ICO Lambasts British Council After Data Loss

The Information Commissioner’s Office (ICO) now seems to be taking a tougher line on mishandling of data, with the watchdog initiating an enforcement action against the British Council after the latter lost a CD containing trade union membership list.

The disc was misplaced in January by the courier company TNT and originally claimed to have bank and insurance info; moreover, when the data loss was first announced the disc was said to be encrypted.

However, the ICO revealed that the disc was actually unencrypted and it held personal data of 2,000 trade union members along with the bank details.

In its response, the ICO has necessitated British Council to pen a formal agreement to improve its data handling measures, involving immediate encryption of all the mobile and handheld devices that are used to store personal information.

The agreement has been penned on behalf of the British Council by the chief exec Martin Davidson.

Commenting upon the action taken by the ICO, Mick Gorrill, assistant Information Commissioner said in a statement, “The British Council proactively reported the breach to the ICO and took immediate remedial action which demonstrates its understanding of the seriousness of this data loss”.

Gorrill further notified that the organisation agrees to make sure that its policies on storing and sharing personal data on portable devices are compliant with government standards.

You can follow ITProPortal.com on Twitter @itproportal.

Our Comments

The British Council should have known better. It either illustrates a disregard for data protection laws or an example of corporate mismanagement. None of which should be permissible in today's current economic climate. There's a chance that the data is misused, resold or used in identity fraud cases, which could have some very damaging effect on the lives of the 2,000 or so people whose data have been lost.

Related Links

ICO rules against British Council

(The Register)

British Council found in breach of Data Protection Act

(Computer Weekly)

Action taken against British Council

(Public Service)

British Council data breach slammed

(Web User)

ICO tells British Council to encrypt after data breach

(IT Pro)

ICO punishes British Council for data loss

(PC Advisor)