The UK's data protection watchdog - the Information Commissioner's Office (ICO) - has taken action against Stoke-on-Trent City Council after the authority lost a USB stick containing sensitive information on 40 children in care.
A member of the public discovered the memory stick, which was unencrypted and not password protected, before returning it to the council.
The data included court reports and details of care proceedings.
Having breached the Data Protection Act, the local authority has been told to implement steps to ensure personal data stored by the body is adequately secured.
The council has agreed to encrypt portable and mobile devices used to store and transmit personal data, while staff education will be ramped up.
"When handling sensitive personal information, particularly information relating to the care of vulnerable children, it is important that authorities ensure the necessary measures are in place to protect this information," said Sally-Anne Poole, Enforcement Group Manager at the ICO.
Yet again, the ICO has not given out a fine for the breach.
"This incident occurred before 6 April so the powers now available to the information commissioner to issue penalties of up to 500,000 for serious breaches of the Data Protection Act, could not be considered," said Poole.
One of the central reasons why Google was not issued with a fine after the Street View Wi-Fi scandal was because the data was collected before the ICO's extra powers came into force.
An ICO spokesperson told IT PRO the council could "potentially" have been hit with a fine if the breach occurred after the penalty powers were granted.
The spokesperson also confirmed a fine would be handed to an as yet unnamed body or individual "in the near future," after information commissioner Christopher Graham indicated a penalty would be handed out before the end of the month.
