A council has been fined £80,000 for losing an unencrypted memory stick storing details of 286 children with special educational needs.
An internal report by North East Lincolnshire council found the children would suffer ill-health following the loss of the memory stick, which has been missing since July 2011. The stick contained personal details, such as mental and physical health problems, home addresses and teaching requirements.
It went missing after a special educational needs teacher left it stuck in a laptop and returned to find it gone. It has never been recovered.
The Information Commissioner’s Office (ICO) found the authority had delayed introducing a policy on encryption for two years, and had then failed to make sure that all memory sticks currently in use by staff were encrypted.
ICO head of enforcement Stephen Eckersley said the breach should “act as a warning to all organisations that their data protection policies must work in practice, otherwise they are meaningless”.
The ICO’s group manager for technology, Simon Rice, has published a blog explaining the importance of encryption and the options for organisations that need to encrypt their data.