Manchester City Council broke the Data Protection Act when it failed to encrypt laptop computers containing data on nearly two thousand workers. The local authority has promised to ensure all mobile computers are encrypted.
Two laptops were stolen from Manchester's Town Hall. The machines were unencrypted and carried the personal details of 1,754 school workers, privacy regulator the Information Commissioner's Office (ICO) has said.
Sir Howard Bernstein, the Council's chief executive, has signed a formal undertaking promising to make sure that all computing devices are fixed to desks, kept under lock and key or have the data on them encrypted. It will also change the machines it allows to carry personal data.
"The council should handle all personal information, including employment details, in compliance with the Data Protection Act," said Sally-Anne Poole, the ICO's head of enforcement and investigations. "Organisations must implement appropriate safeguards to ensure personal details are handled securely and do not fall into the wrong hands."
“The Data Protection Act clearly states that organisations must take appropriate measures to ensure that personal information is kept secure," said Poole. "Manchester City Council recognises the seriousness of this data loss and has agreed to take immediate action. It has also agreed to implement an improved training programme, including regular refresher training for all staff."
The ICO said that it would take enforcement action against the Council if it breaks the conditions of its undertaking. It said that the breach is the latest of 60 local authority Data Protection Act breaches reported to it.
“We urge all councils and their executive teams to take responsibility for treating data protection as a corporate governance issue affecting the entire organisation. They have to make sure that safeguarding the personal information of their staff is embedded in their organisational culture."