The Cambridgeshire County Council has confessed to losing an unencrypted memory stick that contained sensitive information on six vulnerable adults.
After the breach, which happened in November last year, the council duly notified the Information Commissioner's Office. The incident occurred after an employee lost an unencrypted and unapproved USB stick which contained case notes and minutes of meetings.
The said employee had no choice but to load the information onto an unencrypted USB after having problems in using one of the council's encrypted USB sticks.
The council said in a statement that the employee had immediately reported the loss and was disciplined after an internal investigation. The council has also signed an undertaking to make sure that all the devices have encryption to ensure data protection.
Sally Anne Poole, enforcement group manager at the ICO, said in a statement, “We are pleased that Cambridgeshire has taken action to improve its existing security measures and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed.”