Sutton Council has pledged to tighten up on data security after it lost a file containing the personal data of 73 social care users and had an unencrypted laptop stolen containing unencrypted data on 39 care users.
The London borough signed an agreement to improve its security measures after the Information Commissioner’s Office ruled that it had breached the Data Protection Act.
The council also had a second unencrypted laptop stolen containing information on nine children being taught by a teacher employed by the council. A package of documents also went missing when a courier used by the council left it with the recipient’s neighbour.
Under the voluntary agreement the council has promised to ensure that portable and mobile devices used to store personal data, including laptops, are password protected.
It will also bolster its anti-theft measures, while staff will receive training on the council’s policy for storing and using personal information.
Sutton Council chief executive Paul Martin said: “We take this very seriously and have agreed to comply with the recommendations of the information commissioner. We have started a programme of training to ensure that all of our staff who have access to personal data are fully aware of the importance of keeping it safe.
“We will do everything possible to prevent incidents of this sort in the future. However, it should be noted that in this case there is no evidence of the information being used by people it was not intended for.”
Sally-anne Poole, ICO head of enforcement and investigations, said: “I urge all organisations to implement the appropriate safeguards to ensure personal details are stored and processed securely.”
Similar incidents have occurred in other councils in recent months. In July, Neath Port Talbot Council signed an undertaking with the ICO after losing a memory stick containing the details of 65 children, and in June Manchester Council was reprimanded when the personal details of 1,754 school-based staff went missing when two laptops were stolen.
Leicester Council signed an agreement with the ICO in May after losing a memory stick with details of children at a council-run nursery in May.
ContactPoint: Call to scrap database for children after second delay
Information sharing: does new IS system go too far?
Professionals should consult agencies when dealing with requests