North East Lincolnshire Council hit with £80K ICO fine

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

The Information Commissioner’s Office (ICO) has meted out an £80,000 fine to the North East Lincolnshire Council, two years after a teacher lost a memory stick containing the details of almost 300 children with special educational needs.

According to the ICO’s investigation, it was unclear whether the teacher had received the required data protection training prior to the incident. Worse still, the data on the memory stick wasn’t even encrypted - despite the Council introducing a policy that required employees to encrypt all portable device back in April 2011.

According to the Council, meanwhile, the stick went missing on 1 July 2011 after it was left plugged into a laptop at its offices. When the laptop was left unattended, the stick went missing and has never been recovered.

It contained a huge amount of information about the 286 children attending local schools that could hardly have been more sensitive: details of their mental and physical health problems; their special teaching requirements; their dates of birth; and, in some cases, home addresses and details about their home life, financial circumstances and family relationships.

ICO head of enforcement Stephen Eckersley said in an official statement that the case once again has highlighted the importance of basic data protection measures including encryption

“Organisations must recognise that sensitive personal data stored on laptops, memory sticks and other portable devices must be encrypted. North East Lincolnshire Council failed to do this by delaying the introduction of a policy on encryption for two years and then failing to make sure that staff were following that policy once it was finally implemented.”

“This breach should act as a warning to all organisations that their data protection policies must work in practice, otherwise they are meaningless and fail to ensure people’s information is being looked after correctly.”

Yesterday, North East Lincolnshire Council chief executive Tony Hunter issued the following statement in response to the fine: “This data loss should not have happened and we took immediate steps to try to ensure it does not happen again.” Since the incident, he continues, the Council has made “major improvements” to its policies, training and procedures.” It has also set up a Helpline (0800 183 0386) to enable anyone who feels they may have been affected to set up an appointment to discuss their concerns.

Over the past two years, the ICO has published extensive guidelines on data protection in schools, including advice on encryption, photography, CCTV recording, information sharing and correct disposal of digital equipment.

Topics