Cambridgeshire County Council has breached the Data Protection Act after a memory stick containing sensitive data relating to vulnerable adults went missing.
The Information Commissioner's Office (ICO) was told about the loss in November 2010, when an employee lost an unencrypted memory stick containing personal data of six individuals.
The unencrypted stick had not been approved to store the information that was downloaded onto it.
Furthermore, the breach happened just after the council had carried out an internal campaign to promote its encryption policy.
Data included case notes and minutes of meetings related to the individuals' support.
"While Cambridgeshire County Council clearly recognise the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check their data protection policies are continually followed and fully understood by staff," said Sally Anne Poole, enforcement group manager at the ICO.
"We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed."
The council has escaped a fine, but has pledged to use adequate encryption on portable devices and regularly monitor data protection and IT security policies.
A Cambridgeshire County Council spokesperson apologised for the data loss and confirmed the affected parties had been informed.
"The loss of the memory stick was immediately reported by the member of staff involved, who following a full investigation has been disciplined and given advice on their future professional conduct," the spokesperson said.
Chris McIntosh, chief executive (CEO) of Stonewood, said the council had failed with employee education.
"An organisation can have the best security technology and protocols in the world, but without an educated workforce they're worthless," he said.
"There will always be a chance of human error in IT security; the job of the organisation is to make sure that its employees are educated on these risks and that policies are enforced."
Earlier this week, the ICO rapped the Identity and Passport Service for losing customer data.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
‘Hugely significant’: Experts welcome UK government plans to back down in Apple encryption battle – but it’s not quite over yetNews Tulsi Gabbard, US director of national intelligence, has confirmed the UK plans to back down on plans that would see Apple forced to create a "back door" for authorities.
-
‘A huge national security risk’: Thousands of government laptops, tablets, and phones are missing and nowhere to be foundNews A freedom of information disclosure shows more than 2,000 government-issued phones, tablets, and laptops have been lost or stolen, prompting huge cybersecurity concerns.
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
-
The UK cybersecurity sector is worth over £13 billion, but experts say there’s huge untapped potential if it can overcome these hurdlesAnalysis A new report released by the DSIT revealed the UK’s cybersecurity sector generated £13.2 billion over the last year
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
