Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Cambridgeshire County Council has breached the Data Protection Act after a memory stick containing sensitive data relating to vulnerable adults went missing.
The Information Commissioner’s Office was told about the loss last November when an employee of the British local government authority lost an unencrypted memory stick containing personal data of six individuals.
The unencrypted stick had not been approved to store the information that was downloaded onto it.
Furthermore, the breach happened just after the council had carried out an internal campaign to promote its encryption policy.
Data included case notes and minutes of meetings related to the individuals’ support.
“While Cambridgeshire County Council clearly recognise the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check their data protection policies are continually followed and fully understood by staff,” said Sally Anne Poole, enforcement group manager at the ICO.
“We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed.”
The council has escaped a fine, but has pledged to use adequate encryption on portable devices and regularly monitor data protection and IT security policies.
A Cambridgeshire County Council spokesperson apologised for the data loss and confirmed the affected parties had been informed.
"The loss of the memory stick was immediately reported by the member of staff involved, who following a full investigation has been disciplined and given advice on their future professional conduct," the spokesperson said.
Chris McIntosh, chief executive officerof Stonewood, said the council had failed with employee education.
“An organisation can have the best security technology and protocols in the world, but without an educated workforce they’re worthless,” he said.
“There will always be a chance of human error in IT security; the job of the organisation is to make sure that its employees are educated on these risks and that policies are enforced.”
Earlier this week, the commissioner rapped the Identity and Passport Service for losing customer data.
This article originally appeared at itpro.co.uk
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.