Council fined after losing personal details of specials needs children

A COUNCIL has been fined £80,000 after a teacher lost a memory stick which contained sensitive information about hundreds of children with special educational needs.
By The Newsroom
Published 29th Oct 2013, 14:57 BST
ll
l

North East Lincolnshire Council was fined by the Information Commissioner’s Office (ICO) for the serious data breach.

The device contained personal information about 286 children who attended local schools - including details about mental and physical health problems along with dates of birth and in some cases home addresses.

Hide Ad
Hide Ad

This information was stored on an unencrypted memory stick which has been missing since the 1 July 2011 when the device was left in a laptop at the council’s offices by a special educational needs teacher. When the teacher returned to the laptop the memory stick was gone and it has never been recovered.

North East Lincolnshire Council’s chief executive Tony Hunter has apologised to those affected by the incident and said measures have been put in place to prevent it happening again.

The ICO warned that organisations handling personal sensitive data on laptops and memory sticks must ensure that these devices are encrypted.

The ICO investigation considered an internal report carried out by the council into the incident, which confirmed that the individuals affected would suffer ill-health because of the loss of the information.

Hide Ad
Hide Ad

While the council had introduced a policy of encrypting portable devices in April 2011, it failed to make sure all of the memory sticks currently being used by staff were encrypted. The council was also unable to confirm if the teacher had received data protection training at the time of the loss.

ICO head of enforcement, Stephen Eckersley, said: “Organisations must recognise that sensitive personal data stored on laptops, memory sticks and other portable devices must be encrypted. North East Lincolnshire Council failed to do this by delaying the introduction of a policy on encryption for two years and then failing to make sure that staff were following the policy once it was finally implemented.

“This breach should act as a warning to all organisations that their data protection policies must work in practice, otherwise they are meaningless and fail to ensure people’s information is being looked after correctly.”

Mr Hunter said: “This data loss should not have happened and we took immediate steps to try to ensure it does not happen again. It is important to note that since the data loss, we have made major improvements to our policies, training and procedures to prevent another incident like this happening again.

Hide Ad
Hide Ad

“The council co-operated fully with the Information Commissioner’s Office, informing them voluntarily of the loss of the memory stick and providing them with any required information on the issue as soon as it was asked for.

“The ICO acknowledges there is no evidence that any individual or family have been targeted as a result of the incident, that the council immediately informed it of the loss and that we have carried out significant remedial action.

“We have set up a helpline (0800 183 0386) to enable anyone who feels they may have been affected to contact us to fix up an appointment to discuss any issues involved.”

The ICO’s group manager for technology, Simon Rice, has published a blog explaining the importance of encryption and the options available to organisations that need to encrypt their data.

The ICO has also published advice explaining the key issues they need to be aware of when processing people’s information.

Related topics:Council