole, head of enforcement at the ICO, said: "I encourage organisations to prevent staff from downloading large amounts of personal data."
"It is vital that portable devices, including laptops and memory sticks are encrypted if they are used to store personal information," she added in a statement. "Staff members should not be allowed to keep people's personal details, especially sensitive personal information, on their own memory sticks."
The ICO has pushed for the ability to fine organisations up to 500,000 for data breaches, but at the moment tends to just require data storage changes to prevent losses from reoccurring.
-
Data storage is dead, long live data managementAnalysis Pure Storage's flagship announcement at its annual conference was the Enterprise Data Cloud, but what makes it a "paradigm shifting" new approach to data storage and management?
-
Sneaky cyber espionage network exploits IoT devices and home office routersNews Researchers at SecurityScorecard have issued a warning about a new China-linked threat campaign, dubbed 'LapDogs', targeting IoT devices and home routers.
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
-
Cyber attacks have rocked UK retailers – here's how you can stay safeNews Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
